From 8fa971864cf2fc3d1daa45f9cea390fedcca212f Mon Sep 17 00:00:00 2001
From: ramaniprateek <p.ramani@f5.com>
Date: Wed, 15 Nov 2023 16:25:17 +0530
Subject: [PATCH] Fixed issue 834, 836

---
 bigip/resource_bigip_ltm_profile_http.go      | 13 ++++----
 bigip/resource_bigip_ltm_profile_http_test.go | 30 +++++++++++++++++--
 docs/resources/bigip_ltm_profile_http.md      | 10 +++----
 3 files changed, 39 insertions(+), 14 deletions(-)

diff --git a/bigip/resource_bigip_ltm_profile_http.go b/bigip/resource_bigip_ltm_profile_http.go
index 680eae1e0..9e13bbee1 100644
--- a/bigip/resource_bigip_ltm_profile_http.go
+++ b/bigip/resource_bigip_ltm_profile_http.go
@@ -200,30 +200,31 @@ func resourceBigipLtmProfileHttp() *schema.Resource {
 			"http_strict_transport_security": {
 				Type:     schema.TypeSet,
 				Optional: true,
+				Computed: true,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"include_subdomains": {
 							Type:        schema.TypeString,
 							Optional:    true,
-							Default:     "enabled",
+							Computed:    true,
 							Description: "Specifies whether to include the includeSubdomains directive in the HSTS header.",
 						},
 						"maximum_age": {
 							Type:        schema.TypeInt,
 							Optional:    true,
-							Default:     16070400,
+							Computed:    true,
 							Description: "Specifies the maximum age to assume the connection should remain secure.",
 						},
 						"mode": {
 							Type:        schema.TypeString,
 							Optional:    true,
-							Default:     "disabled",
+							Computed:    true,
 							Description: "Specifies whether to include the HSTS response header.",
 						},
 						"preload": {
 							Type:        schema.TypeString,
 							Optional:    true,
-							Default:     "disabled",
+							Computed:    true,
 							Description: "Specifies whether to include the preload directive in the HSTS header.",
 						},
 					},
@@ -490,8 +491,8 @@ func getHttpProfileConfig(d *schema.ResourceData, config *bigip.HttpProfile) *bi
 
 	for _, r := range p.(*schema.Set).List() {
 		config.Hsts.IncludeSubdomains = r.(map[string]interface{})["include_subdomains"].(string)
-		config.Hsts.Mode = r.(map[string]interface{})["preload"].(string)
-		config.Hsts.Preload = r.(map[string]interface{})["mode"].(string)
+		config.Hsts.Mode = r.(map[string]interface{})["mode"].(string)
+		config.Hsts.Preload = r.(map[string]interface{})["preload"].(string)
 		config.Hsts.MaximumAge = r.(map[string]interface{})["maximum_age"].(int)
 	}
 
diff --git a/bigip/resource_bigip_ltm_profile_http_test.go b/bigip/resource_bigip_ltm_profile_http_test.go
index 5f3c30ed8..9f6b1ff31 100644
--- a/bigip/resource_bigip_ltm_profile_http_test.go
+++ b/bigip/resource_bigip_ltm_profile_http_test.go
@@ -7,12 +7,12 @@ package bigip
 
 import (
 	"fmt"
-	"regexp"
-	"testing"
-
 	bigip "github.com/f5devcentral/go-bigip"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	"regexp"
+	"strings"
+	"testing"
 )
 
 var TestHttpName = fmt.Sprintf("/%s/test-http", TestPartition)
@@ -107,6 +107,15 @@ func TestAccBigipLtmProfileHttpUpdateServerAgent(t *testing.T) {
 					resource.TestCheckResourceAttr(resFullName, "server_agent_name", "myBIG-IP"),
 				),
 			},
+			{
+				Config: testaccbigipltmprofilehttpDefaultConfig(TestPartition, TestHttpName, "http-profile-test"),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckhttpExists(TestHttpName),
+					resource.TestCheckResourceAttr(resFullName, "name", TestHttpName),
+					resource.TestCheckResourceAttr(resFullName, "defaults_from", "/Common/http"),
+					resource.TestCheckResourceAttr(resFullName, "server_agent_name", "myBIG-IP"),
+				),
+			},
 		},
 	})
 }
@@ -419,6 +428,18 @@ func TestAccBigipLtmProfileHttpUpdateHSTS(t *testing.T) {
 					resource.TestCheckResourceAttr(resFullName, "http_strict_transport_security.0.maximum_age", "80"),
 				),
 			},
+			{
+				Config: testaccbigipltmprofilehttpUpdateParam(instName, ""),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckhttpExists(instFullName),
+					resource.TestCheckResourceAttr(resFullName, "name", instFullName),
+					resource.TestCheckResourceAttr(resFullName, "defaults_from", "/Common/http"),
+					resource.TestCheckResourceAttr(resFullName, "http_strict_transport_security.0.include_subdomains", "disabled"),
+					resource.TestCheckResourceAttr(resFullName, "http_strict_transport_security.0.preload", "enabled"),
+					resource.TestCheckResourceAttr(resFullName, "http_strict_transport_security.0.mode", "enabled"),
+					resource.TestCheckResourceAttr(resFullName, "http_strict_transport_security.0.maximum_age", "80"),
+				),
+			},
 		},
 	})
 }
@@ -470,6 +491,9 @@ func testCheckHttpsDestroyed(s *terraform.State) error {
 		name := rs.Primary.ID
 		http, err := client.GetHttpProfile(name)
 		if err != nil {
+			if strings.Contains(err.Error(), "not found") {
+				return nil
+			}
 			return err
 		}
 		if http != nil {
diff --git a/docs/resources/bigip_ltm_profile_http.md b/docs/resources/bigip_ltm_profile_http.md
index b6ca857c0..dfca01f6f 100644
--- a/docs/resources/bigip_ltm_profile_http.md
+++ b/docs/resources/bigip_ltm_profile_http.md
@@ -73,7 +73,7 @@ resource "bigip_ltm_profile_http" "sanjose-http" {
 
 * `xff_alternative_names` - (Optional) Specifies alternative XFF headers instead of the default X-forwarded-for header.
 
-* `server_agent_name` - (Optional) Specifies the value of the Server header in responses that the BIG-IP itself generates. The default is BigIP. If no string is specified, then default value will be added to such responses. In order to remove it, "none" string is to be passed.
+* `server_agent_name` - (Optional) Specifies the value of the Server header in responses that the BIG-IP itself generates. The default is BigIP. In order to remove it, "none" string is to be passed. If server_agent_name is commented (or not passed) during the update call, then no changes would be applied and previous value will persist. If "default-value" is specified in Update for server_agent_name, then default value will be added by BigIP.
 
 * `enforcement` -See [Enforcement](#enforcement) below for more details.
 
@@ -96,13 +96,13 @@ The `enforcement` block supports the following:
 
 The `http_strict_transport_security` block supports the following:
 
-* `include_subdomains` - (Optional , `string`) Specifies whether to include the includeSubdomains directive in the HSTS header. The default is enabled. If no string is specified, then default value will be assigned.
+* `include_subdomains` - (Optional , `string`) The Include Subdomains setting applies the HSTS policy to the HSTS host and its subdomains. The default is enabled. If no string is specified during Create, then default value will be assigned by BigIp. If include_subdomains is commented (or not passed) during the update call, then no changes would be applied and previous value will persist. If "default-value" is specified in Update for include_subdomains, then default value will be added by BigIP.
 
-* `preload` - (Optional , `string`) Specifies whether to include the preload directive in the HSTS header. The default is disabled. If no string is specified, then default value will be assigned.
+* `preload` - (Optional , `string`) An HSTS preload list is a list of domains built into a web browser. When you enable the Preload setting, the domain for the web site that this HTTP profile is associated with is submitted for inclusion in the browser's preload list. The default is disabled. If no string is specified during Create, then default value will be assigned by BigIp. If preload is commented (or not passed) during the update call, then no changes would be applied and previous value will persist. If "default-value" is specified in Update for preload, then default value will be added by BigIP. 
 
-* `mode` - (Optional , `string`) Specifies whether to include the HSTS response header. The default is disabled.If no string is specified, then default value will be assigned.
+* `mode` - (Optional , `string`) The Mode setting enables and disables HSTS functionality within the HTTP profile. The default is disabled. If no string is specified during Create, then default value will be assigned by BigIp. If mode is commented (or not passed) during the update call, then no changes would be applied and previous value will persist. If "default-value" is specified in Update for mode, then default value will be added by BigIP. 
 
-* `maximum_age` - (Optional , `int`) Specifies the maximum age to assume the connection should remain secure. The default is 16070400 seconds. If no value is specified, then default value will be assigned.
+* `maximum_age` - (Optional , `int`) The Maximum Age value specifies the length of time, in seconds, that HSTS functionality requests that clients only use HTTPS to connect to the current host and any subdomains of the current host's domain name.  The default is 16070400 seconds. If no value is specified during Create, then default value will be assigned by BigIp. If maximum_age is commented (or not passed) during the update call, then no changes would be applied and previous value will persist. In order to put default value , we need to pass 16070400 explicitly.
 
 
 ## Import