adding cipher group/rules documentations

bigip/resource_bigip_ltm_cipher_group.go

@@ -7,10 +7,15 @@
 import (
 	"context"
 	"fmt"
+	"log"
+	"os"
+	"strings"
+
 	bigip "github.com/f5devcentral/go-bigip"
+	"github.com/f5devcentral/go-bigip/f5teem"
+	"github.com/google/uuid"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
-	"log"
 )
 
 func resourceBigipLtmCipherGroup() *schema.Resource {
@@ -26,7 +31,7 @@
 			"name": {
 				Type:         schema.TypeString,
 				Required:     true,
-				Description:  "Name of the cipher rule,name should be in pattern ``partition` + `cipher rule name``",
+				Description:  "Name of the cipher group,name should be in pattern ``partition` + `cipher group name``",
 				ForceNew:     true,
 				ValidateFunc: validateF5Name,
 			},
@@ -36,22 +41,24 @@
 				Description: "Specifies descriptive text that identifies the cipher rule",
 			},
 			"ordering": {
-				Type:        schema.TypeString,
-				Optional:    true,
-				Description: "Specifies one or more Cipher Suites used.Note: For SM2, type the following cipher suite string: ECC-SM4-SM3.",
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				//Default:     "default",
+				Description: "Controls the order of the Cipher String list in the Cipher Audit section. Options are Default, Speed, Strength, FIPS, and Hardware. The rules are processed in the order listed",
 			},
 			"allow": {
 				Type:        schema.TypeSet,
 				Optional:    true,
 				Elem:        &schema.Schema{Type: schema.TypeString},
-				Description: "Specifies the DH Groups Elliptic Curve Diffie-Hellman key exchange algorithms, separated by colons (:).Note: You can also type a special keyword, DEFAULT, which represents the recommended set of named groups",
+				Description: "Specifies the configuration of the allowed groups of ciphers. You can select a cipher rule from the Available Cipher Rules list",
 			},
 			"require": {
 				Type:        schema.TypeSet,
 				Optional:    true,
 				Elem:        &schema.Schema{Type: schema.TypeString},
-				Description: "Specifies the DH Groups Elliptic Curve Diffie-Hellman key exchange algorithms, separated by colons (:).Note: You can also type a special keyword, DEFAULT, which represents the recommended set of named groups",
-			},
+				Description: "Specifies the configuration of the restrict groups of ciphers. You can select a cipher rule from the Available Cipher Rules list",
+      },
 		},
 	}
 }
@@ -65,15 +72,32 @@
 
 	cipherGrouptmp := &bigip.CipherGroupReq{}
 	cipherGrouptmp.Name = name
-	cipherGroup, err := getCipherGroupConfig(d, cipherGrouptmp)
-	if err != nil {
-		return diag.FromErr(fmt.Errorf("reading input config failed(%s): %s", name, err))
-	}
+	cipherGroup := getCipherGroupConfig(d, cipherGrouptmp)
+
 	log.Printf("[INFO] cipherGroup config :%+v", cipherGroup)
-	err = client.AddLtmCipherGroup(cipherGroup)
+	err := client.AddLtmCipherGroup(cipherGroup)
 	if err != nil {
 		return diag.FromErr(fmt.Errorf("error creating cipher rule (%s): %s", name, err))
 	}
+	if !client.Teem {
+		id := uuid.New()
+		uniqueID := id.String()
+		assetInfo := f5teem.AssetInfo{
+			Name:    "Terraform-provider-bigip",
+			Version: client.UserAgent,
+			Id:      uniqueID,
+		}
+		apiKey := os.Getenv("TEEM_API_KEY")
+		teemDevice := f5teem.AnonymousClient(assetInfo, apiKey)
+		f := map[string]interface{}{
+			"Terraform Version": client.UserAgent,
+		}
+		tsVer := strings.Split(client.UserAgent, "/")
+		err = teemDevice.Report(f, "bigip_ltm_cipher_group", tsVer[3])
+		if err != nil {
+			log.Printf("[ERROR]Sending Telemetry data failed:%v", err)
+		}
+	}
 	d.SetId(name)
 	return resourceBigipLtmCipherGroupRead(ctx, d, meta)
 }
@@ -82,13 +106,14 @@
 	client := meta.(*bigip.BigIP)
 	name := d.Id()
 	log.Printf("[INFO] Fetching Cipher group :%+v", name)
-
-	cipherRule, err := client.GetLtmCipherGroup(name)
+	cipherGroup, err := client.GetLtmCipherGroup(name)
 	if err != nil {
-		log.Printf("[ERROR] Unable to retrieve cipher rule %s  %v :", name, err)
+		log.Printf("[ERROR] Unable to retrieve cipher group %s  %v :", name, err)
 		return diag.FromErr(err)
 	}
-	log.Printf("[INFO] Cipher rule response :%+v", cipherRule)
+	_ = d.Set("name", cipherGroup.FullPath)
+	_ = d.Set("ordering", cipherGroup.Ordering)
+	log.Printf("[INFO] Cipher group response :%+v", cipherGroup)
 	return nil
 }
 
@@ -97,10 +122,7 @@
 	name := d.Id()
 	cipherGrouptmp := &bigip.CipherGroupReq{}
 	cipherGrouptmp.Name = name
-	cipherGroupconfig, err := getCipherGroupConfig(d, cipherGrouptmp)
-	if err != nil {
-		return diag.FromErr(fmt.Errorf("reading input config failed(%s): %s", name, err))
-	}
+	cipherGroupconfig := getCipherGroupConfig(d, cipherGrouptmp)
 	if err := client.ModifyLtmCipherGroup(name, cipherGroupconfig); err != nil {
 		return diag.FromErr(fmt.Errorf("error modifying cipher group %s: %v", name, err))
 	}
@@ -123,7 +145,8 @@
 	return nil
 }
 
-func getCipherGroupConfig(d *schema.ResourceData, cipherGroup *bigip.CipherGroupReq) (*bigip.CipherGroupReq, error) {
+
+func getCipherGroupConfig(d *schema.ResourceData, cipherGroup *bigip.CipherGroupReq) *bigip.CipherGroupReq {
 	cipherGroup.Ordering = d.Get("ordering").(string)
 	if p, ok := d.GetOk("allow"); ok {
 		for _, r := range p.(*schema.Set).List() {
@@ -134,6 +157,6 @@
 		for _, r := range p.(*schema.Set).List() {
 			cipherGroup.Require = append(cipherGroup.Require, r.(string))
 		}
-	}
-	return cipherGroup, nil
+	}	
+  return cipherGroup
 }

bigip/resource_bigip_ltm_cipher_group_test.go

@@ -17,8 +17,10 @@ import (
 
 const testCipherGroupConfigTC1 = `
 resource "bigip_ltm_cipher_group" "test-cipher-group" {
-	name = "/Common/test-cipher-group-01"
-	//cipher = "aes"
+  name     = "/Common/test-cipher-group-01"
+  allow    = ["/Common/f5-aes"]
+  require  = ["/Common/f5-quic"]
+  ordering = "speed"
 }
 `
 

bigip/resource_bigip_ltm_cipher_rule.go

@@ -7,10 +7,15 @@
 import (
 	"context"
 	"fmt"
+	"log"
+	"os"
+	"strings"
+
 	bigip "github.com/f5devcentral/go-bigip"
+	"github.com/f5devcentral/go-bigip/f5teem"
+	"github.com/google/uuid"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
-	"log"
 )
 
 func resourceBigipLtmCipherRule() *schema.Resource {
@@ -37,7 +42,7 @@
 			},
 			"cipher": {
 				Type:        schema.TypeString,
-				Optional:    true,
+				Required:    true,
 				Description: "Specifies one or more Cipher Suites used.Note: For SM2, type the following cipher suite string: ECC-SM4-SM3.",
 			},
 			"dh_groups": {
@@ -56,37 +61,58 @@
 
 func resourceBigipLtmCipherRuleCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	client := meta.(*bigip.BigIP)
-
 	name := d.Get("name").(string)
 
 	log.Printf("[INFO] Creating Cipher rule:%+v", name)
 
 	cipherRuletmp := &bigip.CipherRuleReq{}
 	cipherRuletmp.Name = name
-	cipherRule, err := getCipherRuleConfig(d, cipherRuletmp)
-	if err != nil {
-		return diag.FromErr(fmt.Errorf("reading input config failed(%s): %s", name, err))
-	}
+
+	cipherRule := getCipherRuleConfig(d, cipherRuletmp)
+
 	log.Printf("[INFO] cipherRule config :%+v", cipherRule)
-	err = client.AddLtmCipherRule(cipherRule)
+	err := client.AddLtmCipherRule(cipherRule)
 	if err != nil {
 		return diag.FromErr(fmt.Errorf("error creating cipher rule (%s): %s", name, err))
 	}
 	d.SetId(name)
+	if !client.Teem {
+		id := uuid.New()
+		uniqueID := id.String()
+		assetInfo := f5teem.AssetInfo{
+			Name:    "Terraform-provider-bigip",
+			Version: client.UserAgent,
+			Id:      uniqueID,
+		}
+		apiKey := os.Getenv("TEEM_API_KEY")
+		teemDevice := f5teem.AnonymousClient(assetInfo, apiKey)
+		f := map[string]interface{}{
+			"Terraform Version": client.UserAgent,
+		}
+		tsVer := strings.Split(client.UserAgent, "/")
+		err = teemDevice.Report(f, "bigip_ltm_cipher_rule", tsVer[3])
+		if err != nil {
+			log.Printf("[ERROR]Sending Telemetry data failed:%v", err)
+		}
+	}
 	return resourceBigipLtmCipherRuleRead(ctx, d, meta)
 }
 
 func resourceBigipLtmCipherRuleRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	client := meta.(*bigip.BigIP)
 	name := d.Id()
 	log.Printf("[INFO] Fetching Cipher rule :%+v", name)
-
 	cipherRule, err := client.GetLtmCipherRule(name)
 	if err != nil {
 		log.Printf("[ERROR] Unable to retrieve cipher rule %s  %v :", name, err)
 		return diag.FromErr(err)
 	}
 	log.Printf("[INFO] Cipher rule response :%+v", cipherRule)
+	_ = d.Set("name", cipherRule.Name)
+	_ = d.Set("partition", cipherRule.Partition)
+	_ = d.Set("cipher_suites", cipherRule.Cipher)
+	_ = d.Set("dh_groups", cipherRule.DhGroups)
+	_ = d.Set("signature_algorithms", cipherRule.SignatureAlgorithms)
 	return nil
 }
 
@@ -95,24 +121,18 @@
 	name := d.Id()
 	cipherRuletmp := &bigip.CipherRuleReq{}
 	cipherRuletmp.Name = name
-	cipheRuleconfig, err := getCipherRuleConfig(d, cipherRuletmp)
-	if err != nil {
-		return diag.FromErr(fmt.Errorf("reading input config failed(%s): %s", name, err))
-	}
+	cipheRuleconfig := getCipherRuleConfig(d, cipherRuletmp)
 	if err := client.ModifyLtmCipherRule(name, cipheRuleconfig); err != nil {
 		return diag.FromErr(fmt.Errorf("error modifying cipher rule %s: %v", name, err))
-	}
-
+	}  
 	return resourceBigipLtmCipherRuleRead(ctx, d, meta)
 }
 
 func resourceBigipLtmCipherRuleDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	client := meta.(*bigip.BigIP)
-
 	name := d.Id()
 	log.Printf("[INFO] Deleting cipher rule :%+v", name)
 	err := client.DeleteLtmCipherRule(name)
-
 	if err != nil {
 		log.Printf("[ERROR] Unable to Delete cipher rule %s  %v : ", name, err)
 		return diag.FromErr(err)
@@ -121,10 +141,10 @@
 	return nil
 }
 
-func getCipherRuleConfig(d *schema.ResourceData, cipherRule *bigip.CipherRuleReq) (*bigip.CipherRuleReq, error) {
+func getCipherRuleConfig(d *schema.ResourceData, cipherRule *bigip.CipherRuleReq) *bigip.CipherRuleReq {
 	cipherRule.Cipher = d.Get("cipher").(string)
 	cipherRule.DhGroups = d.Get("dh_groups").(string)
 	cipherRule.SignatureAlgorithms = d.Get("signature_algorithms").(string)
 	cipherRule.Description = d.Get("description").(string)
-	return cipherRule, nil
+	return cipherRule
 }

bigip/resource_bigip_ltm_cipher_rule_test.go

@@ -1,9 +1,3 @@
-/*
-Original work from https://github.com/DealerDotCom/terraform-provider-bigip
-Modifications Copyright 2019 F5 Networks Inc.
-This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
-If a copy of the MPL was not distributed with this file,You can obtain one at https://mozilla.org/MPL/2.0/.
-*/
 package bigip
 
 import (
@@ -17,8 +11,8 @@ import (
 
 const testCipherRuleConfigTC1 = `
 resource "bigip_ltm_cipher_rule" "test-cipher-rule" {
-	name = "/Common/test-cipher-rule"
-	cipher = "aes"
+  name   = "/Common/test-cipher-rule"
+  cipher = "aes"
 }
 `
 

bigip/resource_bigip_ltm_policy.go

@@ -56,6 +56,7 @@ func resourceBigipLtmPolicy() *schema.Resource {
 				Optional:    true,
 				Description: "Publish the Policy",
 				ForceNew:    true,
+				Deprecated:  "This attribute is not required anymore because the resource automatically publishes the policy, for that reason this field is deprecated and will be removed in a future release.",
 			},
 			"controls": {
 				Type:     schema.TypeSet,

bigip/resource_bigip_ltm_virtual_server.go

@@ -211,10 +211,11 @@ func resourceBigipLtmVirtualServer() *schema.Resource {
 				Description: "Specifies a network protocol name you want the system to use to direct traffic on this virtual server. The default is TCP. The Protocol setting is not available when you select Performance (HTTP) as the Type.",
 			},
 			"policies": {
-				Type:     schema.TypeSet,
-				Elem:     &schema.Schema{Type: schema.TypeString},
-				Set:      schema.HashString,
-				Optional: true,
+				Type:        schema.TypeSet,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Set:         schema.HashString,
+				Optional:    true,
+				Description: "Specifies the policies for the virtual server",
 			},
 			"vlans": {
 				Type:     schema.TypeSet,

bigip/resource_bigip_ssl_key_cert.go

@@ -7,7 +7,7 @@ import (
 	"log"
 	"strings"
 
-	"github.com/f5devcentral/go-bigip"
+	bigip "github.com/f5devcentral/go-bigip"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )

docs/resources/bigip_ltm_cipher_group.md

@@ -0,0 +1,40 @@
+---
+layout: "bigip"
+page_title: "BIG-IP: bigip_ltm_cipher_rule"
+subcategory: "Local Traffic Manager(LTM)"
+description: |-
+Provides details about bigip_ltm_cipher_rule resource
+---
+
+# bigip\_ltm\_cipher\_group
+
+`bigip_ltm_cipher_group` Manages F5 BIG-IP LTM cipher group using iControl REST.
+
+## Example Usage
+
+```hcl
+resource "bigip_ltm_cipher_group" "test-cipher-group" {
+  name = "/Common/test-cipher-group-01"
+  allow = ["/Common/f5-aes"]
+  require = ["/Common/f5-quic"]
+  ordering = "speed"
+}
+```
+
+## Argument Reference
+
+* `name` - (Required,type `string`) Name of the Cipher group. Name should be in pattern `partition` + `cipher_group_name`
+
+* `allow` - (Optional,type `list` of `strings` ) Specifies the configuration of the allowed groups of ciphers. You can select a cipher rule from the Available Cipher Rules list.
+
+* `require` - (Optional,type `list` of `string`) Specifies the configuration of the restrict groups of ciphers. You can select a cipher rule from the Available Cipher Rules list.
+
+* `ordering` - (Optional,type `string`) Controls the order of the Cipher String list in the Cipher Audit section. Options are Default, Speed, Strength, FIPS, and Hardware. The rules are processed in the order listed.
+
+## Importing
+An existing cipher group can be imported into this resource by supplying the cipher rule full path name ex : `/partition/name`
+An example is below:
+```sh
+$ terraform import bigip_ltm_cipher_group.test_cipher_group /Common/test_cipher_group
+
+```