### mist_org_network Resource Example
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/resources/org_network.md
Example of how to configure a mist_org_network resource.
```APIDOC
## mist_org_network (Resource)
### Description
This resource manages the WAN Assurance Networks. The Networks are used in the `service_policies` from the Gateway configuration, Gateway templates or HUB Profiles.
### Schema
#### Required
- `name` (String)
- `org_id` (String)
- `subnet` (String)
#### Optional
- `disallow_mist_services` (Boolean) Whether to disallow Mist Devices in the network
- `gateway` (String)
- `gateway6` (String)
- `internal_access` (Attributes) (see [below for nested schema](#nestedatt--internal_access))
- `internet_access` (Attributes) Whether this network has direct internet access (see [below for nested schema](#nestedatt--internet_access))
- `isolation` (Boolean) Whether to allow clients in the network to talk to each other
- `multicast` (Attributes) Whether to enable multicast support (only PIM-sparse mode is supported) (see [below for nested schema](#nestedatt--multicast))
- `routed_for_networks` (List of String) For a Network (usually LAN), it can be routable to other networks (e.g. OSPF)
- `subnet6` (String)
- `tenants` (Attributes Map) Property key must be the user/tenant name (i.e. "printer-1") or a Variable (i.e. "{{myvar}}") (see [below for nested schema](#nestedatt--tenants))
- `vlan_id` (String)
- `vpn_access` (Attributes Map) Property key is the VPN name. Whether this network can be accessed from vpn (see [below for nested schema](#nestedatt--vpn_access))
### Read-Only
- `id` (String) Unique ID of the object instance in the Mist Organization
### Nested Schema for `internal_access`
Optional:
- `enabled` (Boolean)
### Nested Schema for `internet_access`
Optional:
- `create_simple_service_policy` (Boolean)
- `destination_nat` (Attributes Map) Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internal_ip` or `port` must be defined (see [below for nested schema](#nestedatt--internet_access--destination_nat))
- `enabled` (Boolean)
- `restricted` (Boolean) By default, all access is allowed, to only allow certain traffic, make `restricted`=`true` and define service_policies
- `static_nat` (Attributes Map) Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}") (see [below for nested schema](#nestedatt--internet_access--static_nat))
### Nested Schema for `internet_access.destination_nat`
Optional:
- `internal_ip` (String) The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}")
- `name` (String)
- `port` (String) The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}")
- `wan_name` (String) SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity
### Nested Schema for `internet_access.static_nat`
Required:
- `internal_ip` (String) The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}")
- `name` (String)
Optional:
- `wan_name` (String) SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}")
### Nested Schema for `multicast`
Optional:
- `disable_igmp` (Boolean) If the network will only be the source of the multicast traffic, IGMP can be disabled
- `enabled` (Boolean)
- `groups` (Attributes Map) Group address to RP (rendezvous point) mapping. Property Key is the CIDR (example "225.1.0.3/32") (see [below for nested schema](#nestedatt--multicast--groups))
### Nested Schema for `multicast.groups`
Optional:
- `rp_ip` (String) RP (rendezvous point) IP Address
### Nested Schema for `tenants`
Optional:
- `addresses` (List of String)
```
--------------------------------
### Build and Install Local Provider
Source: https://github.com/juniper/terraform-provider-mist/blob/main/DEV_TESTING_GUIDE.md
Compile the provider and install the binary to your Go bin directory. This command should be run from the provider repository root.
```bash
# Build and install to $GOPATH/bin
go install .
```
--------------------------------
### mist_org_wxrule Resource Example
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/resources/org_wxrule.md
Example of how to configure an Org WxRule resource using Terraform.
```APIDOC
## mist_org_wxrule (Resource)
### Description
This resource manages the Org WxRules (WxLAN policies).
A WxLAN policy is a set of rules and settings that can be applied to devices in a network to determine how they are treated. it provides support for access policies, network segmentation, role-based policies, micro-segmentation, and least privilege.
WxLAN policies are used to allow or deny specific users from accessing specific resources in a wireless network.
### Schema
#### Required
- `action` (String) type of action, allow / block. enum: `allow`, `block`
- `order` (Number) Order how rules would be looked up, > 0 and bigger order got matched first, -1 means LAST, uniqueness not checked
- `org_id` (String)
- `template_id` (String) Only for Org Level WxRule
#### Optional
- `apply_tags` (List of String)
- `blocked_apps` (List of String) Blocked apps (always blocking, ignoring action), the key of Get Application List
- `dst_allow_wxtags` (List of String) List of WxTag UUID to indicate these tags are allowed access
- `dst_deny_wxtags` (List of String) List of WxTag UUID to indicate these tags are blocked access
- `dst_wxtags` (List of String) List of WxTag UUID
- `enabled` (Boolean)
- `src_wxtags` (List of String) List of WxTag UUID to determine if this rule would match
#### Read-Only
- `id` (String) Unique ID of the object instance in the Mist Organization
### Import
Using `terraform import`, import `mist_org_wxrule` with:
```shell
# Org WxRule can be imported by specifying the org_id and the wxrule_id
terraform import mist_org_wxrule.wxrule_one 17b46405-3a6d-4715-8bb4-6bb6d06f316a.d3c42998-9012-4859-9743-6b9bee475309
```
```
--------------------------------
### mist_device_image Resource Example
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/resources/device_image.md
Example of how to use the mist_device_image resource to upload a device picture.
```APIDOC
## mist_device_image (Resource)
### Description
This resource is used to upload a Device picture.
This resource can be used to add a picture to a Wireless Access point, a Switch or a Gateway. A Maximum of 3 pictures can be uploaded.
!> There is no validation on the Image currently uploaded to the Mist Cloud. Defining the same image twice (e.g. `image = 1`) for the same device will override the first image any warning or error.
### Schema
#### Required
- `device_id` (String)
- `file` (String) path to the device image file to upload. File must be a `jpeg`, `jpg` or `png` image`
- `image_number` (Number) number of the image, between 1 and 3
- `site_id` (String)
### Example Usage
```terraform
resource "mist_device_image" "device_image_one" {
device_id = provider::mist::search_inventory_by_claimcode(resource.mist_org_inventory.inventory, "CPKL2EXXXXXXXXX").id
site_id = provider::mist::search_inventory_by_claimcode(resource.mist_org_inventory.inventory, "CPKL2EXXXXXXXXX").site_id
file = "/Users/johndoe/Documents/image.jpg"
image_number = 1
}
```
```
--------------------------------
### mist_org_wxtag Resource Example
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/resources/org_wxtag.md
Example usage of the mist_org_wxtag resource to create a WxTag.
```APIDOC
## mist_org_wxtag (Resource)
### Description
This resource manages the Org WxLan tags (labels).
A WxTag is a label or tag used in the mist system to classify and categorize applications, users, and resources for the purpose of creating policies and making network management decisions. They can be used
* within the Org WxRules to create filtering rules:
* `mist_org_wxrule.dst_allow_wxtags`
* `mist_org_wxrule.dst_deny_wxtags`
* `mist_org_wxrule.dst_wxtags`
* `mist_org_wxrule.src_wxtags`
* within the Org WxRules to assign specific VLAN:
* `mist_org_wxrule.apply_tags`
* in the WLANs configuration to assign a WLAN to specific APs:
* `mist_org_wlan.wxtag_ids`
* to identify unknown application used by Wi-Fi clients
### Schema
#### Required
- `name` (String) The name
- `org_id` (String)
- `type` (String) enum: `client`, `match`, `resource`, `spec`, `subnet`, `vlan`
#### Optional
- `mac` (String) If `type`==`client`, Client MAC Address
- `match` (String) required if `type`==`match`. enum: `ap_id`, `app`, `asset_mac`, `client_mac`, `hostname`, `ip_range_subnet`, `port`, `psk_name`, `psk_role`, `radius_attr`, `radius_class`, `radius_group`, `radius_username`, `sdkclient_uuid`, `wlan_id`
- `op` (String) required if `type`==`match`, type of tag (inclusive/exclusive). enum: `in`, `not_in`
- `specs` (Attributes List) If `type`==`spec` (see [below for nested schema](#nestedatt--specs))
- `values` (List of String) Required if `type`==`match` and
* `match`==`ap_id`: list of AP IDs
* `match`==`app`: list of Application Names
* `match`==`asset_mac`: list of Asset MAC Addresses
* `match`==`client_mac`: list of Client MAC Addresses
* `match`==`hostname`: list of Resources Hostnames
* `match`==`ip_range_subnet`: list of IP Addresses and/or CIDRs
* `match`==`psk_name`: list of PSK Names
* `match`==`psk_role`: list of PSK Roles
* `match`==`port`: list of Ports or Port Ranges
* `match`==`radius_attr`: list of RADIUS Attributes. The values are [ "6=1", "26=10.2.3.4" ], this support other RADIUS attributes where we know the type
* `match`==`radius_class`: list of RADIUS Classes. This matches the ATTR-Class(25)
* `match`==`radius_group`: list of RADIUS Groups. This is a smart tag that matches RADIUS-Filter-ID, Airespace-ACL-Name (VendorID=14179, VendorType=6) / Aruba-User-Role (VendorID=14823, VendorType=1)
* `match`==`radius_username`: list of RADIUS Usernames. This matches the ATTR-User-Name(1)
* `match`==`sdkclient_uuid`: list of SDK UUIDs
* `match`==`wlan_id`: list of WLAN IDs
**Notes**:
Variables are not allowed
- `vlan_id` (String)
### Read-Only
- `id` (String) Unique ID of the object instance in the Mist Organization
### Nested Schema for `specs`
Optional:
- `port_range` (String) Matched destination port, "0" means any
- `protocol` (String) tcp / udp / icmp / gre / any / ":protocol_number", `protocol_number` is between 1-254
- `subnets` (List of String) Matched destination subnets and/or IP Addresses
## Import
Using `terraform import`, import `mist_org_wxtag` with:
```shell
# Org WxTag can be imported by specifying the org_id and the wxtag_id
terraform import mist_org_wxtag.wxtag_one 17b46405-3a6d-4715-8bb4-6bb6d06f316a.d3c42998-9012-4859-9743-6b9bee475309
```
```
--------------------------------
### mist_org_service Resource Example
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/resources/org_service.md
Example of how to define a custom WAN Assurance Service with specific IP addresses and TCP/port specifications.
```APIDOC
## mist_org_service Resource
### Description
This resource manages WAN Assurance Services (Applications).
A Service is used to define a Custom Application that can be used in the `service_policies`. These Services can be referenced by their name in
* the Service Policies (`mist_org_servicepolicy.services`)
* the Gateway configuration (`mist_device_gateway.service_policies.services`)
* the Gateway Templates (`mist_org_gatewaytemplate.service_policies.services`)
* the HUB Profiles (`mist_org_deviceprofile_gateway.service_policies.services`)
### Schema
#### Required
- `name` (String)
- `org_id` (String)
#### Optional
- `addresses` (List of String) If `type`==`custom`, IPv4 and/or IPv6 subnets (e.g. 10.0.0.0/8, fd28::/128)
- `app_categories` (List of String) When `type`==`app_categories`, list of application categories are available through [List App Category Definitions]($e/Constants%20Definitions/listAppCategoryDefinitions)
- `app_subcategories` (List of String) When `type`==`app_categories`, list of application categories are available through [List App Sub Category Definitions]($e/Constants%20Definitions/listAppSubCategoryDefinitions)
- `apps` (List of String) When `type`==`apps`, list of applications are available through:
* [List Applications]($e/Constants%20Definitions/listApplications)
* [List Gateway Applications]($e/Constants%20Definitions/listGatewayApplications)
* /insight/top_app_by-bytes?wired=true
- `client_limit_down` (Number) 0 means unlimited, value from 0 to 107374182
- `client_limit_up` (Number) 0 means unlimited, value from 0 to 107374182
- `description` (String)
- `dscp` (String)
- `failover_policy` (String) enum: `non_revertible`, `none`, `revertible`
- `hostnames` (List of String) If `type`==`custom`, web filtering
- `max_jitter` (String)
- `max_latency` (String)
- `max_loss` (String)
- `service_limit_down` (Number) 0 means unlimited, value from 0 to 107374182
- `service_limit_up` (Number) 0 means unlimited, value from 0 to 107374182
- `sle_enabled` (Boolean) Whether to enable measure SLE
- `specs` (Attributes List) When `type`==`custom`, optional, if it doesn't exist, http and https is assumed (see [below for nested schema](#nestedatt--specs))
- `ssr_relaxed_tcp_state_enforcement` (Boolean)
- `traffic_class` (String) when `traffic_type`==`custom`. enum: `best_effort`, `high`, `low`, `medium`
- `traffic_type` (String) values from [List Traffic Types]($e/Constants%20Definitions/listTrafficTypes)
- `type` (String) enum: `app_categories`, `apps`, `custom`, `urls`
- `urls` (List of String) When `type`==`urls`, no need for spec as URL can encode the ports being used
### Read-Only
- `id` (String) Unique ID of the object instance in the Mist Organization
### Nested Schema for `specs`
Optional:
- `port_range` (String) Port number, port range, or variable
- `protocol` (String) `https`/ `tcp` / `udp` / `icmp` / `gre` / `any` / `:protocol_number`, `protocol_number` is between 1-254
## Import
Using `terraform import`, import `mist_org_service` with:
```shell
# Org Service can be imported by specifying the org_id and the service_id
terraform import mist_org_service.service_one 17b46405-3a6d-4715-8bb4-6bb6d06f316a.d3c42998-9012-4859-9743-6b9bee475309
```
```
--------------------------------
### Create a Site WxRule
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/resources/site_wxrule.md
Example of creating a site WxRule resource. Ensure the site_id and relevant WxTag IDs are correctly specified.
```terraform
resource "mist_site_wxrule" "wxrule_one" {
site_id = mist_site.terraform_test.id
src_wxtags = [
mist_org_wxtag.wxtag_one.id
]
enabled = true
action = "allow"
dst_deny_wxtags = [
mist_org_wxtag.wxtag_two.id
]
order = 1
}
```
--------------------------------
### mist_org_servicepolicy Resource Example
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/resources/org_servicepolicy.md
This example demonstrates how to create a WAN Assurance Service Policy (Application Policy) using the `mist_org_servicepolicy` resource.
```APIDOC
## mist_org_servicepolicy (Resource)
### Description
This resource manages WAN Assurance Service Policies (Application Policies).
The Service Policies can be used in the `service_policies` object by referencing the Service Policy ID as the `servicepolicy_id` in:
* the Gateway configuration (`mist_device_gateway.service_policies`)
* the Gateway Templates (`mist_org_gatewaytemplate.service_policies`)
* the HUB Profiles (`mist_org_deviceprofile_gateway.service_policies`)
They can be used to manage common policies between multiples configurations
### Schema
#### Required
- `name` (String) - The name of the service policy.
- `org_id` (String) - The ID of the organization this service policy belongs to.
#### Optional
- `aamw` (Attributes) - SRX only. Configuration for Advanced Anti Malware.
- `aamwprofile_id` (String) - Org-level Advanced Advance Anti Malware Profile (SkyAtp) Profile can be used, this takes precedence over 'profile'.
- `enabled` (Boolean) - Whether AAMW is enabled.
- `profile` (String) - Enum: `docsonly`, `executables`, `standard`. The AAMW profile to use.
- `action` (String) - Enum: `allow`, `deny`. The action to take for the policy.
- `antivirus` (Attributes) - For SRX-only. Configuration for Antivirus.
- `avprofile_id` (String) - Org-level AV Profile can be used, this takes precedence over 'profile'.
- `enabled` (Boolean) - Whether Antivirus is enabled.
- `profile` (String) - Default / noftp / httponly / or keys from av_profiles. The Antivirus profile to use.
- `appqoe` (Attributes) - SRX only. Configuration for Application Quality of Experience.
- `enabled` (Boolean) - Whether AppQoE is enabled.
- `ewf` (Attributes List) - Configuration for Enhanced Web Filtering.
- `alert_only` (Boolean) - Whether to only alert on EWF events.
- `block_message` (String) - The block message to display when EWF blocks a request.
- `enabled` (Boolean) - Whether EWF is enabled.
- `profile` (String) - Enum: `critical`, `standard`, `strict`. The EWF profile to use.
- `idp` (Attributes) - Configuration for Intrusion Detection and Prevention.
- `alert_only` (Boolean) - Whether to only alert on IDP events.
- `enabled` (Boolean) - Whether IDP is enabled.
- `idpprofile_id` (String) - Org-level IDP Profile can be used, this takes precedence over `profile`.
- `profile` (String) - Enum: `Custom`, `strict` (default), `standard` or keys from idp_profiles. The IDP profile to use.
- `local_routing` (Boolean) - Whether to enable local routing within the same VRF.
- `path_preference` (String) - By default, all available paths are derived and used. Optionally, you can customize by using `path_preference`.
- `services` (List of String) - The list of services this policy applies to.
- `ssl_proxy` (Attributes) - For SRX-only. Configuration for SSL Proxy.
- `ciphers_category` (String) - Enum: `medium`, `strong`, `weak`. The category of ciphers to use for SSL proxy.
- `enabled` (Boolean) - Whether SSL proxy is enabled.
- `tenants` (List of String) - The list of tenants this policy applies to.
#### Read-Only
- `id` (String) - Unique ID of the object instance in the Mist Organization.
### Import
Using `terraform import`, import `mist_org_servicepolicy` with:
```shell
# Org Service Policy can be imported by specifying the org_id and the servicepolicy_id
terraform import mist_org_servicepolicy.servicepolicy_one 17b46405-3a6d-4715-8bb4-6bb6d06f316a.d3c42998-9012-4859-9743-6b9bee475309
```
```
--------------------------------
### mist_site_psks Data Source Example
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/data-sources/site_psks.md
Example usage of the mist_site_psks data source to retrieve site PSKs, with optional filtering by name, role, and SSID.
```APIDOC
## mist_site_psks (Data Source)
### Description
This data source provides the list of Site Psks.
A multi PSK (Pre-Shared Key) is a feature that allows the use of multiple PSKs for securing network connections. It provides a simple and comprehensive way to onboard client devices without relying on client mac addresses. Each psk has its own key name, which can be used for user-level accountability, key rotation, and visibility in the management platform. It supports the creation, rotation, and auto-expiration of psks, and allows vlan assignment and role assignment for dynamic per-user policies. Multi PSKs create virtual broadcast domains and can be used for end-user onboarding via authenticated sso login.
### Usage
```terraform
data "mist_site_psks" "psks_vip" {
site_id = "15fca2ac-b1a6-47cc-9953-cc6906281550"
// Filtering options
name = "psk_one"
role = "vip"
ssid = "psk_ssid"
}
```
### Schema
#### Required
- `site_id` (String) - The ID of the site to retrieve PSKs from.
#### Optional
- `name` (String) - Filter PSKs by name.
- `role` (String) - Filter PSKs by role.
- `ssid` (String) - Filter PSKs by SSID.
#### Read-Only
- `site_psks` (Attributes Set) - A set of PSK configurations.
Nested Schema for `site_psks`:
Read-Only:
- `admin_sso_id` (String) - SSO ID for PSK created from PSK portal.
- `created_time` (Number) - When the object has been created, in epoch.
- `email` (String) - Email to send PSK expiring notifications to.
- `expire_time` (Number) - Expire time for this PSK key (epoch time in seconds). Default `null` (as no expiration).
- `expiry_notification_time` (Number) - Number of days before PSK is expired. Used to determine when to start sending reminder notifications.
- `id` (String) - Unique ID of the object instance in the Mist Organization.
- `mac` (String) - If `usage`==`single`, the MAC address this PSK ties to; empty if `auto-binding`.
- `modified_time` (Number) - When the object has been modified for the last time, in epoch.
- `name` (String) - The name of the PSK.
- `note` (String) - A note associated with the PSK.
- `notify_expiry` (Boolean) - If set to true, reminder notifications will be sent when the PSK is about to expire.
- `notify_on_create_or_edit` (Boolean) - If set to true, notifications will be sent when the PSK is created or edited.
- `old_passphrase` (String, Sensitive) - Previous passphrase of the PSK if it has been rotated.
- `org_id` (String) - The organization ID.
- `passphrase` (String, Sensitive) - Passphrase of the PSK (8-63 characters or 64 in hex).
- `role` (String) - The role assigned to the PSK.
- `site_id` (String) - The site ID associated with the PSK.
- `ssid` (String) - The SSID this PSK should be applicable to.
- `usage` (String) - Enum: `macs`, `multi`, `single`. Indicates the usage type of the PSK.
- `vlan_id` (String) - The VLAN ID assigned to the PSK.
```
--------------------------------
### Get Organization VPNs
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/data-sources/org_vpns.md
This example shows how to use the mist_org_vpns data source to fetch all VPNs for a specific organization. You need to provide the organization ID.
```terraform
data "mist_org_vpns" "vpns" {
org_id = "15fca2ac-b1a6-47cc-9953-cc6906281550"
}
```
--------------------------------
### Build Provider with Go Install
Source: https://github.com/juniper/terraform-provider-mist/blob/main/DEV_TESTING_GUIDE.md
Use this command to build the provider. Ensure your code builds without errors before submitting a PR.
```bash
go install .
```
--------------------------------
### Create a NAC Portal
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/resources/org_nac_portal_template.md
Before creating a NAC Portal Template, a NAC Portal must be created. This example shows the basic setup for a guest portal.
```terraform
resource "mist_org_nac_portal" "guest_portal" {
org_id = mist_org.terraform_test.id
name = "Guest Portal"
type = "guest_portal"
access_type = "wireless"
ssid = "Guest-Network"
}
```
--------------------------------
### Basic mist_site_wlan Resource Configuration
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/resources/site_wlan.md
This example demonstrates the basic configuration of a mist_site_wlan resource, setting up an SSID with specific bands, VLAN, and authentication parameters.
```terraform
resource "mist_site_wlan" "wlan_one" {
ssid = "wlan_one"
site_id = mist_site.terraform_test.id
bands = ["5", "6"]
vlan_enabled = true
vlan_id = 143
wlan_limit_up = 10000
wlan_limit_down = 20000
client_limit_up = 512
client_limit_down = 1000
auth = {
type = "psk"
psk = "secretpsk"
}
interface = "all"
}
```
--------------------------------
### mist_site Resource Configuration
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/resources/site.md
Example configuration for the mist_site resource, demonstrating how to set site details, assign templates, and manage location data.
```APIDOC
## Resource: mist_site
### Description
Manages the basic information of a Mist site, including its name, address, timezone, and associated templates.
### Schema
#### Required
- `address` (String) - Full address of the site.
- `name` (String) - The name of the site.
- `org_id` (String) - The ID of the organization the site belongs to.
#### Optional
- `alarmtemplate_id` (String) - Alarm Template ID. Takes precedence over the Org-level alarmtemplate_id.
- `aptemplate_id` (String) - AP Template ID, used by APs.
- `country_code` (String) - Country code for the site (for AP config generation), in two-character format.
- `gatewaytemplate_id` (String) - Gateway Template ID, used by gateways.
- `latlng` (Attributes) - Latitude and longitude coordinates for the site. See [nested schema](#nestedatt--latlng) below.
- `networktemplate_id` (String) - Network Template ID. Takes precedence over Site Settings.
- `notes` (String) - Optional notes about the site.
- `rftemplate_id` (String) - RF Template ID. Takes precedence over Site Settings.
- `routertemplate_id` (String) - Router Template ID, used by gateways.
- `secpolicy_id` (String) - SecPolicy ID.
- `sitegroup_ids` (List of String) - Sitegroups this site belongs to.
- `sitetemplate_id` (String) - Site Template ID.
- `timezone` (String) - The timezone the site is located in.
#### Read-Only
- `id` (String) - Unique ID of the object instance in the Mist Organization.
- `tzoffset` (Number) - The timezone offset.
### Nested Schema for `latlng`
#### Required
- `lat` (Number) - The latitude coordinate.
- `lng` (Number) - The longitude coordinate.
### Import
Import `mist_site` with the site ID:
```shell
terraform import mist_site.site_one d3c42998-9012-4859-9743-6b9bee475309
```
```
--------------------------------
### Example Usage of mist_device_gateway
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/resources/device_gateway.md
This snippet demonstrates how to configure a device gateway, including its name, device and site IDs, out-of-band IP configuration, DNS servers, and additional configuration commands.
```terraform
resource "mist_device_gateway" "gateway_one" {
name = "gateway_one"
device_id = mist_device_gateway_cluster.cluster_one.device_id
site_id = mist_device_gateway_cluster.cluster_one.site_id
oob_ip_config = {
type = "dhcp"
}
dns_servers = ["8.8.8.8"]
additional_config_cmds = [
"annotate system \" -- custom-main -- Template level --\"",
"delete apply-groups custom-main",
"delete groups custom-main",
"set groups custom-main",
"set groups custom-main system services ssh root-login allow",
"set apply-groups custom-main",
]
}
```
--------------------------------
### Initialize Terraform
Source: https://github.com/juniper/terraform-provider-mist/blob/main/README.md
Run this command in your terminal to download the Mist provider plugin after creating your Terraform configuration.
```bash
terraform init
```
--------------------------------
### mist_org_sso Resource Example
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/resources/org_sso.md
Example usage of the mist_org_sso resource to configure Single Sign-On for an organization.
```APIDOC
## mist_org_sso (Resource)
### Description
This resource manages Org SSO Configuration.
Org SSO, or Single Sign-On, is a method of authentication that allows users to securely log in to multiple applications and websites with a single set of login credentials. It involves integrating the Org portal with an Identity Provider (IdP) using the Security Assertion Markup Language (SAML) framework. This enables users to authenticate themselves through their corporate IdP, eliminating the need to remember separate passwords or enter credentials each time they access the Org portal.
### Schema
#### Required
- `idp_cert` (String) - IDP Cert (used to verify the signed response)
- `idp_sign_algo` (String) - Signing algorithm for SAML Assertion. enum `sha1`, `sha256`, `sha384`, `sha512`
- `idp_sso_url` (String) - IDP Single-Sign-On URL
- `issuer` (String) - IDP issuer URL
- `name` (String) - Name
- `org_id` (String) - Organization ID
#### Optional
- `custom_logout_url` (String) - A URL to redirect the user after logout from Mist (for some IdP which supports a custom logout URL that is different from SP-initiated SLO process)
- `default_role` (String) - Default role to assign if there’s no match. By default, an assertion is treated as invalid when there’s no role matched
- `ignore_unmatched_roles` (Boolean) - Ignore any unmatched roles provided in assertion. By default, an assertion is treated as invalid for any unmatched role
- `nameid_format` (String) - enum: `email`, `unspecified`
- `oauth_provider_domain` (String) - If `oauth_type`==`okta`, specifies the region-specific OAuth provider domain. enum: `okta.com`, `oktapreview.com`, `okta-emea.com`, `okta-gov.com`, `okta.mil`, `mtls.okta.com`
- `role_attr_extraction` (String) - Custom role attribute parsing scheme. Supported Role Parsing Schemes:
- `cn`: The expected role attribute format in SAML Assertion is “CN=cn,OU=ou1,OU=ou2,…”
CN (the key) is case insensitive and exactly 1 CN is expected (or the entire entry will be ignored)
E.g. if role attribute is “CN=cn,OU=ou1,OU=ou2” then parsed role value is “cn”
- `role_attr_from` (String) - Name of the attribute in SAML Assertion to extract role from. Default: `Role`
#### Read-Only
- `domain` (String) - Random string generated during the SSO creation and used to generate the SAML URLs:
* ACS URL = `/api/v1/saml/{domain}/login` (e.g. `https://api.mist.com/api/v1/saml/s4t5vwv8/login`)
* Single Logout URL = `/api/v1/saml/{domain}/logout` (e.g. `https://api.mist.com/api/v1/saml/s4t5vwv8/logout`)
- `id` (String) - Unique ID of the object instance in the Mist Organization
### Example Usage
```terraform
resource "mist_org_sso" "sso_admin_one" {
org_id = mist_org.terraform_test.id
name = "sso_admin_one"
custom_logout_url = "https://idp.com/logout"
idp_cert = "-----BEGIN CERTIFICATE-----MIIF0jC .../fSCGx7-----END CERTIFICATE-----"
idp_sign_algo = "sha512"
idp_sso_url = "https://idp.com/login"
issuer = "my_idp_issuer"
nameid_format = "email"
}
```
### Import
Using `terraform import`, import `mist_org_sso` with:
```shell
# Org PSK can be imported by specifying the org_id and the sso_id
terraform import mist_org_sso.sso_admin_one 17b46405-3a6d-4715-8bb4-6bb6d06f316a.d3c42998-9012-4859-9743-6b9bee475309
```
```
--------------------------------
### mist_org_rftemplates Data Source Example
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/data-sources/org_rftemplates.md
Example usage of the mist_org_rftemplates data source to retrieve RF templates for a given organization.
```APIDOC
## mist_org_rftemplates Data Source
### Description
This data source provides the list of RF Templates. The RF Templates can be used to define Wireless Access Points radio configuration, and can be assigned to the sites.
### Usage
```terraform
data "mist_org_rftemplates" "templates" {
org_id = "15fca2ac-b1a6-47cc-9953-cc6906281550"
}
```
### Parameters
#### Required
- `org_id` (String) - The ID of the organization to retrieve RF templates from.
#### Optional
- `page` (Number) - The page number for paginating results.
```
--------------------------------
### Initialize Terraform Workspace
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/guides/getting_started.md
Run this command in the directory containing your `main.tf` file to initialize the Terraform workspace and download provider plugins. It's safe to run multiple times.
```shell
$ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of juniper/mist...
- Installing juniper/mist v0.2.7...
- Installed juniper/mist v0.2.7 (signed by a HashiCorp partner, key ID 1211DC34850D21DE)
Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
```
--------------------------------
### Import mist_site_setting
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/resources/site_setting.md
Import a Mist site setting by providing the site ID. Ensure you have the correct site ID before running the command.
```shell
# Site Setting can be imported by specifying the site_id
terraform import mist_site_setting.site_setting_one 17b46405-3a6d-4715-8bb4-6bb6d06f316a
```
--------------------------------
### mist_org_services Data Source Example
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/data-sources/org_services.md
This example demonstrates how to use the mist_org_services data source to fetch WAN Assurance Services for a specific organization.
```APIDOC
## mist_org_services (Data Source)
### Description
This data source provides the list of WAN Assurance Services (Applications).
A Service is used to define a Custom Application that can be used in the `service_policies`. These Services can be referenced by their name in
* the Service Policies (`mist_org_servicepolicy.services`)
* the Gateway configuration (`mist_device_gateway.service_policies.services`)
* the Gateway Templates (`mist_org_gatewaytemplate.service_policies.services`)
* the HUB Profiles (`mist_org_deviceprofile_gateway.service_policies.services`)
### Schema
#### Required
- `org_id` (String) - The ID of the organization.
#### Read-Only
- `org_services` (Attributes Set) - A set of WAN Assurance Services.
- `addresses` (List of String) - If `type`==`custom`, IPv4 and/or IPv6 subnets (e.g. 10.0.0.0/8, fd28::/128).
- `app_categories` (List of String) - When `type`==`app_categories`, list of application categories.
- `app_subcategories` (List of String) - When `type`==`app_categories`, list of application subcategories.
- `apps` (List of String) - When `type`==`apps`, list of applications.
- `client_limit_down` (Number) - 0 means unlimited, value from 0 to 107374182.
- `client_limit_up` (Number) - 0 means unlimited, value from 0 to 107374182.
- `created_time` (Number) - When the object has been created, in epoch.
- `description` (String) - Description of the service.
- `dscp` (String) - Differentiated Services Code Point value.
- `failover_policy` (String) - Enum: `non_revertible`, `none`, `revertible`.
- `hostnames` (List of String) - If `type`==`custom`, web filtering hostnames.
- `id` (String) - Unique ID of the object instance in the Mist Organization.
- `max_jitter` (String) - Maximum allowed jitter.
- `max_latency` (String) - Maximum allowed latency.
- `max_loss` (String) - Maximum allowed packet loss.
- `modified_time` (Number) - When the object has been modified for the last time, in epoch.
- `name` (String) - Name of the service.
- `org_id` (String) - The ID of the organization.
- `service_limit_down` (Number) - 0 means unlimited, value from 0 to 107374182.
- `service_limit_up` (Number) - 0 means unlimited, value from 0 to 107374182.
- `sle_enabled` (Boolean) - Whether to enable measure SLE.
- `specs` (Attributes List) - Optional, if it doesn't exist, http and https is assumed.
- `port_range` (String) - Port number, port range, or variable.
- `protocol` (String) - `https`/ `tcp` / `udp` / `icmp` / `gre` / `any` / `:protocol_number`.
- `ssr_relaxed_tcp_state_enforcement` (Boolean) - Whether SSR relaxed TCP state enforcement is enabled.
- `traffic_class` (String) - Enum: `best_effort`, `high`, `low`, `medium`.
- `traffic_type` (String) - Values from [List Traffic Types].
- `type` (String) - Enum: `app_categories`, `apps`, `custom`, `urls`.
- `urls` (List of String) - When `type`==`urls`, no need for spec as URL can encode the ports being used.
### Example Usage
```terraform
data "mist_org_services" "services" {
org_id = "15fca2ac-b1a6-47cc-9953-cc6906281550"
}
```
```
--------------------------------
### Example Usage of mist_site_webhook
Source: https://github.com/juniper/terraform-provider-mist/blob/main/docs/resources/site_webhook.md
This snippet demonstrates how to configure a basic HTTP POST webhook for a specific site, including enabling it and defining the topics to monitor.
```terraform
resource "mist_site_webhook" "webhook_one" {
site_id = mist_site.terraform_site.id
name = "webhook_one"
type = "http-post"
url = "https://myserver.com:4321/"
verify_cert = false
enabled = true
topics = [
"device-events",
"alarms",
"audits",
"client-join",
"client-info",
"client-sessions",
"device-updowns",
"mxedge-events",
"nac-events",
"nac-accounting"
]
}
```