adding cipher group/rules documentations

F5Networks · Sep 29, 2023 · 660643b · 660643b
1 parent 644d868
commit 660643b
Show file tree

Hide file tree

Showing 4 changed files with 101 additions and 10 deletions.
diff --git a/bigip/resource_bigip_ltm_cipher_group.go b/bigip/resource_bigip_ltm_cipher_group.go
@@ -26,7 +26,7 @@ func resourceBigipLtmCipherGroup() *schema.Resource {
 			"name": {
 				Type:         schema.TypeString,
 				Required:     true,
-				Description:  "Name of the cipher rule,name should be in pattern ``partition` + `cipher rule name``",
+				Description:  "Name of the cipher group,name should be in pattern ``partition` + `cipher group name``",
 				ForceNew:     true,
 				ValidateFunc: validateF5Name,
 			},
@@ -36,21 +36,23 @@ func resourceBigipLtmCipherGroup() *schema.Resource {
 				Description: "Specifies descriptive text that identifies the cipher rule",
 			},
 			"ordering": {
-				Type:        schema.TypeString,
-				Optional:    true,
-				Description: "Specifies one or more Cipher Suites used.Note: For SM2, type the following cipher suite string: ECC-SM4-SM3.",
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				//Default:     "default",
+				Description: "Controls the order of the Cipher String list in the Cipher Audit section. Options are Default, Speed, Strength, FIPS, and Hardware. The rules are processed in the order listed",
 			},
 			"allow": {
 				Type:        schema.TypeSet,
 				Optional:    true,
 				Elem:        &schema.Schema{Type: schema.TypeString},
-				Description: "Specifies the DH Groups Elliptic Curve Diffie-Hellman key exchange algorithms, separated by colons (:).Note: You can also type a special keyword, DEFAULT, which represents the recommended set of named groups",
+				Description: "Specifies the configuration of the allowed groups of ciphers. You can select a cipher rule from the Available Cipher Rules list",
 			},
 			"require": {
 				Type:        schema.TypeSet,
 				Optional:    true,
 				Elem:        &schema.Schema{Type: schema.TypeString},
-				Description: "Specifies the DH Groups Elliptic Curve Diffie-Hellman key exchange algorithms, separated by colons (:).Note: You can also type a special keyword, DEFAULT, which represents the recommended set of named groups",
+				Description: "Specifies the configuration of the restrict groups of ciphers. You can select a cipher rule from the Available Cipher Rules list",
 			},
 		},
 	}
@@ -83,12 +85,14 @@ func resourceBigipLtmCipherGroupRead(ctx context.Context, d *schema.ResourceData
 	name := d.Id()
 	log.Printf("[INFO] Fetching Cipher group :%+v", name)
 
-	cipherRule, err := client.GetLtmCipherGroup(name)
+	cipherGroup, err := client.GetLtmCipherGroup(name)
 	if err != nil {
-		log.Printf("[ERROR] Unable to retrieve cipher rule %s  %v :", name, err)
+		log.Printf("[ERROR] Unable to retrieve cipher group %s  %v :", name, err)
 		return diag.FromErr(err)
 	}
-	log.Printf("[INFO] Cipher rule response :%+v", cipherRule)
+	_ = d.Set("name", cipherGroup.FullPath)
+	_ = d.Set("ordering", cipherGroup.Ordering)
+	log.Printf("[INFO] Cipher group response :%+v", cipherGroup)
 	return nil
 }
 

diff --git a/bigip/resource_bigip_ltm_cipher_rule.go b/bigip/resource_bigip_ltm_cipher_rule.go
@@ -37,7 +37,7 @@ func resourceBigipLtmCipherRule() *schema.Resource {
 			},
 			"cipher": {
 				Type:        schema.TypeString,
-				Optional:    true,
+				Required:    true,
 				Description: "Specifies one or more Cipher Suites used.Note: For SM2, type the following cipher suite string: ECC-SM4-SM3.",
 			},
 			"dh_groups": {
@@ -87,6 +87,11 @@ func resourceBigipLtmCipherRuleRead(ctx context.Context, d *schema.ResourceData,
 		return diag.FromErr(err)
 	}
 	log.Printf("[INFO] Cipher rule response :%+v", cipherRule)
+	_ = d.Set("name", cipherRule.Name)
+	_ = d.Set("partition", cipherRule.Partition)
+	_ = d.Set("cipher_suites", cipherRule.Cipher)
+	_ = d.Set("dh_groups", cipherRule.DhGroups)
+	_ = d.Set("signature_algorithms", cipherRule.SignatureAlgorithms)
 	return nil
 }
 

diff --git a/docs/resources/bigip_ltm_cipher_group.md b/docs/resources/bigip_ltm_cipher_group.md
@@ -0,0 +1,40 @@
+---
+layout: "bigip"
+page_title: "BIG-IP: bigip_ltm_cipher_rule"
+subcategory: "Local Traffic Manager(LTM)"
+description: |-
+Provides details about bigip_ltm_cipher_rule resource
+---
+
+# bigip\_ltm\_cipher\_group
+
+`bigip_ltm_cipher_group` Manages F5 BIG-IP LTM cipher group using iControl REST.
+
+## Example Usage
+
+```hcl
+resource "bigip_ltm_cipher_group" "test-cipher-group" {
+  name = "/Common/test-cipher-group-01"
+  allow = ["/Common/f5-aes"]
+  require = ["/Common/f5-quic"]
+  ordering = "speed"
+}
+```
+
+## Argument Reference
+
+* `name` - (Required,type `string`) Name of the Cipher group. Name should be in pattern `partition` + `cipher_group_name`
+
+* `allow` - (Optional,type `list` of `strings` ) Specifies the configuration of the allowed groups of ciphers. You can select a cipher rule from the Available Cipher Rules list.
+
+* `require` - (Optional,type `list` of `string`) Specifies the configuration of the restrict groups of ciphers. You can select a cipher rule from the Available Cipher Rules list.
+
+* `ordering` - (Optional,type `string`) Controls the order of the Cipher String list in the Cipher Audit section. Options are Default, Speed, Strength, FIPS, and Hardware. The rules are processed in the order listed.
+
+## Importing
+An existing cipher group can be imported into this resource by supplying the cipher rule full path name ex : `/partition/name`
+An example is below:
+```sh
+$ terraform import bigip_ltm_cipher_group.test_cipher_group /Common/test_cipher_group
+
+```
diff --git a/docs/resources/bigip_ltm_cipher_rule.md b/docs/resources/bigip_ltm_cipher_rule.md
@@ -0,0 +1,42 @@
+---
+layout: "bigip"
+page_title: "BIG-IP: bigip_ltm_cipher_rule"
+subcategory: "Local Traffic Manager(LTM)"
+description: |-
+Provides details about bigip_ltm_cipher_rule resource
+---
+
+# bigip\_ltm\_cipher\_rule
+
+`bigip_ltm_cipher_rule` Manages F5 BIG-IP LTM cipher rule using iControl REST.
+
+## Example Usage
+
+```hcl
+resource "bigip_ltm_cipher_rule" "test_cipher_rule" {
+  name                 = "/Common/test_cipher_rule"
+  cipher               = "TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384"
+  dh_groups            = "P256:P384:FFDHE2048:FFDHE3072:FFDHE4096"
+  signature_algorithms = "DEFAULT"
+}
+```
+
+## Argument Reference
+
+* `name` - (Required,type `string`) Name of the Cipher Rule. Name should be in pattern `partition` + `cipher_rule_name`
+
+* `description` - (Optional,type `string`) The Partition in which the Cipher Rule will be created.
+
+* `cipher` - (Required,type `string`) Specifies one or more Cipher Suites used,this is a colon (:) separated string of cipher suites. example, `TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384`.
+
+* `dh_groups` - (Optional,type `string`) Specifies the DH Groups algorithms, separated by colons (:).
+
+* `signature_algorithms` - (Optional,type `string`) Specifies the Signature Algorithms, separated by colons (:).
+
+## Importing
+An existing cipher rule can be imported into this resource by supplying the cipher rule full path name  ex : `/partition/name`
+An example is below:
+```sh
+$ terraform import bigip_ltm_cipher_rule.test_cipher_rule /Common/test_cipher_rule
+
+```