F5Networks · RavinderReddyF5 · Sep 29, 2023 · Sep 25, 2023 · Sep 28, 2023 · Sep 29, 2023
diff --git a/bigip/provider.go b/bigip/provider.go
@@ -111,7 +111,6 @@ func Provider() *schema.Provider {
 			"bigip_net_route":                       resourceBigipNetRoute(),
 			"bigip_net_selfip":                      resourceBigipNetSelfIP(),
 			"bigip_net_vlan":                        resourceBigipNetVlan(),
-			"bigip_ltm_cipher_rule":                 resourceBigipLtmCipherRule(),
 			"bigip_ltm_irule":                       resourceBigipLtmIRule(),
 			"bigip_ltm_datagroup":                   resourceBigipLtmDataGroup(),
 			"bigip_ltm_monitor":                     resourceBigipLtmMonitor(),
@@ -166,6 +165,8 @@ func Provider() *schema.Provider {
 			"bigip_ipsec_profile":                   resourceBigipIpsecProfile(),
 			"bigip_waf_policy":                      resourceBigipAwafPolicy(),
 			"bigip_vcmp_guest":                      resourceBigipVcmpGuest(),
+			"bigip_ltm_cipher_rule":                 resourceBigipLtmCipherRule(),
+			"bigip_ltm_cipher_group":                resourceBigipLtmCipherGroup(),
 		},
 	}
 	p.ConfigureContextFunc = func(ctx context.Context, d *schema.ResourceData) (interface{}, diag.Diagnostics) {

diff --git a/bigip/resource_bigip_awaf_policy.go b/bigip/resource_bigip_awaf_policy.go
@@ -540,7 +540,7 @@ func getpolicyConfig(d *schema.ResourceData) (string, error) {
 		fullPath = fmt.Sprintf("/%s/%s", partition, name)
 	}
 	var appLang1 string
-	appLang1 = "auto-detect"
+	appLang1 = "utf-8"
 	if val, ok := d.GetOk("application_language"); ok {
 		appLang1 = val.(string)
 	}

diff --git a/bigip/resource_bigip_ltm_cipher_group.go b/bigip/resource_bigip_ltm_cipher_group.go
@@ -0,0 +1,161 @@
+// Copyright 2023 F5 Networks Inc.
+// This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
+// If a copy of the MPL was not distributed with this file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package bigip
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"os"
+	"strings"
+
+	bigip "github.com/f5devcentral/go-bigip"
+	"github.com/f5devcentral/go-bigip/f5teem"
+	"github.com/google/uuid"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func resourceBigipLtmCipherGroup() *schema.Resource {
+	return &schema.Resource{
+		CreateContext: resourceBigipLtmCipherGroupCreate,
+		ReadContext:   resourceBigipLtmCipherGroupRead,
+		UpdateContext: resourceBigipLtmCipherGroupUpdate,
+		DeleteContext: resourceBigipLtmCipherGroupDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				Description:  "Name of the cipher group,name should be in pattern ``partition` + `cipher group name``",
+				ForceNew:     true,
+				ValidateFunc: validateF5Name,
+			},
+			"description": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Specifies descriptive text that identifies the cipher rule",
+			},
+			"ordering": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				//Default:     "default",
+				Description: "Controls the order of the Cipher String list in the Cipher Audit section. Options are Default, Speed, Strength, FIPS, and Hardware. The rules are processed in the order listed",
+			},
+			"allow": {
+				Type:        schema.TypeSet,
+				Optional:    true,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Description: "Specifies the configuration of the allowed groups of ciphers. You can select a cipher rule from the Available Cipher Rules list",
+			},
+			"require": {
+				Type:        schema.TypeSet,
+				Optional:    true,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Description: "Specifies the configuration of the restrict groups of ciphers. You can select a cipher rule from the Available Cipher Rules list",
+			},
+		},
+	}
+}
+
+func resourceBigipLtmCipherGroupCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client := meta.(*bigip.BigIP)
+
+	name := d.Get("name").(string)
+
+	log.Printf("[INFO] Creating Cipher rule:%+v", name)
+
+	cipherGrouptmp := &bigip.CipherGroupReq{}
+	cipherGrouptmp.Name = name
+	cipherGroup := getCipherGroupConfig(d, cipherGrouptmp)
+
+	log.Printf("[INFO] cipherGroup config :%+v", cipherGroup)
+	err := client.AddLtmCipherGroup(cipherGroup)
+	if err != nil {
+		return diag.FromErr(fmt.Errorf("error creating cipher rule (%s): %s", name, err))
+	}
+	if !client.Teem {
+		id := uuid.New()
+		uniqueID := id.String()
+		assetInfo := f5teem.AssetInfo{
+			Name:    "Terraform-provider-bigip",
+			Version: client.UserAgent,
+			Id:      uniqueID,
+		}
+		apiKey := os.Getenv("TEEM_API_KEY")
+		teemDevice := f5teem.AnonymousClient(assetInfo, apiKey)
+		f := map[string]interface{}{
+			"Terraform Version": client.UserAgent,
+		}
+		tsVer := strings.Split(client.UserAgent, "/")
+		err = teemDevice.Report(f, "bigip_ltm_cipher_group", tsVer[3])
+		if err != nil {
+			log.Printf("[ERROR]Sending Telemetry data failed:%v", err)
+		}
+	}
+	d.SetId(name)
+	return resourceBigipLtmCipherGroupRead(ctx, d, meta)
+}
+
+func resourceBigipLtmCipherGroupRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client := meta.(*bigip.BigIP)
+	name := d.Id()
+	log.Printf("[INFO] Fetching Cipher group :%+v", name)
+	cipherGroup, err := client.GetLtmCipherGroup(name)
+	if err != nil {
+		log.Printf("[ERROR] Unable to retrieve cipher group %s  %v :", name, err)
+		return diag.FromErr(err)
+	}
+	_ = d.Set("name", cipherGroup.FullPath)
+	_ = d.Set("ordering", cipherGroup.Ordering)
+	log.Printf("[INFO] Cipher group response :%+v", cipherGroup)
+	return nil
+}
+
+func resourceBigipLtmCipherGroupUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client := meta.(*bigip.BigIP)
+	name := d.Id()
+	cipherGrouptmp := &bigip.CipherGroupReq{}
+	cipherGrouptmp.Name = name
+	cipherGroupconfig := getCipherGroupConfig(d, cipherGrouptmp)
+	if err := client.ModifyLtmCipherGroup(name, cipherGroupconfig); err != nil {
+		return diag.FromErr(fmt.Errorf("error modifying cipher group %s: %v", name, err))
+	}
+
+	return resourceBigipLtmCipherGroupRead(ctx, d, meta)
+}
+
+func resourceBigipLtmCipherGroupDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client := meta.(*bigip.BigIP)
+
+	name := d.Id()
+	log.Printf("[INFO] Deleting cipher group :%+v", name)
+	err := client.DeleteLtmCipherGroup(name)
+
+	if err != nil {
+		log.Printf("[ERROR] Unable to Delete cipher rule %s  %v : ", name, err)
+		return diag.FromErr(err)
+	}
+	d.SetId("")
+	return nil
+}
+
+func getCipherGroupConfig(d *schema.ResourceData, cipherGroup *bigip.CipherGroupReq) *bigip.CipherGroupReq {
+	cipherGroup.Ordering = d.Get("ordering").(string)
+	if p, ok := d.GetOk("allow"); ok {
+		for _, r := range p.(*schema.Set).List() {
+			cipherGroup.Allow = append(cipherGroup.Allow, r.(string))
+		}
+	}
+	if p, ok := d.GetOk("require"); ok {
+		for _, r := range p.(*schema.Set).List() {
+			cipherGroup.Require = append(cipherGroup.Require, r.(string))
+		}
+	}
+	return cipherGroup
+}
diff --git a/bigip/resource_bigip_ltm_cipher_group_test.go b/bigip/resource_bigip_ltm_cipher_group_test.go
@@ -0,0 +1,78 @@
+/*
+Original work from https://github.com/DealerDotCom/terraform-provider-bigip
+Modifications Copyright 2019 F5 Networks Inc.
+This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
+If a copy of the MPL was not distributed with this file,You can obtain one at https://mozilla.org/MPL/2.0/.
+*/
+package bigip
+
+import (
+	"fmt"
+	"testing"
+
+	bigip "github.com/f5devcentral/go-bigip"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+)
+
+const testCipherGroupConfigTC1 = `
+resource "bigip_ltm_cipher_group" "test-cipher-group" {
+  name     = "/Common/test-cipher-group-01"
+  allow    = ["/Common/f5-aes"]
+  require  = ["/Common/f5-quic"]
+  ordering = "speed"
+}
+`
+
+func TestAccBigipLtmCipherGroupCreateTC1(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAcctPreCheck(t)
+		},
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckCipherGroupDestroyed,
+		Steps: []resource.TestStep{
+			{
+				Config: testCipherGroupConfigTC1,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckCipherGroupExists("/Common/test-cipher-group-01"),
+					resource.TestCheckResourceAttr("bigip_ltm_cipher_group.test-cipher-group", "name", "/Common/test-cipher-group-01"),
+				),
+			},
+		},
+	})
+}
+
+func testCheckCipherGroupExists(name string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		client := testAccProvider.Meta().(*bigip.BigIP)
+
+		p, err := client.GetLtmCipherGroup(name)
+		if err != nil {
+			return err
+		}
+		if p == nil {
+			return fmt.Errorf("Pool %s does not exist ", name)
+		}
+
+		return nil
+	}
+}
+
+func testCheckCipherGroupDestroyed(s *terraform.State) error {
+	client := testAccProvider.Meta().(*bigip.BigIP)
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "bigip_ltm_cipher_group" {
+			continue
+		}
+		name := rs.Primary.ID
+		pool, err := client.GetLtmCipherGroup(name)
+		if err != nil {
+			return err
+		}
+		if pool != nil {
+			return fmt.Errorf("Cipher rule %s not destroyed ", name)
+		}
+	}
+	return nil
+}