F5Networks · RavinderReddyF5 · Nov 20, 2023 · Nov 10, 2023
diff --git a/bigip/resource_bigip_ltm_cipher_group.go b/bigip/resource_bigip_ltm_cipher_group.go
@@ -41,23 +41,20 @@ func resourceBigipLtmCipherGroup() *schema.Resource {
 				Description: "Specifies descriptive text that identifies the cipher rule",
 			},
 			"ordering": {
-				Type:     schema.TypeString,
-				Optional: true,
-				Computed: true,
-				//Default:     "default",
+				Type:        schema.TypeString,
+				Optional:    true,
+				Default:     "default",
 				Description: "Controls the order of the Cipher String list in the Cipher Audit section. Options are Default, Speed, Strength, FIPS, and Hardware. The rules are processed in the order listed",
 			},
 			"allow": {
 				Type:        schema.TypeSet,
 				Optional:    true,
-				Computed:    true,
 				Elem:        &schema.Schema{Type: schema.TypeString},
 				Description: "Specifies the configuration of the allowed groups of ciphers. You can select a cipher rule from the Available Cipher Rules list",
 			},
 			"require": {
 				Type:        schema.TypeSet,
 				Optional:    true,
-				Computed:    true,
 				Elem:        &schema.Schema{Type: schema.TypeString},
 				Description: "Specifies the configuration of the restrict groups of ciphers. You can select a cipher rule from the Available Cipher Rules list",
 			},
@@ -156,11 +153,6 @@ func resourceBigipLtmCipherGroupUpdate(ctx context.Context, d *schema.ResourceDa
 		return diag.FromErr(fmt.Errorf("error modifying cipher group %s: %v", name, err))
 	}
 
-	//
-	// if err := client.ModifyLtmCipherGroup(name, cipherGroupconfig); err != nil {
-	//	return diag.FromErr(fmt.Errorf("error modifying cipher group %s: %v", name, err))
-	// }
-
 	return resourceBigipLtmCipherGroupRead(ctx, d, meta)
 }
 

diff --git a/bigip/resource_bigip_ltm_cipher_group_test.go b/bigip/resource_bigip_ltm_cipher_group_test.go
@@ -43,6 +43,54 @@ func TestAccBigipLtmCipherGroupCreateTC1(t *testing.T) {
 	})
 }
 
+func TestAccBigipLtmCipherGroupRemoveRequire(t *testing.T) {
+	cipherGrpCfg := `
+resource "bigip_ltm_cipher_group" "test-cipher-group" {
+  name     = "/Common/testciphergrp"
+  allow    = ["/Common/f5-aes"]
+  %s
+}
+`
+	requireAndOrdering := `
+  require  = ["/Common/f5-quic"]
+  ordering = "speed"
+`
+
+	c1 := fmt.Sprintf(cipherGrpCfg, requireAndOrdering)
+	c2 := fmt.Sprintf(cipherGrpCfg, "")
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAcctPreCheck(t)
+		},
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: c1,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckCipherGroupExists("/Common/testciphergrp"),
+					resource.TestCheckResourceAttr("bigip_ltm_cipher_group.test-cipher-group", "name", "/Common/testciphergrp"),
+					resource.TestCheckResourceAttr("bigip_ltm_cipher_group.test-cipher-group", "allow.#", "1"),
+					resource.TestCheckResourceAttr("bigip_ltm_cipher_group.test-cipher-group", "require.#", "1"),
+					resource.TestCheckResourceAttr("bigip_ltm_cipher_group.test-cipher-group", "allow.0", "/Common/f5-aes"),
+					resource.TestCheckResourceAttr("bigip_ltm_cipher_group.test-cipher-group", "require.0", "/Common/f5-quic"),
+					resource.TestCheckResourceAttr("bigip_ltm_cipher_group.test-cipher-group", "ordering", "speed"),
+				),
+			},
+			{
+				Config: c2,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckCipherGroupExists("/Common/testciphergrp"),
+					resource.TestCheckResourceAttr("bigip_ltm_cipher_group.test-cipher-group", "name", "/Common/testciphergrp"),
+					resource.TestCheckResourceAttr("bigip_ltm_cipher_group.test-cipher-group", "allow.#", "1"),
+					resource.TestCheckResourceAttr("bigip_ltm_cipher_group.test-cipher-group", "require.#", "0"),
+					resource.TestCheckResourceAttr("bigip_ltm_cipher_group.test-cipher-group", "allow.0", "/Common/f5-aes"),
+					resource.TestCheckResourceAttr("bigip_ltm_cipher_group.test-cipher-group", "ordering", "default"),
+				),
+			},
+		},
+	})
+}
+
 func testCheckCipherGroupExists(name string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		client := testAccProvider.Meta().(*bigip.BigIP)
@@ -52,7 +100,7 @@ func testCheckCipherGroupExists(name string) resource.TestCheckFunc {
 			return err
 		}
 		if p == nil {
-			return fmt.Errorf("Pool %s does not exist ", name)
+			return fmt.Errorf("cipher group %s does not exist ", name)
 		}
 
 		return nil
@@ -66,11 +114,11 @@ func testCheckCipherGroupDestroyed(s *terraform.State) error {
 			continue
 		}
 		name := rs.Primary.ID
-		pool, err := client.GetLtmCipherGroup(name)
+		cipherGroup, err := client.GetLtmCipherGroup(name)
 		if err != nil {
 			return err
 		}
-		if pool != nil {
+		if cipherGroup != nil {
 			return fmt.Errorf("Cipher rule %s not destroyed ", name)
 		}
 	}

diff --git a/docs/resources/bigip_ltm_cipher_group.md b/docs/resources/bigip_ltm_cipher_group.md
@@ -3,11 +3,10 @@ layout: "bigip"
 page_title: "BIG-IP: bigip_ltm_cipher_group"
 subcategory: "Local Traffic Manager(LTM)"
 description: |-
-Provides details about bigip_ltm_cipher_group resource
+  Provides details about bigip_ltm_cipher_group resource
 ---
 
 # bigip\_ltm\_cipher\_group
-
 `bigip_ltm_cipher_group` Manages F5 BIG-IP LTM cipher group using iControl REST.
 
 ## Example Usage
@@ -25,11 +24,11 @@ resource "bigip_ltm_cipher_group" "test-cipher-group" {
 
 * `name` - (Required,type `string`) Name of the Cipher group. Name should be in pattern `partition` + `cipher_group_name`
 
-* `allow` - (Optional,type `list` of `strings` ) Specifies the configuration of the allowed groups of ciphers. You can select a cipher rule from the Available Cipher Rules list.
+* `allow` - (Optional,type `list` of `strings` ) Specifies the configuration of the allowed groups of ciphers. You can select a cipher rule from the Available Cipher Rules list. To have no allowed ciphers, omit this attribute in the config or set it to an empty set like, `[]`.
 
-* `require` - (Optional,type `list` of `string`) Specifies the configuration of the restrict groups of ciphers. You can select a cipher rule from the Available Cipher Rules list.
+* `require` - (Optional,type `list` of `string`) Specifies the configuration of the restrict groups of ciphers. You can select a cipher rule from the Available Cipher Rules list. To have no restricted ciphers, omit this attribute in the config or set it to an empty set like, `[]`.
 
-* `ordering` - (Optional,type `string`) Controls the order of the Cipher String list in the Cipher Audit section. Options are Default, Speed, Strength, FIPS, and Hardware. The rules are processed in the order listed.
+* `ordering` - (Optional,type `string`) Controls the order of the Cipher String list in the Cipher Audit section. Options are Default, Speed, Strength, FIPS, and Hardware. The rules are processed in the order listed. The default is `default`.
 
 ## Importing
 An existing cipher group can be imported into this resource by supplying the cipher rule full path name ex : `/partition/name`