From 49cdddffdba8032f460824b3d4bd2a6997802aa3 Mon Sep 17 00:00:00 2001 From: Rohit Upadhyay Date: Tue, 29 Aug 2023 20:02:33 +0530 Subject: [PATCH 1/7] Added transaction to resource_bigip_ssl_key_cert --- bigip/resource_bigip_ssl_key_cert.go | 29 +++++++- bigip/resource_bigip_ssl_key_cert_test.go | 67 +++++++++++++++++++ .../github.com/f5devcentral/go-bigip/sys.go | 16 ++--- 3 files changed, 102 insertions(+), 10 deletions(-) diff --git a/bigip/resource_bigip_ssl_key_cert.go b/bigip/resource_bigip_ssl_key_cert.go index 51f35730d..282950647 100644 --- a/bigip/resource_bigip_ssl_key_cert.go +++ b/bigip/resource_bigip_ssl_key_cert.go @@ -97,6 +97,10 @@ func resourceBigipSSLKeyCertCreate(ctx context.Context, d *schema.ResourceData, Passphrase: passphrase, } + t, err := client.StartTransaction() + if err != nil { + return diag.FromErr(fmt.Errorf("error while starting transaction: %v", err)) + } err = client.AddKey(&keyCfg) if err != nil { return diag.FromErr(fmt.Errorf("error while adding the ssl key: %v", err)) @@ -105,6 +109,10 @@ func resourceBigipSSLKeyCertCreate(ctx context.Context, d *schema.ResourceData, if err != nil { return diag.FromErr(fmt.Errorf("error while uploading the ssl cert: %v", err)) } + err = client.CommitTransaction(t.TransID) + if err != nil { + return diag.FromErr(fmt.Errorf("error while ending transaction: %d", err)) + } id := keyName + "_" + certName d.SetId(id) @@ -166,6 +174,11 @@ func resourceBigipSSLKeyCertUpdate(ctx context.Context, d *schema.ResourceData, } keyFullPath := fmt.Sprintf("/%s/%s", partition, keyName) + + t, err := client.StartTransaction() + if err != nil { + return diag.FromErr(fmt.Errorf("error while trying to start transaction: %s", err)) + } err = client.ModifyKey(keyFullPath, &keyCfg) if err != nil { return diag.FromErr(fmt.Errorf("error while trying to modify the ssl key (%s): %s", keyFullPath, err)) @@ -175,6 +188,10 @@ func resourceBigipSSLKeyCertUpdate(ctx context.Context, d *schema.ResourceData, if err != nil { return diag.FromErr(fmt.Errorf("error while updating the ssl certificate (%s): %s", certName, err)) } + err = client.CommitTransaction(t.TransID) + if err != nil { + return diag.FromErr(fmt.Errorf("error while trying to end transaction: %s", err)) + } return resourceBigipSSLKeyCertRead(ctx, d, meta) } @@ -191,7 +208,12 @@ func resourceBigipSSLKeyCertDelete(ctx context.Context, d *schema.ResourceData, keyFullPath := "/" + partition + "/" + keyName certFullPath := "/" + partition + "/" + certName - err := client.DeleteKey(keyFullPath) + t, err := client.StartTransaction() + if err != nil { + return diag.FromErr(fmt.Errorf("error while starting transaction: %v", err)) + } + + err = client.DeleteKey(keyFullPath) if err != nil { log.Printf("[ERROR] unable to delete the ssl key (%s) (%v) ", keyFullPath, err) } @@ -201,6 +223,11 @@ func resourceBigipSSLKeyCertDelete(ctx context.Context, d *schema.ResourceData, log.Printf("[ERROR] unable to delete the ssl certificate (%s) (%v) ", certFullPath, err) } + err = client.CommitTransaction(t.TransID) + if err != nil { + return diag.FromErr(fmt.Errorf("error while ending transaction: %v", err)) + } + d.SetId("") return nil } diff --git a/bigip/resource_bigip_ssl_key_cert_test.go b/bigip/resource_bigip_ssl_key_cert_test.go index 2b2a763b0..235811e3f 100644 --- a/bigip/resource_bigip_ssl_key_cert_test.go +++ b/bigip/resource_bigip_ssl_key_cert_test.go @@ -1,6 +1,9 @@ package bigip import ( + "fmt" + "log" + "os" "testing" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" @@ -16,6 +19,29 @@ resource "bigip_ssl_key_cert" "testkeycert" { } ` +var sslProfileCertKey = ` +resource "bigip_ssl_key_cert" "testkeycert" { + partition = "Common" + key_name = "ssl-test-key" + key_content = "${file("` + folder + `/../examples/%s")}" + cert_name = "ssl-test-cert" + cert_content = "${file("` + folder + `/../examples/%s")}" +} + +resource "bigip_ltm_profile_server_ssl" "test-ServerSsl" { + name = "/Common/test-ServerSsl" + defaults_from = "/Common/serverssl" + authenticate = "always" + ciphers = "DEFAULT" + cert = "/Common/ssl-test-cert" + key = "/Common/ssl-test-key" + + depends_on = [ + bigip_ssl_key_cert.testkeycert + ] +} +` + func TestAccBigipSSLCertKeyCreate(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { @@ -45,3 +71,44 @@ func TestAccBigipSSLCertKeyCreate(t *testing.T) { }, }) } + +func TestAccBigipSSLCertKeyCreateCertKeyProfile(t *testing.T) { + create := fmt.Sprintf(sslProfileCertKey, "serverkey.key", "servercert.crt") + modify := fmt.Sprintf(sslProfileCertKey, "serverkey2.key", "servercert2.crt") + crt1Content, _ := os.ReadFile(folder + `/../examples/` + "servercert.crt") + key1Content, _ := os.ReadFile(folder + `/../examples/` + "serverkey.key") + crt2Content, _ := os.ReadFile(folder + `/../examples/` + "servercert2.crt") + key2Content, _ := os.ReadFile(folder + `/../examples/` + "serverkey2.key") + + log.Println(create) + log.Println(modify) + resource.Test(t, resource.TestCase{ + PreCheck: func() { + testAcctPreCheck(t) + }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: create, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "key_name", "ssl-test-key"), + resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "cert_name", "ssl-test-cert"), + resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "partition", "Common"), + resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "key_content", string(key1Content)), + resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "cert_content", string(crt1Content)), + ), + Destroy: false, + }, + { + Config: modify, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "key_name", "ssl-test-key"), + resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "cert_name", "ssl-test-cert"), + resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "partition", "Common"), + resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "key_content", string(key2Content)), + resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "cert_content", string(crt2Content)), + ), + }, + }, + }) +} diff --git a/vendor/github.com/f5devcentral/go-bigip/sys.go b/vendor/github.com/f5devcentral/go-bigip/sys.go index 668b08647..b9bfc764f 100644 --- a/vendor/github.com/f5devcentral/go-bigip/sys.go +++ b/vendor/github.com/f5devcentral/go-bigip/sys.go @@ -15,6 +15,7 @@ import ( "fmt" "log" "os" + "strconv" //"strings" "time" @@ -809,20 +810,17 @@ func (b *BigIP) StartTransaction() (*Transaction, error) { return transaction, nil } -func (b *BigIP) EndTransaction(tId int64) error { +func (b *BigIP) CommitTransaction(tId int64) error { + b.Transaction = "" commitTransaction := map[string]interface{}{ - "state": "VALIDATING", - "validateOnly": false, - } - payload, err := json.Marshal(commitTransaction) - if err != nil { - return fmt.Errorf("unable create commit transaction payload: %s", err) + "state": "VALIDATING", } - err = b.patch(payload, uriMgmt, uriTm, uriTransaction, string(tId)) + log.Printf("[INFO] Commiting Transaction with TransactionID: %v", tId) + + err := b.patch(commitTransaction, uriMgmt, uriTm, uriTransaction, strconv.Itoa(int(tId))) if err != nil { return fmt.Errorf("%s", err) } - b.Transaction = "" return nil } From aeda7c96cd4668fd13a9e37837eedf9131ec17c3 Mon Sep 17 00:00:00 2001 From: Rohit Upadhyay Date: Tue, 12 Sep 2023 19:26:07 +0530 Subject: [PATCH 2/7] Added new resource to create ltm cipher rules --- bigip/provider.go | 1 + bigip/resource_bigip_ltm_cipher_rule.go | 163 ++++++++++++++++++ bigip/resource_bigip_ltm_cipher_rule_test.go | 37 ++++ docs/resources/bigip_ltm_cipher_rule.md | 44 +++++ .../github.com/f5devcentral/go-bigip/ltm.go | 40 +++++ 5 files changed, 285 insertions(+) create mode 100644 bigip/resource_bigip_ltm_cipher_rule.go create mode 100644 bigip/resource_bigip_ltm_cipher_rule_test.go create mode 100644 docs/resources/bigip_ltm_cipher_rule.md diff --git a/bigip/provider.go b/bigip/provider.go index 8e5f21ee5..25e33bdc3 100644 --- a/bigip/provider.go +++ b/bigip/provider.go @@ -111,6 +111,7 @@ func Provider() *schema.Provider { "bigip_net_route": resourceBigipNetRoute(), "bigip_net_selfip": resourceBigipNetSelfIP(), "bigip_net_vlan": resourceBigipNetVlan(), + "bigip_ltm_cipher_rule": resourceBigipLtmCipherRule(), "bigip_ltm_irule": resourceBigipLtmIRule(), "bigip_ltm_datagroup": resourceBigipLtmDataGroup(), "bigip_ltm_monitor": resourceBigipLtmMonitor(), diff --git a/bigip/resource_bigip_ltm_cipher_rule.go b/bigip/resource_bigip_ltm_cipher_rule.go new file mode 100644 index 000000000..7a72fab09 --- /dev/null +++ b/bigip/resource_bigip_ltm_cipher_rule.go @@ -0,0 +1,163 @@ +package bigip + +import ( + "context" + "fmt" + "log" + "os" + "strings" + + bigip "github.com/f5devcentral/go-bigip" + "github.com/f5devcentral/go-bigip/f5teem" + "github.com/google/uuid" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceBigipLtmCipherRule() *schema.Resource { + return &schema.Resource{ + CreateContext: resourceBigipLtmCipherRuleCreate, + ReadContext: resourceBigipLtmCipherRuleRead, + UpdateContext: resourceBigipLtmCipherRuleUpdate, + DeleteContext: resourceBigipLtmCipherRuleDelete, + Importer: &schema.ResourceImporter{ + StateContext: schema.ImportStatePassthroughContext, + }, + + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Description: "The cipher rule name.", + Required: true, + }, + "partition": { + Type: schema.TypeString, + Description: "The partition name.", + Optional: true, + Default: "Common", + }, + "cipher_suites": { + Type: schema.TypeString, + Description: "The cipher suites.", + Default: "DEFAULT", + Optional: true, + }, + "dh_groups": { + Type: schema.TypeString, + Description: "The DH groups.", + Optional: true, + }, + "signature_algorithms": { + Type: schema.TypeString, + Description: "The signature algorithms.", + Optional: true, + }, + "full_path": { + Type: schema.TypeString, + Description: "The full path of the cipher rule.", + Computed: true, + }, + }, + } +} + +func resourceBigipLtmCipherRuleCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + client := meta.(*bigip.BigIP) + name := d.Get("name").(string) + partition := d.Get("partition").(string) + log.Println("[INFO] Creating Cipher Rule: ", name, " in partition: ", partition) + cipherRule := &bigip.CipherRule{ + Name: name, + Partition: partition, + Cipher: d.Get("cipher_suites").(string), + DHGroups: d.Get("dh_groups").(string), + SignatureAlgorithms: d.Get("signature_algorithms").(string), + } + err := client.CreateCipherRule(cipherRule) + if err != nil { + return diag.FromErr(err) + } + fullPath := fmt.Sprintf("/%s/%s", partition, name) + d.SetId(fullPath) + if !client.Teem { + id := uuid.New() + uniqueID := id.String() + assetInfo := f5teem.AssetInfo{ + Name: "Terraform-provider-bigip", + Version: client.UserAgent, + Id: uniqueID, + } + apiKey := os.Getenv("TEEM_API_KEY") + teemDevice := f5teem.AnonymousClient(assetInfo, apiKey) + f := map[string]interface{}{ + "Terraform Version": client.UserAgent, + } + tsVer := strings.Split(client.UserAgent, "/") + err = teemDevice.Report(f, "bigip_ltm_pool", tsVer[3]) + if err != nil { + log.Printf("[ERROR]Sending Telemetry data failed:%v", err) + } + } + return resourceBigipLtmCipherRuleRead(ctx, d, meta) +} + +func resourceBigipLtmCipherRuleRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + client := meta.(*bigip.BigIP) + + id := d.Id() + id = strings.Replace(id, "/", "", 1) + name_partition := strings.Split(id, "/") + name := name_partition[1] + partition := name_partition[0] + + log.Printf("----------------name_partition: %v------------------", name_partition) + + log.Println("[INFO] Reading Cipher Rule: ", name) + cipherRule, err := client.GetCipherRule(name, partition) + if err != nil { + return diag.FromErr(err) + } + if cipherRule == nil { + return diag.FromErr(fmt.Errorf("cipher Rule not found")) + } + fullPath := fmt.Sprintf("/%s/%s", partition, name) + _ = d.Set("name", cipherRule.Name) + _ = d.Set("partition", cipherRule.Partition) + _ = d.Set("cipher_suites", cipherRule.Cipher) + _ = d.Set("dh_groups", cipherRule.DHGroups) + _ = d.Set("signature_algorithms", cipherRule.SignatureAlgorithms) + _ = d.Set("full_path", fullPath) + return nil +} + +func resourceBigipLtmCipherRuleUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + client := meta.(*bigip.BigIP) + name := d.Get("name").(string) + partition := d.Get("partition").(string) + log.Println("[INFO] Updating Cipher Rule: ", name, " in partition: ", partition) + cipherRule := &bigip.CipherRule{ + Name: name, + Partition: partition, + Cipher: d.Get("cipher_suites").(string), + DHGroups: d.Get("dh_groups").(string), + SignatureAlgorithms: d.Get("signature_algorithms").(string), + } + err := client.ModifyCipherRule(cipherRule) + if err != nil { + return diag.FromErr(err) + } + return resourceBigipLtmCipherRuleRead(ctx, d, meta) +} + +func resourceBigipLtmCipherRuleDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + client := meta.(*bigip.BigIP) + name := d.Get("name").(string) + partition := d.Get("partition").(string) + log.Println("[INFO] Deleting Cipher Rule: ", name, " in partition: ", partition) + err := client.DeleteCipherRule(name, partition) + if err != nil { + return diag.FromErr(err) + } + d.SetId("") + return nil +} diff --git a/bigip/resource_bigip_ltm_cipher_rule_test.go b/bigip/resource_bigip_ltm_cipher_rule_test.go new file mode 100644 index 000000000..c2e9b28d9 --- /dev/null +++ b/bigip/resource_bigip_ltm_cipher_rule_test.go @@ -0,0 +1,37 @@ +package bigip + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +const testResourceCipherRule = ` +resource "bigip_ltm_cipher_rule" "testcipher" { + name = "testcipher" + partition = "Common" + cipher_suites = "fips" + dh_groups = "P256:P384:FFDHE2048:FFDHE3072:FFDHE4096" + signature_algorithms = "DEFAULT" +}` + +func TestAccCipherRule(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { + testAcctPreCheck(t) + }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testResourceCipherRule, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("bigip_ltm_cipher_rule.testcipher", "name", "testcipher"), + resource.TestCheckResourceAttr("bigip_ltm_cipher_rule.testcipher", "partition", "Common"), + resource.TestCheckResourceAttr("bigip_ltm_cipher_rule.testcipher", "cipher_suites", "fips"), + resource.TestCheckResourceAttr("bigip_ltm_cipher_rule.testcipher", "dh_groups", "P256:P384:FFDHE2048:FFDHE3072:FFDHE4096"), + resource.TestCheckResourceAttr("bigip_ltm_cipher_rule.testcipher", "signature_algorithms", "DEFAULT"), + ), + }, + }, + }) +} diff --git a/docs/resources/bigip_ltm_cipher_rule.md b/docs/resources/bigip_ltm_cipher_rule.md new file mode 100644 index 000000000..4b838fa60 --- /dev/null +++ b/docs/resources/bigip_ltm_cipher_rule.md @@ -0,0 +1,44 @@ +--- +layout: "bigip" +page_title: "BIG-IP: bigip_ltm_cipher_rule" +subcategory: "Local Traffic Manager(LTM)" +description: |- + Provides details about bigip_ltm_cipher_rule resource +--- + +# bigip\_ltm\_cipher\_rule + +`bigip_ltm_cipher_rule` Manages F5 BIG-IP LTM cipher rule via iControl REST API. + +## Example Usage + +```hcl +resource "bigip_ltm_cipher_rule" "test_cipher_rule" { + name = "test_cipher_rule" + partition = "Uncommon" + cipher_suites = "TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384" + dh_groups = "P256:P384:FFDHE2048:FFDHE3072:FFDHE4096" + signature_algorithms = "DEFAULT" +} +``` + +## Argument Reference + +* `name` - (Required,type `string`) Name of the Cipher Rule. + +* `partition` - (Optional,type `string`) The Partition in which the Cipher Rule will be created. + +* `cipher_suites` - (Required,type `string`) This is a colon (:) separated string of cipher suites. example, `TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384`. The default value for this attribute is `DEFAULT`. + +* `dh_groups` - (Optional,type `string`) Specifies the DH Groups algorithms, separated by colons (:). + +* `signature_algorithms` - (Optional,type `string`) Specifies the Signature Algorithms, separated by colons (:). + + +## Importing +An existing cipher rule can be imported into this resource by supplying the cipher rule's `full path` as `id`. +An example is below: +```sh +$ terraform import bigip_ltm_cipher_rule.test_cipher_rule /Common/test_cipher_rule + +``` diff --git a/vendor/github.com/f5devcentral/go-bigip/ltm.go b/vendor/github.com/f5devcentral/go-bigip/ltm.go index b0e626d57..8a664f0d1 100644 --- a/vendor/github.com/f5devcentral/go-bigip/ltm.go +++ b/vendor/github.com/f5devcentral/go-bigip/ltm.go @@ -1886,6 +1886,14 @@ type HttpCompressionProfile struct { VaryHeader string `json:"varyHeader,omitempty"` } +type CipherRule struct { + Name string `json:"name,omitempty"` + Partition string `json:"partition,omitempty"` + Cipher string `json:"cipher,omitempty"` + DHGroups string `json:"dhGroups,omitempty"` + SignatureAlgorithms string `json:"signatureAlgorithms,omitempty"` +} + const ( uriLtm = "ltm" uriNode = "node" @@ -1928,6 +1936,8 @@ const ( uriSSL = "ssl" uriUniversal = "universal" uriCreateDraft = "?options=create-draft" + uriCipher = "cipher" + uriRule = "rule" ) var cidr = map[string]string{ @@ -3918,3 +3928,33 @@ func (b *BigIP) DeleteHttpCompressionProfile(name string) error { func (b *BigIP) ModifyHttpCompressionProfile(name string, config *HttpCompressionProfile) error { return b.put(config, uriLtm, uriProfile, uriHttpcompress, name) } + +func (b *BigIP) CreateCipherRule(cipherRule *CipherRule) error { + return b.post(cipherRule, uriLtm, uriCipher, uriRule) +} + +func (b *BigIP) ModifyCipherRule(cipherRule *CipherRule) error { + modifyPath := fmt.Sprintf("~%s~%s", cipherRule.Partition, cipherRule.Name) + return b.patch(cipherRule, uriLtm, uriCipher, uriRule, modifyPath) +} + +func (b *BigIP) DeleteCipherRule(name, partition string) error { + deletePath := fmt.Sprintf("~%s~%s", partition, name) + return b.delete(uriLtm, uriCipher, uriRule, deletePath) +} + +func (b *BigIP) GetCipherRule(name, partition string) (*CipherRule, error) { + cipherRule := &CipherRule{} + fullPath := fmt.Sprintf("~%s~%s", partition, name) + log.Printf("-------------------fullPath: %s--------------------", fullPath) + err, ok := b.getForEntity(&cipherRule, uriLtm, uriCipher, uriRule, fullPath) + if err != nil { + return nil, err + } + + if !ok { + return nil, nil + } + + return cipherRule, nil +} From cb795bfb1c8d51721e567789cea1fb171aefad68 Mon Sep 17 00:00:00 2001 From: Rohit Upadhyay Date: Wed, 13 Sep 2023 11:33:55 +0530 Subject: [PATCH 3/7] fixed terrafmt lint issues --- docs/resources/bigip_ltm_cipher_rule.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/resources/bigip_ltm_cipher_rule.md b/docs/resources/bigip_ltm_cipher_rule.md index 4b838fa60..97f8d4d40 100644 --- a/docs/resources/bigip_ltm_cipher_rule.md +++ b/docs/resources/bigip_ltm_cipher_rule.md @@ -14,10 +14,10 @@ description: |- ```hcl resource "bigip_ltm_cipher_rule" "test_cipher_rule" { - name = "test_cipher_rule" - partition = "Uncommon" - cipher_suites = "TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384" - dh_groups = "P256:P384:FFDHE2048:FFDHE3072:FFDHE4096" + name = "test_cipher_rule" + partition = "Uncommon" + cipher_suites = "TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384" + dh_groups = "P256:P384:FFDHE2048:FFDHE3072:FFDHE4096" signature_algorithms = "DEFAULT" } ``` From f3072b8abfdc38072f7b24896eb4db38d489de6f Mon Sep 17 00:00:00 2001 From: Rohit Upadhyay Date: Wed, 13 Sep 2023 12:21:22 +0530 Subject: [PATCH 4/7] fixed typo --- bigip/resource_bigip_ltm_cipher_rule.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bigip/resource_bigip_ltm_cipher_rule.go b/bigip/resource_bigip_ltm_cipher_rule.go index 7a72fab09..43d330d67 100644 --- a/bigip/resource_bigip_ltm_cipher_rule.go +++ b/bigip/resource_bigip_ltm_cipher_rule.go @@ -93,7 +93,7 @@ func resourceBigipLtmCipherRuleCreate(ctx context.Context, d *schema.ResourceDat "Terraform Version": client.UserAgent, } tsVer := strings.Split(client.UserAgent, "/") - err = teemDevice.Report(f, "bigip_ltm_pool", tsVer[3]) + err = teemDevice.Report(f, "bigip_ltm_cipher_rule", tsVer[3]) if err != nil { log.Printf("[ERROR]Sending Telemetry data failed:%v", err) } From b96694ba99f0ed1c4f50eca25e537a90dfaec3ea Mon Sep 17 00:00:00 2001 From: Rohit Upadhyay Date: Wed, 13 Sep 2023 16:15:19 +0530 Subject: [PATCH 5/7] Documentation correction --- bigip/resource_bigip_ltm_policy.go | 1 + bigip/resource_bigip_ltm_virtual_server.go | 9 +++++---- docs/resources/bigip_ltm_cipher_rule.md | 3 +++ docs/resources/bigip_ltm_policy.md | 2 +- docs/resources/bigip_ltm_virtual_server.md | 2 ++ 5 files changed, 12 insertions(+), 5 deletions(-) diff --git a/bigip/resource_bigip_ltm_policy.go b/bigip/resource_bigip_ltm_policy.go index 99e34459c..fe5cd0162 100644 --- a/bigip/resource_bigip_ltm_policy.go +++ b/bigip/resource_bigip_ltm_policy.go @@ -56,6 +56,7 @@ func resourceBigipLtmPolicy() *schema.Resource { Optional: true, Description: "Publish the Policy", ForceNew: true, + Deprecated: "This attribute is not required anymore because the resource automatically publishes the policy, for that reason this field is deprecated and will be removed in a future release.", }, "controls": { Type: schema.TypeSet, diff --git a/bigip/resource_bigip_ltm_virtual_server.go b/bigip/resource_bigip_ltm_virtual_server.go index 190af2ee2..26e43550d 100644 --- a/bigip/resource_bigip_ltm_virtual_server.go +++ b/bigip/resource_bigip_ltm_virtual_server.go @@ -211,10 +211,11 @@ func resourceBigipLtmVirtualServer() *schema.Resource { Description: "Specifies a network protocol name you want the system to use to direct traffic on this virtual server. The default is TCP. The Protocol setting is not available when you select Performance (HTTP) as the Type.", }, "policies": { - Type: schema.TypeSet, - Elem: &schema.Schema{Type: schema.TypeString}, - Set: schema.HashString, - Optional: true, + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Set: schema.HashString, + Optional: true, + Description: "Specifies the policies for the virtual server", }, "vlans": { Type: schema.TypeSet, diff --git a/docs/resources/bigip_ltm_cipher_rule.md b/docs/resources/bigip_ltm_cipher_rule.md index 97f8d4d40..d400f52e5 100644 --- a/docs/resources/bigip_ltm_cipher_rule.md +++ b/docs/resources/bigip_ltm_cipher_rule.md @@ -34,6 +34,9 @@ resource "bigip_ltm_cipher_rule" "test_cipher_rule" { * `signature_algorithms` - (Optional,type `string`) Specifies the Signature Algorithms, separated by colons (:). +## Read-Only + +* `full_path` - (String) The full path of the cipher rule, e.g. /Common/test_cipher_rule. ## Importing An existing cipher rule can be imported into this resource by supplying the cipher rule's `full path` as `id`. diff --git a/docs/resources/bigip_ltm_policy.md b/docs/resources/bigip_ltm_policy.md index 633466cc0..de22e7b50 100644 --- a/docs/resources/bigip_ltm_policy.md +++ b/docs/resources/bigip_ltm_policy.md @@ -37,7 +37,7 @@ resource "bigip_ltm_policy" "test-policy" { } depends_on = [bigip_ltm_pool.mypool] } -``` +``` ## Argument Reference diff --git a/docs/resources/bigip_ltm_virtual_server.md b/docs/resources/bigip_ltm_virtual_server.md index 04ffb2bae..9acb46fd7 100644 --- a/docs/resources/bigip_ltm_virtual_server.md +++ b/docs/resources/bigip_ltm_virtual_server.md @@ -90,6 +90,8 @@ resource "bigip_ltm_virtual_server" "https" { * `vlans` - (Optional) The virtual server is enabled/disabled on this set of VLANs,enable/disabled will be desided by attribute `vlan_enabled` +* `policies` - (Optional) Specifies the policies for the virtual server. + * `vlans_enabled` - (Optional Bool) Enables the virtual server on the VLANs specified by the `vlans` option. By default it is `false` i.e vlanDisabled on specified vlans, if we want enable virtual server on VLANs specified by `vlans`, mark this attribute to `true`. From 826232c21a05cee50beacfa7a87009d54a5d4ff7 Mon Sep 17 00:00:00 2001 From: Rohit Upadhyay Date: Thu, 14 Sep 2023 11:43:43 +0530 Subject: [PATCH 6/7] Added deprection msg for published_policy in the docs --- docs/resources/bigip_ltm_policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/resources/bigip_ltm_policy.md b/docs/resources/bigip_ltm_policy.md index de22e7b50..e123af305 100644 --- a/docs/resources/bigip_ltm_policy.md +++ b/docs/resources/bigip_ltm_policy.md @@ -49,7 +49,7 @@ resource "bigip_ltm_policy" "test-policy" { * `requires` - (Optional) Specifies the protocol -* `published_copy` - (Optional) If you want to publish the policy else it will be deployed in Drafts mode. +* `published_copy` - (Deprecated) If you want to publish the policy else it will be deployed in Drafts mode. This attribute is deprecated and will be removed in a future release. * `controls` - (Optional) Specifies the controls From 9d0555839fc81ff3414399c00e0b3c814a53a19c Mon Sep 17 00:00:00 2001 From: Rohit Upadhyay Date: Thu, 14 Sep 2023 16:59:43 +0530 Subject: [PATCH 7/7] Added note in the docs for bigip_ltm_policy resource --- bigip/resource_bigip_ssl_key_cert.go | 2 +- docs/resources/bigip_ltm_policy.md | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/bigip/resource_bigip_ssl_key_cert.go b/bigip/resource_bigip_ssl_key_cert.go index 282950647..c25a4f481 100644 --- a/bigip/resource_bigip_ssl_key_cert.go +++ b/bigip/resource_bigip_ssl_key_cert.go @@ -7,7 +7,7 @@ import ( "log" "strings" - "github.com/f5devcentral/go-bigip" + bigip "github.com/f5devcentral/go-bigip" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/docs/resources/bigip_ltm_policy.md b/docs/resources/bigip_ltm_policy.md index e123af305..01923d8ab 100644 --- a/docs/resources/bigip_ltm_policy.md +++ b/docs/resources/bigip_ltm_policy.md @@ -41,6 +41,9 @@ resource "bigip_ltm_policy" "test-policy" { ## Argument Reference +> [!NOTE] +> The attribute `published_copy` is not required anymore as the resource automatically publishes the policy, hence it's deprecated and will be removed from future release. + * `name`- (Required) Name of the Policy ( policy name should be in full path which is combination of partition and policy name ) * `strategy` - (Optional) Specifies the match strategy