diff --git a/bigip/datasource_bigip_waf_entity_url.go b/bigip/datasource_bigip_waf_entity_url.go index be930fe3..27b8c71a 100644 --- a/bigip/datasource_bigip_waf_entity_url.go +++ b/bigip/datasource_bigip_waf_entity_url.go @@ -77,6 +77,35 @@ func dataSourceBigipWafEntityUrl() *schema.Resource { }, }, }, + "cross_origin_requests_enforcement": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "include_subdomains": { + Type: schema.TypeBool, + Optional: true, + Default: false, + Description: "Specifies whether the subdomains are allowed to receive data from the web application.", + }, + "origin_name": { + Type: schema.TypeString, + Required: true, + Description: "Specifies the name of the origin with which you want to share your data.", + }, + "origin_port": { + Type: schema.TypeString, + Required: true, + Description: "Specifies the port that other web applications are allowed to use to request data from your web application.", + }, + "origin_protocol": { + Type: schema.TypeString, + Required: true, + Description: "Specifies the protocol that other web applications are allowed to use to request data from your web application.", + }, + }, + }, + }, "signature_overrides_disable": { Type: schema.TypeList, Optional: true, @@ -131,6 +160,24 @@ func dataSourceBigipWafEntityUrlRead(ctx context.Context, d *schema.ResourceData urlJson.MethodsOverrideOnUrlCheck = true } + allowedOriginsCount := d.Get("cross_origin_requests_enforcement.#").(int) + if allowedOriginsCount > 0 { + urlJson.HTML5CrossOriginRequestsEnforcement.EnforcementMode = "enforce" + + allowedOrigins := make([]bigip.WafUrlAllowedOrigins, 0, allowedOriginsCount) + for i := 0; i < allowedOriginsCount; i++ { + var a bigip.WafUrlAllowedOrigins + prefix := fmt.Sprintf("cross_origin_requests_enforcement.%d", i) + a.IncludeSubdomains = d.Get(prefix + ".include_subdomains").(bool) + a.OriginName = d.Get(prefix + ".origin_name").(string) + a.OriginPort = d.Get(prefix + ".origin_port").(string) + a.OriginProtocol = d.Get(prefix + ".origin_protocol").(string) + allowedOrigins = append(allowedOrigins, a) + } + + urlJson.HTML5CrossOriginRequestsEnforcement.AllowerOrigins = allowedOrigins + } + jsonString, err := json.Marshal(urlJson) if err != nil { return diag.FromErr(err) diff --git a/bigip/resource_bigip_ltm_pool.go b/bigip/resource_bigip_ltm_pool.go index 5ba99cee..d3920f43 100644 --- a/bigip/resource_bigip_ltm_pool.go +++ b/bigip/resource_bigip_ltm_pool.go @@ -134,14 +134,14 @@ func resourceBigipLtmPoolRead(ctx context.Context, d *schema.ResourceData, meta _ = d.Set("name", name) log.Println("[INFO] Reading pool " + name) pool, err := client.GetPool(name) - if err != nil { - return diag.FromErr(err) - } - if pool == nil { + if err != nil && strings.Contains(err.Error(), "not found") { log.Printf("[WARN] Pool (%s) not found, removing from state", d.Id()) d.SetId("") return nil } + if err != nil { + return diag.FromErr(err) + } _ = d.Set("allow_nat", pool.AllowNAT) _ = d.Set("allow_snat", pool.AllowSNAT) _ = d.Set("load_balancing_mode", pool.LoadBalancingMode) diff --git a/bigip/resource_bigip_ltm_pool_test.go b/bigip/resource_bigip_ltm_pool_test.go index cfcd767d..2b259384 100644 --- a/bigip/resource_bigip_ltm_pool_test.go +++ b/bigip/resource_bigip_ltm_pool_test.go @@ -8,6 +8,7 @@ package bigip import ( "fmt" + "strings" "testing" bigip "github.com/f5devcentral/go-bigip" @@ -124,6 +125,9 @@ func testCheckPoolsDestroyed(s *terraform.State) error { name := rs.Primary.ID pool, err := client.GetPool(name) if err != nil { + if strings.Contains(err.Error(), "not found") { + return nil + } return err } if pool != nil { diff --git a/bigip/resource_bigip_ltm_profile_http.go b/bigip/resource_bigip_ltm_profile_http.go index b8372aa9..93dda640 100644 --- a/bigip/resource_bigip_ltm_profile_http.go +++ b/bigip/resource_bigip_ltm_profile_http.go @@ -76,7 +76,7 @@ func resourceBigipLtmProfileHttp() *schema.Resource { "encrypt_cookie_secret": { Type: schema.TypeString, Optional: true, - Description: "Specifies a passphrase for the cookie encryption", + Description: "Specifies a passphrase for the cookie encryption. Note: Since it's a sensitive entity idempotency will fail for it in the update call.", }, "fallback_host": { Type: schema.TypeString, diff --git a/bigip/resource_bigiq_as3.go b/bigip/resource_bigiq_as3.go index 4c5fddc5..e55baa92 100644 --- a/bigip/resource_bigiq_as3.go +++ b/bigip/resource_bigiq_as3.go @@ -23,6 +23,7 @@ import ( var p = 0 var q sync.Mutex +var unknownVariableValue = "74D93920-ED26-11E3-AC10-0800200C9A66" func resourceBigiqAs3() *schema.Resource { return &schema.Resource{ @@ -81,6 +82,15 @@ func resourceBigiqAs3() *schema.Resource { return json }, DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { + // when an attribute A uses reference to an attribute B from a different resource + // and B is the kind that is 'known after apply', the attribute is temporarily set to + // the value of unknownVariableValue as a placeholder. Not handling this case results + // in an error that reads like, 'Error: Provider produced inconsistent final plan'. + // More information about this can be found on a different github issue, here: + // https://github.com/hashicorp/terraform-provider-google/issues/12043 + if new == unknownVariableValue && old != new { + return false + } oldResp := []byte(old) newResp := []byte(new) oldJsonref := make(map[string]interface{}) diff --git a/docs/data-sources/bigip_waf_entity_url.md b/docs/data-sources/bigip_waf_entity_url.md index 5a8b2ad2..5d97e4ed 100644 --- a/docs/data-sources/bigip_waf_entity_url.md +++ b/docs/data-sources/bigip_waf_entity_url.md @@ -30,6 +30,18 @@ data "bigip_waf_entity_url" "WAFURL1" { allow = true method = "BDELETE" } + cross_origin_requests_enforcement { + include_subdomains = true + origin_name = "app1.com" + origin_port = "80" + origin_protocol = "http" + } + cross_origin_requests_enforcement { + include_subdomains = true + origin_name = "app2.com" + origin_port = "443" + origin_protocol = "http" + } } ``` @@ -46,6 +58,12 @@ data "bigip_waf_entity_url" "WAFURL1" { * `method_overrides` - (Optional) A list of methods that are allowed or disallowed for a specific URL. * `allow` - (Required) Specifies that the system allows or disallows a method for this URL * `method` - (Required) Specifies an HTTP method. +* `cross_origin_requests_enforcement` - (Optional) A list of options that enables your web-application to share data with a website hosted on a +different domain. + * `include_subdomains` - (Required) Determines whether the subdomains are allowed to receive data from the web application. + * `origin_name` - (Required) Specifies the name of the origin with which you want to share your data. + * `origin_port` - (Required) Specifies the port that other web applications are allowed to use to request data from your web application. + * `origin_protocol` - (Required) Specifies the protocol that other web applications are allowed to use to request data from your web application. ## Attributes Reference diff --git a/docs/resources/bigip_ltm_profile_http.md b/docs/resources/bigip_ltm_profile_http.md index 7fd25a4c..cf7cdbff 100644 --- a/docs/resources/bigip_ltm_profile_http.md +++ b/docs/resources/bigip_ltm_profile_http.md @@ -61,7 +61,7 @@ resource "bigip_ltm_profile_http" "sanjose-http" { * `encrypt_cookies` - (Optional) Type the cookie names for the system to encrypt. -* `encrypt_cookie_secret` - (Optional) Type a passphrase for cookie encryption. +* `encrypt_cookie_secret` - (Optional) Type a passphrase for cookie encryption. Note: Since it's a sensitive entity idempotency will fail for it in the update call. * `insert_xforwarded_for` - (Optional) Specifies, when enabled, that the system inserts an X-Forwarded-For header in an HTTP request with the client IP address, to use with connection pooling. The default is `Disabled`. diff --git a/go.mod b/go.mod index 3c4aac4f..fcbf62a5 100644 --- a/go.mod +++ b/go.mod @@ -10,8 +10,8 @@ require ( github.com/Azure/azure-storage-blob-go v0.13.0 github.com/Azure/go-autorest/autorest v0.11.18 github.com/Azure/go-autorest/autorest/adal v0.9.13 - github.com/f5devcentral/go-bigip v0.0.0-20240214135103-fd95be9ae1fb - github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240214135103-fd95be9ae1fb + github.com/f5devcentral/go-bigip v0.0.0-20240509075551-d135b50ad60c + github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240509075551-d135b50ad60c github.com/google/uuid v1.3.0 github.com/hashicorp/terraform-plugin-sdk/v2 v2.25.0 github.com/stretchr/testify v1.8.4 diff --git a/go.sum b/go.sum index 0b2b916b..e00d01d8 100644 --- a/go.sum +++ b/go.sum @@ -51,10 +51,10 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg= github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= -github.com/f5devcentral/go-bigip v0.0.0-20240214135103-fd95be9ae1fb h1:r2hm89TgbKAJQnViwet98Z7Hq1o5JE4TX/bbRG7489o= -github.com/f5devcentral/go-bigip v0.0.0-20240214135103-fd95be9ae1fb/go.mod h1:0Lkr0fBU6O1yBxF2mt9JFwXpaFbIb/wAY7oM3dMJDdA= -github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240214135103-fd95be9ae1fb h1:ZobhcJVa43SKFAhDUc3FQBnn5U+OXdAD7ur5lKbokIY= -github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240214135103-fd95be9ae1fb/go.mod h1:r7o5I22EvO+fps2u10bz4ZUlTlNHopQSWzVcW19hK3U= +github.com/f5devcentral/go-bigip v0.0.0-20240509075551-d135b50ad60c h1:EA9qSu00QzCKcilTj9UqKTMXIwKeLtPceoQzAudLHa8= +github.com/f5devcentral/go-bigip v0.0.0-20240509075551-d135b50ad60c/go.mod h1:0Lkr0fBU6O1yBxF2mt9JFwXpaFbIb/wAY7oM3dMJDdA= +github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240509075551-d135b50ad60c h1:SlUYdX9vu+sVOx3EaxNIi4mmPJ+60NtxV8Iu/Rd1dXg= +github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240509075551-d135b50ad60c/go.mod h1:r7o5I22EvO+fps2u10bz4ZUlTlNHopQSWzVcW19hK3U= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= diff --git a/vendor/github.com/f5devcentral/go-bigip/awaf.go b/vendor/github.com/f5devcentral/go-bigip/awaf.go index b5fd3bbc..40294b9c 100644 --- a/vendor/github.com/f5devcentral/go-bigip/awaf.go +++ b/vendor/github.com/f5devcentral/go-bigip/awaf.go @@ -85,6 +85,13 @@ type WafUrlJsons struct { WafUrlJsons []WafUrlJson `json:"items"` } +type WafUrlAllowedOrigins struct { + IncludeSubdomains bool `json:"includeSubDomains,omitempty"` + OriginPort string `json:"originPort,omitempty"` + OriginName string `json:"originName,omitempty"` + OriginProtocol string `json:"originProtocol,omitempty"` +} + type WafUrlJson struct { Name string `json:"name,omitempty"` Description string `json:"description,omitempty"` @@ -100,7 +107,8 @@ type WafUrlJson struct { ClickjackingProtection bool `json:"clickjackingProtection,omitempty"` DisallowFileUploadOfExecutables bool `json:"disallowFileUploadOfExecutables,omitempty"` HTML5CrossOriginRequestsEnforcement struct { - EnforcementMode string `json:"enforcementMode,omitempty"` + EnforcementMode string `json:"enforcementMode,omitempty"` + AllowerOrigins []WafUrlAllowedOrigins `json:"crossDomainAllowedOrigin,omitempty"` } `json:"html5CrossOriginRequestsEnforcement,omitempty"` MandatoryBody bool `json:"mandatoryBody,omitempty"` URLContentProfiles []struct { @@ -335,8 +343,8 @@ type Parameter struct { SensitiveParameter bool `json:"sensitiveParameter,omitempty"` SignatureOverrides []map[string]interface{} `json:"signatureOverrides,omitempty"` URL interface{} `json:"url,omitempty"` - MaximumLength int `json:"maximumLength,omitempty"` - MinimumLength int `json:"minimumLength,omitempty"` + MaximumLength int `json:"maximumLength,omitempty"` + MinimumLength int `json:"minimumLength,omitempty"` } func (b *BigIP) GetWafSignature(signatureid int) (*Signatures, error) { diff --git a/vendor/github.com/f5devcentral/go-bigip/bigiq.go b/vendor/github.com/f5devcentral/go-bigip/bigiq.go index 3247a614..c87bc6e0 100644 --- a/vendor/github.com/f5devcentral/go-bigip/bigiq.go +++ b/vendor/github.com/f5devcentral/go-bigip/bigiq.go @@ -463,6 +463,14 @@ func tenantTrimToDelete(resp string) (string, error) { jsonRef := make(map[string]interface{}) json.Unmarshal([]byte(resp), &jsonRef) + if jsonRef["declaration"].(map[string]interface{})["remark"] == nil { + delete(jsonRef["declaration"].(map[string]interface{}), "remark") + } + + if jsonRef["declaration"].(map[string]interface{})["label"] == nil { + delete(jsonRef["declaration"].(map[string]interface{}), "label") + } + for key, value := range jsonRef { if rec, ok := value.(map[string]interface{}); ok && key == "declaration" { for k, v := range rec { diff --git a/vendor/github.com/f5devcentral/go-bigip/sys.go b/vendor/github.com/f5devcentral/go-bigip/sys.go index 66288431..5e39b23d 100644 --- a/vendor/github.com/f5devcentral/go-bigip/sys.go +++ b/vendor/github.com/f5devcentral/go-bigip/sys.go @@ -831,6 +831,7 @@ func (b *BigIP) CreateTRAP(name string, authPasswordEncrypted string, authProtoc } func (b *BigIP) StartTransaction() (*Transaction, error) { + b.Transaction = "" body := make(map[string]interface{}) resp, err := b.postReq(body, uriMgmt, uriTm, uriTransaction) diff --git a/vendor/modules.txt b/vendor/modules.txt index 7f5c140a..cf1b7538 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -42,10 +42,10 @@ github.com/apparentlymart/go-textseg/v13/textseg # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/f5devcentral/go-bigip v0.0.0-20240214135103-fd95be9ae1fb +# github.com/f5devcentral/go-bigip v0.0.0-20240509075551-d135b50ad60c ## explicit; go 1.20 github.com/f5devcentral/go-bigip -# github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240214135103-fd95be9ae1fb +# github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240509075551-d135b50ad60c ## explicit; go 1.13 github.com/f5devcentral/go-bigip/f5teem # github.com/fatih/color v1.13.0