Add support to map Organization Policy Objects/groups to Firewall Rules

[rrahimm]

The resources meraki_appliance_l3_firewall_rules and meraki_appliance_cellular_firewall_rules supports referencing meraki_organization_policy_object and meraki_organization_policy_object_group in the src_cidr and dest_cidr fields

This is not documented in openAPI spec, however confirmed the API doc will be updated.

we would like to add support for the same to provider now.

NOTE: the format to add policy object and group are OBJ(<id_of_policy_object>) and GRP(<id_of_policy_object_group>) respectively.

P.S: The src_cidr and dest_cidr also support VLAN in format VLAN(<vlan_id>). examples: VLAN(10).* and VLAN(20).5 ; however not documented in provider due to lack of openAPI spec gap.

Sample examples

### Read Policy Objects###
curl -L --request GET \
--url https://api.meraki.com/api/v1/organizations/1750758/policyObjects \
--header 'Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
--header 'Accept: application/json'

Response:
[
    {
        "id": "686235993220846034",
        "name": "Policy_object1",
        "category": "network",
        "type": "cidr",
        "cidr": "10.10.10.2",
        "createdAt": "2026-03-25T13:47:44Z",
        "updatedAt": "2026-03-25T13:47:44Z",
        "groupIds": [ "686235993220589390" ],
        "networkIds": []
    },
    {
        "id": "686235993220846035",
        "name": "Policy_object2",
        "category": "network",
        "type": "cidr",
        "cidr": "10.10.10.3",
        "createdAt": "2026-03-25T13:47:57Z",
        "updatedAt": "2026-03-25T13:47:57Z",
        "groupIds": [ "686235993220589390" ],
        "networkIds": []
    },
    {
        "id": "686235993220846036",
        "name": "Policy_object_po",
        "category": "network",
        "type": "cidr",
        "cidr": "10.10.10.1",
        "createdAt": "2026-03-25T13:48:50Z",
        "updatedAt": "2026-03-25T13:48:50Z",
        "groupIds": [],
        "networkIds": []
    }
]

### Read Policy Groups###
curl -L --request GET \
--url https://api.meraki.com/api/v1/organizations/1750758/policyObjects/groups \
--header 'Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
--header 'Accept: application/json'

Response
[
    {
        "id": "686235993220589390",
        "category": "NetworkObjectGroup",
        "name": "Policy_group1",
        "createdAt": "2026-03-25T13:48:24Z",
        "updatedAt": "2026-03-25T13:48:24Z",
        "objectIds": [
            "686235993220846034",
            "686235993220846035"
        ],
        "networkIds": []
    }
]


### Add new Firewall Rule with Policy Object and Group ###
curl -L --request PUT \
--url https://api.meraki.com/api/v1/networks/L_686235993220659372/appliance/firewall/l3FirewallRules \
--header 'Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '{
    "rules": [
        {
            "comment": "Policy object based rule 2.",
            "policy": "allow",
            "protocol": "tcp",
            "destPort": "443",
            "destCidr": "GRP(686235993220589390),OBJ(686235993220846036)",
            "srcPort": "Any",
            "srcCidr": "Any",
            "syslogEnabled": false
        }
    ]
}'

Response
{
    "rules": [
        {
            "comment": "Policy object based rule 2.",
            "policy": "allow",
            "protocol": "tcp",
            "srcPort": "Any",
            "srcCidr": "Any",
            "destPort": "443",
            "destCidr": "GRP(686235993220589390),OBJ(686235993220846036)",
            "syslogEnabled": false
        },
        {
            "comment": "Default rule",
            "policy": "allow",
            "protocol": "Any",
            "srcPort": "Any",
            "srcCidr": "Any",
            "destPort": "Any",
            "destCidr": "Any",
            "syslogEnabled": false
        }
    ]
}