diff --git a/bigip/datasource_bigip_waf_entity_url.go b/bigip/datasource_bigip_waf_entity_url.go index be930fe3..aa1f879c 100644 --- a/bigip/datasource_bigip_waf_entity_url.go +++ b/bigip/datasource_bigip_waf_entity_url.go @@ -77,6 +77,35 @@ func dataSourceBigipWafEntityUrl() *schema.Resource { }, }, }, + "cross_domain_allowed_origins": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "include_subdomains": { + Type: schema.TypeBool, + Optional: true, + Default: false, + Description: "Specifies whether the subdomains are allowed to receive data from the web application.", + }, + "origin_name": { + Type: schema.TypeString, + Required: true, + Description: "Specifies the name of the origin with which you want to share your data.", + }, + "origin_port": { + Type: schema.TypeString, + Required: true, + Description: "Specifies the port that other web applications are allowed to use to request data from your web application.", + }, + "origin_protocol": { + Type: schema.TypeString, + Required: true, + Description: "Specifies the protocol that other web applications are allowed to use to request data from your web application.", + }, + }, + }, + }, "signature_overrides_disable": { Type: schema.TypeList, Optional: true, @@ -131,6 +160,24 @@ func dataSourceBigipWafEntityUrlRead(ctx context.Context, d *schema.ResourceData urlJson.MethodsOverrideOnUrlCheck = true } + allowedOriginsCount := d.Get("cross_domain_allowed_origins.#").(int) + if allowedOriginsCount > 0 { + urlJson.HTML5CrossOriginRequestsEnforcement.EnforcementMode = "enforce" + + allowedOrigins := make([]bigip.WafUrlAllowedOrigins, 0, allowedOriginsCount) + for i := 0; i < allowedOriginsCount; i++ { + var a bigip.WafUrlAllowedOrigins + prefix := fmt.Sprintf("cross_domain_allowed_origins.%d", i) + a.IncludeSubdomains = d.Get(prefix + ".include_subdomains").(bool) + a.OriginName = d.Get(prefix + ".origin_name").(string) + a.OriginPort = d.Get(prefix + ".origin_port").(string) + a.OriginProtocol = d.Get(prefix + ".origin_protocol").(string) + allowedOrigins = append(allowedOrigins, a) + } + + urlJson.HTML5CrossOriginRequestsEnforcement.AllowerOrigins = allowedOrigins + } + jsonString, err := json.Marshal(urlJson) if err != nil { return diag.FromErr(err) diff --git a/docs/data-sources/bigip_waf_entity_url.md b/docs/data-sources/bigip_waf_entity_url.md index 5a8b2ad2..c3e4f135 100644 --- a/docs/data-sources/bigip_waf_entity_url.md +++ b/docs/data-sources/bigip_waf_entity_url.md @@ -30,6 +30,18 @@ data "bigip_waf_entity_url" "WAFURL1" { allow = true method = "BDELETE" } + cross_domain_allowed_origins { + include_subdomains = true + origin_name = "app1.com" + origin_port = "80" + origin_protocol = "http" + } + cross_domain_allowed_origins { + include_subdomains = true + origin_name = "app2.com" + origin_port = "443" + origin_protocol = "http" + } } ``` @@ -46,6 +58,12 @@ data "bigip_waf_entity_url" "WAFURL1" { * `method_overrides` - (Optional) A list of methods that are allowed or disallowed for a specific URL. * `allow` - (Required) Specifies that the system allows or disallows a method for this URL * `method` - (Required) Specifies an HTTP method. +* `cross_domain_allowed_origins` - (Optional) A list of options that enables your web-application to share data with a website hosted on a +different domain. + * `include_subdomains` - (Required) Determines whether the subdomains are allowed to receive data from the web application. + * `origin_name` - (Required) Specifies the name of the origin with which you want to share your data. + * `origin_port` - (Required) Specifies the port that other web applications are allowed to use to request data from your web application. + * `origin_protocol` - (Required) Specifies the protocol that other web applications are allowed to use to request data from your web application. ## Attributes Reference diff --git a/vendor/github.com/f5devcentral/go-bigip/awaf.go b/vendor/github.com/f5devcentral/go-bigip/awaf.go index b5fd3bbc..5cace03f 100644 --- a/vendor/github.com/f5devcentral/go-bigip/awaf.go +++ b/vendor/github.com/f5devcentral/go-bigip/awaf.go @@ -85,6 +85,13 @@ type WafUrlJsons struct { WafUrlJsons []WafUrlJson `json:"items"` } +type WafUrlAllowedOrigins struct { + IncludeSubdomains bool `json:"includeSubdomains,omitempty"` + OriginPort string `json:"originPort,omitempty"` + OriginName string `json:"originName,omitempty"` + OriginProtocol string `json:"originProtocol,omitempty"` +} + type WafUrlJson struct { Name string `json:"name,omitempty"` Description string `json:"description,omitempty"` @@ -100,7 +107,8 @@ type WafUrlJson struct { ClickjackingProtection bool `json:"clickjackingProtection,omitempty"` DisallowFileUploadOfExecutables bool `json:"disallowFileUploadOfExecutables,omitempty"` HTML5CrossOriginRequestsEnforcement struct { - EnforcementMode string `json:"enforcementMode,omitempty"` + EnforcementMode string `json:"enforcementMode,omitempty"` + AllowerOrigins []WafUrlAllowedOrigins `json:"crossDomainAllowedOrigin,omitempty"` } `json:"html5CrossOriginRequestsEnforcement,omitempty"` MandatoryBody bool `json:"mandatoryBody,omitempty"` URLContentProfiles []struct { @@ -335,8 +343,8 @@ type Parameter struct { SensitiveParameter bool `json:"sensitiveParameter,omitempty"` SignatureOverrides []map[string]interface{} `json:"signatureOverrides,omitempty"` URL interface{} `json:"url,omitempty"` - MaximumLength int `json:"maximumLength,omitempty"` - MinimumLength int `json:"minimumLength,omitempty"` + MaximumLength int `json:"maximumLength,omitempty"` + MinimumLength int `json:"minimumLength,omitempty"` } func (b *BigIP) GetWafSignature(signatureid int) (*Signatures, error) {