From bc2421803e0b7d36363c8d49732d644b26033456 Mon Sep 17 00:00:00 2001 From: Rohit Upadhyay Date: Fri, 3 May 2024 17:33:10 +0530 Subject: [PATCH 1/3] Added new parameter to waf_entity_url resource --- bigip/datasource_bigip_waf_entity_url.go | 47 +++++++++++++++++++ docs/data-sources/bigip_waf_entity_url.md | 18 +++++++ .../github.com/f5devcentral/go-bigip/awaf.go | 14 ++++-- 3 files changed, 76 insertions(+), 3 deletions(-) diff --git a/bigip/datasource_bigip_waf_entity_url.go b/bigip/datasource_bigip_waf_entity_url.go index be930fe3c..aa1f879c5 100644 --- a/bigip/datasource_bigip_waf_entity_url.go +++ b/bigip/datasource_bigip_waf_entity_url.go @@ -77,6 +77,35 @@ func dataSourceBigipWafEntityUrl() *schema.Resource { }, }, }, + "cross_domain_allowed_origins": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "include_subdomains": { + Type: schema.TypeBool, + Optional: true, + Default: false, + Description: "Specifies whether the subdomains are allowed to receive data from the web application.", + }, + "origin_name": { + Type: schema.TypeString, + Required: true, + Description: "Specifies the name of the origin with which you want to share your data.", + }, + "origin_port": { + Type: schema.TypeString, + Required: true, + Description: "Specifies the port that other web applications are allowed to use to request data from your web application.", + }, + "origin_protocol": { + Type: schema.TypeString, + Required: true, + Description: "Specifies the protocol that other web applications are allowed to use to request data from your web application.", + }, + }, + }, + }, "signature_overrides_disable": { Type: schema.TypeList, Optional: true, @@ -131,6 +160,24 @@ func dataSourceBigipWafEntityUrlRead(ctx context.Context, d *schema.ResourceData urlJson.MethodsOverrideOnUrlCheck = true } + allowedOriginsCount := d.Get("cross_domain_allowed_origins.#").(int) + if allowedOriginsCount > 0 { + urlJson.HTML5CrossOriginRequestsEnforcement.EnforcementMode = "enforce" + + allowedOrigins := make([]bigip.WafUrlAllowedOrigins, 0, allowedOriginsCount) + for i := 0; i < allowedOriginsCount; i++ { + var a bigip.WafUrlAllowedOrigins + prefix := fmt.Sprintf("cross_domain_allowed_origins.%d", i) + a.IncludeSubdomains = d.Get(prefix + ".include_subdomains").(bool) + a.OriginName = d.Get(prefix + ".origin_name").(string) + a.OriginPort = d.Get(prefix + ".origin_port").(string) + a.OriginProtocol = d.Get(prefix + ".origin_protocol").(string) + allowedOrigins = append(allowedOrigins, a) + } + + urlJson.HTML5CrossOriginRequestsEnforcement.AllowerOrigins = allowedOrigins + } + jsonString, err := json.Marshal(urlJson) if err != nil { return diag.FromErr(err) diff --git a/docs/data-sources/bigip_waf_entity_url.md b/docs/data-sources/bigip_waf_entity_url.md index 5a8b2ad27..c3e4f1350 100644 --- a/docs/data-sources/bigip_waf_entity_url.md +++ b/docs/data-sources/bigip_waf_entity_url.md @@ -30,6 +30,18 @@ data "bigip_waf_entity_url" "WAFURL1" { allow = true method = "BDELETE" } + cross_domain_allowed_origins { + include_subdomains = true + origin_name = "app1.com" + origin_port = "80" + origin_protocol = "http" + } + cross_domain_allowed_origins { + include_subdomains = true + origin_name = "app2.com" + origin_port = "443" + origin_protocol = "http" + } } ``` @@ -46,6 +58,12 @@ data "bigip_waf_entity_url" "WAFURL1" { * `method_overrides` - (Optional) A list of methods that are allowed or disallowed for a specific URL. * `allow` - (Required) Specifies that the system allows or disallows a method for this URL * `method` - (Required) Specifies an HTTP method. +* `cross_domain_allowed_origins` - (Optional) A list of options that enables your web-application to share data with a website hosted on a +different domain. + * `include_subdomains` - (Required) Determines whether the subdomains are allowed to receive data from the web application. + * `origin_name` - (Required) Specifies the name of the origin with which you want to share your data. + * `origin_port` - (Required) Specifies the port that other web applications are allowed to use to request data from your web application. + * `origin_protocol` - (Required) Specifies the protocol that other web applications are allowed to use to request data from your web application. ## Attributes Reference diff --git a/vendor/github.com/f5devcentral/go-bigip/awaf.go b/vendor/github.com/f5devcentral/go-bigip/awaf.go index b5fd3bbcc..5cace03f1 100644 --- a/vendor/github.com/f5devcentral/go-bigip/awaf.go +++ b/vendor/github.com/f5devcentral/go-bigip/awaf.go @@ -85,6 +85,13 @@ type WafUrlJsons struct { WafUrlJsons []WafUrlJson `json:"items"` } +type WafUrlAllowedOrigins struct { + IncludeSubdomains bool `json:"includeSubdomains,omitempty"` + OriginPort string `json:"originPort,omitempty"` + OriginName string `json:"originName,omitempty"` + OriginProtocol string `json:"originProtocol,omitempty"` +} + type WafUrlJson struct { Name string `json:"name,omitempty"` Description string `json:"description,omitempty"` @@ -100,7 +107,8 @@ type WafUrlJson struct { ClickjackingProtection bool `json:"clickjackingProtection,omitempty"` DisallowFileUploadOfExecutables bool `json:"disallowFileUploadOfExecutables,omitempty"` HTML5CrossOriginRequestsEnforcement struct { - EnforcementMode string `json:"enforcementMode,omitempty"` + EnforcementMode string `json:"enforcementMode,omitempty"` + AllowerOrigins []WafUrlAllowedOrigins `json:"crossDomainAllowedOrigin,omitempty"` } `json:"html5CrossOriginRequestsEnforcement,omitempty"` MandatoryBody bool `json:"mandatoryBody,omitempty"` URLContentProfiles []struct { @@ -335,8 +343,8 @@ type Parameter struct { SensitiveParameter bool `json:"sensitiveParameter,omitempty"` SignatureOverrides []map[string]interface{} `json:"signatureOverrides,omitempty"` URL interface{} `json:"url,omitempty"` - MaximumLength int `json:"maximumLength,omitempty"` - MinimumLength int `json:"minimumLength,omitempty"` + MaximumLength int `json:"maximumLength,omitempty"` + MinimumLength int `json:"minimumLength,omitempty"` } func (b *BigIP) GetWafSignature(signatureid int) (*Signatures, error) { From 00709a1f0061967fb4d739a9dc1841b0f01b58cb Mon Sep 17 00:00:00 2001 From: Rohit Upadhyay Date: Fri, 3 May 2024 17:48:45 +0530 Subject: [PATCH 2/3] fixed terrafmt lint reports --- docs/data-sources/bigip_waf_entity_url.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/data-sources/bigip_waf_entity_url.md b/docs/data-sources/bigip_waf_entity_url.md index c3e4f1350..96abeafa8 100644 --- a/docs/data-sources/bigip_waf_entity_url.md +++ b/docs/data-sources/bigip_waf_entity_url.md @@ -32,15 +32,15 @@ data "bigip_waf_entity_url" "WAFURL1" { } cross_domain_allowed_origins { include_subdomains = true - origin_name = "app1.com" - origin_port = "80" - origin_protocol = "http" + origin_name = "app1.com" + origin_port = "80" + origin_protocol = "http" } cross_domain_allowed_origins { include_subdomains = true - origin_name = "app2.com" - origin_port = "443" - origin_protocol = "http" + origin_name = "app2.com" + origin_port = "443" + origin_protocol = "http" } } From b209d4548e9d4581dcdc6dfa8b3252a92761d4ab Mon Sep 17 00:00:00 2001 From: Rohit Upadhyay Date: Tue, 7 May 2024 16:25:38 +0530 Subject: [PATCH 3/3] Added fix for AS3 as well --- bigip/datasource_bigip_waf_entity_url.go | 6 +++--- docs/data-sources/bigip_waf_entity_url.md | 6 +++--- vendor/github.com/f5devcentral/go-bigip/awaf.go | 2 +- vendor/github.com/f5devcentral/go-bigip/bigiq.go | 8 ++++++++ 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/bigip/datasource_bigip_waf_entity_url.go b/bigip/datasource_bigip_waf_entity_url.go index aa1f879c5..27b8c71aa 100644 --- a/bigip/datasource_bigip_waf_entity_url.go +++ b/bigip/datasource_bigip_waf_entity_url.go @@ -77,7 +77,7 @@ func dataSourceBigipWafEntityUrl() *schema.Resource { }, }, }, - "cross_domain_allowed_origins": { + "cross_origin_requests_enforcement": { Type: schema.TypeList, Optional: true, Elem: &schema.Resource{ @@ -160,14 +160,14 @@ func dataSourceBigipWafEntityUrlRead(ctx context.Context, d *schema.ResourceData urlJson.MethodsOverrideOnUrlCheck = true } - allowedOriginsCount := d.Get("cross_domain_allowed_origins.#").(int) + allowedOriginsCount := d.Get("cross_origin_requests_enforcement.#").(int) if allowedOriginsCount > 0 { urlJson.HTML5CrossOriginRequestsEnforcement.EnforcementMode = "enforce" allowedOrigins := make([]bigip.WafUrlAllowedOrigins, 0, allowedOriginsCount) for i := 0; i < allowedOriginsCount; i++ { var a bigip.WafUrlAllowedOrigins - prefix := fmt.Sprintf("cross_domain_allowed_origins.%d", i) + prefix := fmt.Sprintf("cross_origin_requests_enforcement.%d", i) a.IncludeSubdomains = d.Get(prefix + ".include_subdomains").(bool) a.OriginName = d.Get(prefix + ".origin_name").(string) a.OriginPort = d.Get(prefix + ".origin_port").(string) diff --git a/docs/data-sources/bigip_waf_entity_url.md b/docs/data-sources/bigip_waf_entity_url.md index 96abeafa8..5d97e4ed9 100644 --- a/docs/data-sources/bigip_waf_entity_url.md +++ b/docs/data-sources/bigip_waf_entity_url.md @@ -30,13 +30,13 @@ data "bigip_waf_entity_url" "WAFURL1" { allow = true method = "BDELETE" } - cross_domain_allowed_origins { + cross_origin_requests_enforcement { include_subdomains = true origin_name = "app1.com" origin_port = "80" origin_protocol = "http" } - cross_domain_allowed_origins { + cross_origin_requests_enforcement { include_subdomains = true origin_name = "app2.com" origin_port = "443" @@ -58,7 +58,7 @@ data "bigip_waf_entity_url" "WAFURL1" { * `method_overrides` - (Optional) A list of methods that are allowed or disallowed for a specific URL. * `allow` - (Required) Specifies that the system allows or disallows a method for this URL * `method` - (Required) Specifies an HTTP method. -* `cross_domain_allowed_origins` - (Optional) A list of options that enables your web-application to share data with a website hosted on a +* `cross_origin_requests_enforcement` - (Optional) A list of options that enables your web-application to share data with a website hosted on a different domain. * `include_subdomains` - (Required) Determines whether the subdomains are allowed to receive data from the web application. * `origin_name` - (Required) Specifies the name of the origin with which you want to share your data. diff --git a/vendor/github.com/f5devcentral/go-bigip/awaf.go b/vendor/github.com/f5devcentral/go-bigip/awaf.go index 5cace03f1..40294b9c5 100644 --- a/vendor/github.com/f5devcentral/go-bigip/awaf.go +++ b/vendor/github.com/f5devcentral/go-bigip/awaf.go @@ -86,7 +86,7 @@ type WafUrlJsons struct { } type WafUrlAllowedOrigins struct { - IncludeSubdomains bool `json:"includeSubdomains,omitempty"` + IncludeSubdomains bool `json:"includeSubDomains,omitempty"` OriginPort string `json:"originPort,omitempty"` OriginName string `json:"originName,omitempty"` OriginProtocol string `json:"originProtocol,omitempty"` diff --git a/vendor/github.com/f5devcentral/go-bigip/bigiq.go b/vendor/github.com/f5devcentral/go-bigip/bigiq.go index 3247a6146..c87bc6e04 100644 --- a/vendor/github.com/f5devcentral/go-bigip/bigiq.go +++ b/vendor/github.com/f5devcentral/go-bigip/bigiq.go @@ -463,6 +463,14 @@ func tenantTrimToDelete(resp string) (string, error) { jsonRef := make(map[string]interface{}) json.Unmarshal([]byte(resp), &jsonRef) + if jsonRef["declaration"].(map[string]interface{})["remark"] == nil { + delete(jsonRef["declaration"].(map[string]interface{}), "remark") + } + + if jsonRef["declaration"].(map[string]interface{})["label"] == nil { + delete(jsonRef["declaration"].(map[string]interface{}), "label") + } + for key, value := range jsonRef { if rec, ok := value.(map[string]interface{}); ok && key == "declaration" { for k, v := range rec {