Add support for wireless.wifi-iface

We make it possible to define wireless networks. This is maybe the last
big piece to having a usable OpenWrt router in the 21st century. Most
everyone is going to have a need for at least one wireless network these
days (cell phones and laptops most notably).

This is much like the rest of the resources. Because wireless networks
have a lot of features, we only support a subset to start. We'll add
more as we go along. But, this should be enough to get the minimum
going.

Branch: joneshf/add-support-for-wireless-wifi-iface
Pull-Request: #125

Author: joneshf

docs/data-sources/wireless_wifi_iface.md

@@ -0,0 +1,39 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "openwrt_wireless_wifi_iface Data Source - openwrt"
+subcategory: ""
+description: |-
+  A wireless network.
+---
+
+# openwrt_wireless_wifi_iface (Data Source)
+
+A wireless network.
+
+## Example Usage
+
+```terraform
+data "openwrt_wireless_wifi_iface" "testing" {
+  id = "testing"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `id` (String) Name of the section. This name is only used when interacting with UCI directly.
+
+### Read-Only
+
+- `device` (String) Name of the physical device. This name is what the device is known as in LuCI/UCI, or the `id` field in Terraform.
+- `encryption` (String) Encryption method. Currently, only PSK encryption methods are supported. Must be one of: "none", "psk", "psk2", "psk2+aes", "psk2+ccmp", "psk2+tkip", "psk2+tkip+aes", "psk2+tkip+ccmp", "psk+aes", "psk+ccmp", "psk-mixed", "psk-mixed+aes", "psk-mixed+ccmp", "psk-mixed+tkip", "psk-mixed+tkip+aes", "psk-mixed+tkip+ccmp", "psk+tkip", "psk+tkip+aes", "psk+tkip+ccmp", "sae", "sae-mixed".
+- `isolate` (Boolean) Isolate wireless clients from each other.
+- `key` (String, Sensitive) The pre-shared passphrase from which the pre-shared key will be derived. The clear text key has to be 8-63 characters long.
+- `mode` (String) The operation mode of the wireless network interface controller.. Currently only "ap" is supported.
+- `network` (String) Network interface to attach the wireless network. This name is what the interface is known as in UCI, or the `id` field in Terraform.
+- `ssid` (String) The broadcasted SSID of the wireless network. This is what actual clients will see the network as.
+- `wpa_disable_eapol_key_retries` (Boolean) Enable WPA key reinstallation attack (KRACK) workaround. This should be `true` to enable KRACK workaround (you almost surely want this enabled).
+
+

docs/resources/wireless_wifi_iface.md

@@ -0,0 +1,92 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "openwrt_wireless_wifi_iface Resource - openwrt"
+subcategory: ""
+description: |-
+  A wireless network.
+---
+
+# openwrt_wireless_wifi_iface (Resource)
+
+A wireless network.
+
+## Example Usage
+
+```terraform
+resource "openwrt_network_interface" "home" {
+  device = "eth0"
+  dns = [
+    "9.9.9.9",
+    "1.1.1.1",
+  ]
+  id      = "home"
+  ipaddr  = "192.168.3.1"
+  netmask = "255.255.255.0"
+  proto   = "static"
+}
+
+resource "openwrt_wireless_wifi_device" "five_ghz" {
+  band    = "5g"
+  channel = "auto"
+  id      = "radio0"
+  type    = "mac80211"
+}
+
+resource "openwrt_wireless_wifi_iface" "home" {
+  device                        = openwrt_wireless_wifi_device.five_ghz.id
+  encryption                    = "sae"
+  id                            = "wifinet0"
+  key                           = "password"
+  mode                          = "ap"
+  network                       = openwrt_network_interface.home.id
+  ssid                          = "home"
+  wpa_disable_eapol_key_retries = true
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `device` (String) Name of the physical device. This name is what the device is known as in LuCI/UCI, or the `id` field in Terraform.
+- `id` (String) Name of the section. This name is only used when interacting with UCI directly.
+- `mode` (String) The operation mode of the wireless network interface controller.. Currently only "ap" is supported.
+- `network` (String) Network interface to attach the wireless network. This name is what the interface is known as in UCI, or the `id` field in Terraform.
+- `ssid` (String) The broadcasted SSID of the wireless network. This is what actual clients will see the network as.
+
+### Optional
+
+- `encryption` (String) Encryption method. Currently, only PSK encryption methods are supported. Must be one of: "none", "psk", "psk2", "psk2+aes", "psk2+ccmp", "psk2+tkip", "psk2+tkip+aes", "psk2+tkip+ccmp", "psk+aes", "psk+ccmp", "psk-mixed", "psk-mixed+aes", "psk-mixed+ccmp", "psk-mixed+tkip", "psk-mixed+tkip+aes", "psk-mixed+tkip+ccmp", "psk+tkip", "psk+tkip+aes", "psk+tkip+ccmp", "sae", "sae-mixed".
+- `isolate` (Boolean) Isolate wireless clients from each other.
+- `key` (String, Sensitive) The pre-shared passphrase from which the pre-shared key will be derived. The clear text key has to be 8-63 characters long.
+- `wpa_disable_eapol_key_retries` (Boolean) Enable WPA key reinstallation attack (KRACK) workaround. This should be `true` to enable KRACK workaround (you almost surely want this enabled).
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# Find the Terraform id from LuCI's JSON-RPC API.
+# One way to find this information is with `curl` and `jq`:
+#
+# curl \
+#     --data '{"id": 0, "method": "foreach", "params": ["wireless", "wifi-iface"]}' \
+#     http://192.168.1.1/cgi-bin/luci/rpc/uci?auth=$AUTH_TOKEN \
+#     | jq '.result | map({terraformId: .[".name"]})'
+#
+# This command will output something like:
+#
+# [
+#   {
+#     "terraformId": "cfg123456",
+#   },
+#   {
+#     "terraformId": "cfg123457",
+#   }
+# ]
+#
+# We'd then use the information to import the appropriate resource:
+
+terraform import openwrt_wireless_wifi_iface.home_network cfg123456
+```

examples/data-sources/openwrt_wireless_wifi_iface/data-source.tf

@@ -0,0 +1,3 @@
+data "openwrt_wireless_wifi_iface" "testing" {
+  id = "testing"
+}

examples/resources/openwrt_wireless_wifi_iface/import.sh

@@ -0,0 +1,22 @@
+# Find the Terraform id from LuCI's JSON-RPC API.
+# One way to find this information is with `curl` and `jq`:
+#
+# curl \
+#     --data '{"id": 0, "method": "foreach", "params": ["wireless", "wifi-iface"]}' \
+#     http://192.168.1.1/cgi-bin/luci/rpc/uci?auth=$AUTH_TOKEN \
+#     | jq '.result | map({terraformId: .[".name"]})'
+#
+# This command will output something like:
+#
+# [
+#   {
+#     "terraformId": "cfg123456",
+#   },
+#   {
+#     "terraformId": "cfg123457",
+#   }
+# ]
+#
+# We'd then use the information to import the appropriate resource:
+
+terraform import openwrt_wireless_wifi_iface.home_network cfg123456

examples/resources/openwrt_wireless_wifi_iface/resource.tf

@@ -0,0 +1,29 @@
+resource "openwrt_network_interface" "home" {
+  device = "eth0"
+  dns = [
+    "9.9.9.9",
+    "1.1.1.1",
+  ]
+  id      = "home"
+  ipaddr  = "192.168.3.1"
+  netmask = "255.255.255.0"
+  proto   = "static"
+}
+
+resource "openwrt_wireless_wifi_device" "five_ghz" {
+  band    = "5g"
+  channel = "auto"
+  id      = "radio0"
+  type    = "mac80211"
+}
+
+resource "openwrt_wireless_wifi_iface" "home" {
+  device                        = openwrt_wireless_wifi_device.five_ghz.id
+  encryption                    = "sae"
+  id                            = "wifinet0"
+  key                           = "password"
+  mode                          = "ap"
+  network                       = openwrt_network_interface.home.id
+  ssid                          = "home"
+  wpa_disable_eapol_key_retries = true
+}

openwrt/provider.go

@@ -24,6 +24,7 @@ import (
 	"github.com/joneshf/terraform-provider-openwrt/openwrt/network/switchvlan"
 	"github.com/joneshf/terraform-provider-openwrt/openwrt/system/system"
 	"github.com/joneshf/terraform-provider-openwrt/openwrt/wireless/wifidevice"
+	"github.com/joneshf/terraform-provider-openwrt/openwrt/wireless/wifiiface"
 )
 
 const (
@@ -163,6 +164,7 @@ func (p *openWrtProvider) DataSources(
 		switchvlan.NewDataSource,
 		system.NewDataSource,
 		wifidevice.NewDataSource,
+		wifiiface.NewDataSource,
 	}
 }
 
@@ -188,6 +190,7 @@ func (p *openWrtProvider) Resources(
 		switchvlan.NewResource,
 		system.NewResource,
 		wifidevice.NewResource,
+		wifiiface.NewResource,
 	}
 }
 

openwrt/wireless/wifiiface/acceptance_test.go

@@ -0,0 +1,85 @@
+//go:build acceptance.test
+
+package wifiiface_test
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"os"
+	"testing"
+
+	"github.com/joneshf/terraform-provider-openwrt/internal/acceptancetest"
+	"github.com/joneshf/terraform-provider-openwrt/lucirpc"
+	"github.com/ory/dockertest/v3"
+	"golang.org/x/crypto/ssh"
+	"gotest.tools/v3/assert"
+)
+
+var (
+	dockerPool *dockertest.Pool
+)
+
+func TestMain(m *testing.M) {
+	var (
+		code     int
+		err      error
+		tearDown func()
+	)
+	ctx := context.Background()
+	tearDown, dockerPool, err = acceptancetest.Setup(ctx)
+	defer func() {
+		tearDown()
+		os.Exit(code)
+	}()
+	if err != nil {
+		fmt.Printf("Problem setting up tests: %s", err)
+		code = 1
+		return
+	}
+
+	log.Printf("Running tests")
+	code = m.Run()
+}
+
+// runOpenWrtServerWithWireless starts an OpenWrt server,
+// and sets up the wireless config.
+// Without setting up the config,
+// the tests in this package will fail.
+func runOpenWrtServerWithWireless(
+	ctx context.Context,
+	dockerPool dockertest.Pool,
+	t *testing.T,
+) (*lucirpc.Client, string) {
+	openWrtServer := acceptancetest.RunOpenWrtServer(
+		ctx,
+		dockerPool,
+		t,
+	)
+	sshURL := fmt.Sprintf("%s:%d", openWrtServer.Hostname, openWrtServer.SSHPort)
+	sshConfig := &ssh.ClientConfig{
+		Auth: []ssh.AuthMethod{
+			ssh.Password(openWrtServer.Password),
+		},
+		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
+		User:            openWrtServer.Username,
+	}
+	sshClient, err := ssh.Dial("tcp", sshURL, sshConfig)
+	assert.NilError(t, err)
+	t.Cleanup(func() {
+		sshClient.Close()
+	})
+	session, err := sshClient.NewSession()
+	assert.NilError(t, err)
+	t.Cleanup(func() {
+		session.Close()
+	})
+	err = session.Run("touch /etc/config/wireless")
+	assert.NilError(t, err)
+	client := openWrtServer.LuCIRPCClient(
+		ctx,
+		t,
+	)
+	providerBlock := openWrtServer.ProviderBlock()
+	return client, providerBlock
+}