Merge pull request #974 from F5Networks/devel

Devel sync master

bigip/datasource_bigip_waf_entity_url.go

@@ -77,6 +77,35 @@ func dataSourceBigipWafEntityUrl() *schema.Resource {
 					},
 				},
 			},
+			"cross_origin_requests_enforcement": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"include_subdomains": {
+							Type:        schema.TypeBool,
+							Optional:    true,
+							Default:     false,
+							Description: "Specifies whether the subdomains are allowed to receive data from the web application.",
+						},
+						"origin_name": {
+							Type:        schema.TypeString,
+							Required:    true,
+							Description: "Specifies the name of the origin with which you want to share your data.",
+						},
+						"origin_port": {
+							Type:        schema.TypeString,
+							Required:    true,
+							Description: "Specifies the port that other web applications are allowed to use to request data from your web application.",
+						},
+						"origin_protocol": {
+							Type:        schema.TypeString,
+							Required:    true,
+							Description: "Specifies the protocol that other web applications are allowed to use to request data from your web application.",
+						},
+					},
+				},
+			},
 			"signature_overrides_disable": {
 				Type:        schema.TypeList,
 				Optional:    true,
@@ -131,6 +160,24 @@ func dataSourceBigipWafEntityUrlRead(ctx context.Context, d *schema.ResourceData
 		urlJson.MethodsOverrideOnUrlCheck = true
 	}
 
+	allowedOriginsCount := d.Get("cross_origin_requests_enforcement.#").(int)
+	if allowedOriginsCount > 0 {
+		urlJson.HTML5CrossOriginRequestsEnforcement.EnforcementMode = "enforce"
+
+		allowedOrigins := make([]bigip.WafUrlAllowedOrigins, 0, allowedOriginsCount)
+		for i := 0; i < allowedOriginsCount; i++ {
+			var a bigip.WafUrlAllowedOrigins
+			prefix := fmt.Sprintf("cross_origin_requests_enforcement.%d", i)
+			a.IncludeSubdomains = d.Get(prefix + ".include_subdomains").(bool)
+			a.OriginName = d.Get(prefix + ".origin_name").(string)
+			a.OriginPort = d.Get(prefix + ".origin_port").(string)
+			a.OriginProtocol = d.Get(prefix + ".origin_protocol").(string)
+			allowedOrigins = append(allowedOrigins, a)
+		}
+
+		urlJson.HTML5CrossOriginRequestsEnforcement.AllowerOrigins = allowedOrigins
+	}
+
 	jsonString, err := json.Marshal(urlJson)
 	if err != nil {
 		return diag.FromErr(err)

bigip/resource_bigip_ltm_pool.go

@@ -134,14 +134,14 @@ func resourceBigipLtmPoolRead(ctx context.Context, d *schema.ResourceData, meta
 	_ = d.Set("name", name)
 	log.Println("[INFO] Reading pool " + name)
 	pool, err := client.GetPool(name)
-	if err != nil {
-		return diag.FromErr(err)
-	}
-	if pool == nil {
+	if err != nil && strings.Contains(err.Error(), "not found") {
 		log.Printf("[WARN] Pool (%s) not found, removing from state", d.Id())
 		d.SetId("")
 		return nil
 	}
+	if err != nil {
+		return diag.FromErr(err)
+	}
 	_ = d.Set("allow_nat", pool.AllowNAT)
 	_ = d.Set("allow_snat", pool.AllowSNAT)
 	_ = d.Set("load_balancing_mode", pool.LoadBalancingMode)

bigip/resource_bigip_ltm_pool_test.go

@@ -8,6 +8,7 @@ package bigip
 
 import (
 	"fmt"
+	"strings"
 	"testing"
 
 	bigip "github.com/f5devcentral/go-bigip"
@@ -124,6 +125,9 @@ func testCheckPoolsDestroyed(s *terraform.State) error {
 		name := rs.Primary.ID
 		pool, err := client.GetPool(name)
 		if err != nil {
+			if strings.Contains(err.Error(), "not found") {
+				return nil
+			}
 			return err
 		}
 		if pool != nil {

bigip/resource_bigip_ltm_profile_http.go

@@ -76,7 +76,7 @@ func resourceBigipLtmProfileHttp() *schema.Resource {
 			"encrypt_cookie_secret": {
 				Type:        schema.TypeString,
 				Optional:    true,
-				Description: "Specifies a passphrase for the cookie encryption",
+				Description: "Specifies a passphrase for the cookie encryption. Note: Since it's a sensitive entity idempotency will fail for it in the update call.",
 			},
 			"fallback_host": {
 				Type:        schema.TypeString,

bigip/resource_bigiq_as3.go

@@ -23,6 +23,7 @@ import (
 
 var p = 0
 var q sync.Mutex
+var unknownVariableValue = "74D93920-ED26-11E3-AC10-0800200C9A66"
 
 func resourceBigiqAs3() *schema.Resource {
 	return &schema.Resource{
@@ -81,6 +82,15 @@ func resourceBigiqAs3() *schema.Resource {
 					return json
 				},
 				DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
+					// when an attribute A uses reference to an attribute B from a different resource
+					// and B is the kind that is 'known after apply', the attribute is temporarily set to
+					// the value of unknownVariableValue as a placeholder. Not handling this case results
+					// in an error that reads like, 'Error: Provider produced inconsistent final plan'.
+					// More information about this can be found on a different github issue, here:
+					// https://github.com/hashicorp/terraform-provider-google/issues/12043
+					if new == unknownVariableValue && old != new {
+						return false
+					}
 					oldResp := []byte(old)
 					newResp := []byte(new)
 					oldJsonref := make(map[string]interface{})

docs/data-sources/bigip_waf_entity_url.md

@@ -30,6 +30,18 @@ data "bigip_waf_entity_url" "WAFURL1" {
     allow  = true
     method = "BDELETE"
   }
+  cross_origin_requests_enforcement {
+    include_subdomains = true
+    origin_name        = "app1.com"
+    origin_port        = "80"
+    origin_protocol    = "http"
+  }
+  cross_origin_requests_enforcement {
+    include_subdomains = true
+    origin_name        = "app2.com"
+    origin_port        = "443"
+    origin_protocol    = "http"
+  }
 }
 
 ```
@@ -46,6 +58,12 @@ data "bigip_waf_entity_url" "WAFURL1" {
 * `method_overrides` - (Optional) A list of methods that are allowed or disallowed for a specific URL.
   * `allow` - (Required) Specifies that the system allows or disallows a method for this URL
   * `method` - (Required) Specifies an HTTP method.
+* `cross_origin_requests_enforcement` - (Optional) A list of options that enables your web-application to share data with a website hosted on a
+different domain.
+  * `include_subdomains` - (Required) Determines whether the subdomains are allowed to receive data from the web application.
+  * `origin_name` - (Required) Specifies the name of the origin with which you want to share your data.
+  * `origin_port` - (Required) Specifies the port that other web applications are allowed to use to request data from your web application.
+  * `origin_protocol` - (Required) Specifies the protocol that other web applications are allowed to use to request data from your web application.
 
 
 ## Attributes Reference

docs/resources/bigip_ltm_profile_http.md

@@ -61,7 +61,7 @@ resource "bigip_ltm_profile_http" "sanjose-http" {
 
 * `encrypt_cookies` - (Optional) Type the cookie names for the system to encrypt.
 
-* `encrypt_cookie_secret` - (Optional) Type a passphrase for cookie encryption.
+* `encrypt_cookie_secret` - (Optional) Type a passphrase for cookie encryption. Note: Since it's a sensitive entity idempotency will fail for it in the update call.
 
 * `insert_xforwarded_for` - (Optional) Specifies, when enabled, that the system inserts an X-Forwarded-For header in an HTTP request with the client IP address, to use with connection pooling. The default is `Disabled`.
 

go.mod

@@ -10,8 +10,8 @@ require (
 	github.com/Azure/azure-storage-blob-go v0.13.0
 	github.com/Azure/go-autorest/autorest v0.11.18
 	github.com/Azure/go-autorest/autorest/adal v0.9.13
-	github.com/f5devcentral/go-bigip v0.0.0-20240214135103-fd95be9ae1fb
-	github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240214135103-fd95be9ae1fb
+	github.com/f5devcentral/go-bigip v0.0.0-20240509075551-d135b50ad60c
+	github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240509075551-d135b50ad60c
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.25.0
 	github.com/stretchr/testify v1.8.4

go.sum

@@ -51,10 +51,10 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg=
 github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
-github.com/f5devcentral/go-bigip v0.0.0-20240214135103-fd95be9ae1fb h1:r2hm89TgbKAJQnViwet98Z7Hq1o5JE4TX/bbRG7489o=
-github.com/f5devcentral/go-bigip v0.0.0-20240214135103-fd95be9ae1fb/go.mod h1:0Lkr0fBU6O1yBxF2mt9JFwXpaFbIb/wAY7oM3dMJDdA=
-github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240214135103-fd95be9ae1fb h1:ZobhcJVa43SKFAhDUc3FQBnn5U+OXdAD7ur5lKbokIY=
-github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240214135103-fd95be9ae1fb/go.mod h1:r7o5I22EvO+fps2u10bz4ZUlTlNHopQSWzVcW19hK3U=
+github.com/f5devcentral/go-bigip v0.0.0-20240509075551-d135b50ad60c h1:EA9qSu00QzCKcilTj9UqKTMXIwKeLtPceoQzAudLHa8=
+github.com/f5devcentral/go-bigip v0.0.0-20240509075551-d135b50ad60c/go.mod h1:0Lkr0fBU6O1yBxF2mt9JFwXpaFbIb/wAY7oM3dMJDdA=
+github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240509075551-d135b50ad60c h1:SlUYdX9vu+sVOx3EaxNIi4mmPJ+60NtxV8Iu/Rd1dXg=
+github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240509075551-d135b50ad60c/go.mod h1:r7o5I22EvO+fps2u10bz4ZUlTlNHopQSWzVcW19hK3U=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=

vendor/modules.txt

@@ -42,10 +42,10 @@ github.com/apparentlymart/go-textseg/v13/textseg
 # github.com/davecgh/go-spew v1.1.1
 ## explicit
 github.com/davecgh/go-spew/spew
-# github.com/f5devcentral/go-bigip v0.0.0-20240214135103-fd95be9ae1fb
+# github.com/f5devcentral/go-bigip v0.0.0-20240509075551-d135b50ad60c
 ## explicit; go 1.20
 github.com/f5devcentral/go-bigip
-# github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240214135103-fd95be9ae1fb
+# github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240509075551-d135b50ad60c
 ## explicit; go 1.13
 github.com/f5devcentral/go-bigip/f5teem
 # github.com/fatih/color v1.13.0