devel sync to master

bigip/datasource_bigip_ltm_datagroup.go

@@ -64,7 +64,7 @@ func dataSourceBigipLtmDataGroupRead(ctx context.Context, d *schema.ResourceData
 	log.Printf("[INFO] Retrieving Data Group List %s", name)
 	dataGroup, err := client.GetInternalDataGroup(name)
 	if err != nil {
-		return diag.FromErr(fmt.Errorf("Error retrieving Data Group List %s: %v ", name, err))
+		return diag.FromErr(fmt.Errorf("error retrieving Data Group List %s: %v ", name, err))
 	}
 	if dataGroup == nil {
 		log.Printf("[DEBUG] Data Group List %s not found, removing from state", name)
@@ -82,7 +82,7 @@ func dataSourceBigipLtmDataGroupRead(ctx context.Context, d *schema.ResourceData
 		records = append(records, dgRecord)
 	}
 	if err := d.Set("record", records); err != nil {
-		return diag.FromErr(fmt.Errorf("Error updating records in state for Data Group List %s: %v ", name, err))
+		return diag.FromErr(fmt.Errorf("error updating records in state for Data Group List %s: %v ", name, err))
 	}
 	d.SetId(dataGroup.FullPath)
 	return nil

bigip/provider.go

@@ -14,6 +14,7 @@ import (
 	"reflect"
 	"regexp"
 	"strings"
+	"time"
 
 	bigip "github.com/f5devcentral/go-bigip"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
@@ -85,6 +86,24 @@ func Provider() *schema.Provider {
 				Description: "Login reference for token authentication (see BIG-IP REST docs for details)",
 				DefaultFunc: schema.EnvDefaultFunc("BIGIP_LOGIN_REF", "tmos"),
 			},
+			"api_timeout": {
+				Type:        schema.TypeInt,
+				Optional:    true,
+				Description: "A timeout for AS3 requests, represented as a number of seconds. Default: 60",
+				DefaultFunc: schema.EnvDefaultFunc("API_TIMEOUT", 60),
+			},
+			"token_timeout": {
+				Type:        schema.TypeInt,
+				Optional:    true,
+				Description: "A lifespan to request for the AS3 auth token, represented as a number of seconds. Default: 1200",
+				DefaultFunc: schema.EnvDefaultFunc("TOKEN_TIMEOUT", 1200),
+			},
+			"api_retries": {
+				Type:        schema.TypeInt,
+				Optional:    true,
+				Description: "Amount of times to retry AS3 API requests. Default: 10.",
+				DefaultFunc: schema.EnvDefaultFunc("API_RETRIES", 10),
+			},
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"bigip_ltm_datagroup":                 dataSourceBigipLtmDataGroup(),
@@ -185,20 +204,27 @@ func Provider() *schema.Provider {
 }
 
 func providerConfigure(d *schema.ResourceData, terraformVersion string) (interface{}, diag.Diagnostics) {
+	configOptions := &bigip.ConfigOptions{
+		APICallTimeout: time.Duration(d.Get("api_timeout").(int)) * time.Second,
+		TokenTimeout:   time.Duration(d.Get("token_timeout").(int)) * time.Second,
+		APICallRetries: d.Get("api_retries").(int),
+	}
+
 	config := &bigip.Config{
 		Address:           d.Get("address").(string),
 		Port:              d.Get("port").(string),
 		Username:          d.Get("username").(string),
 		Password:          d.Get("password").(string),
 		Token:             d.Get("token_value").(string),
 		CertVerifyDisable: d.Get("validate_certs_disable").(bool),
+		ConfigOptions:     configOptions,
 	}
 	if d.Get("token_auth").(bool) {
 		config.LoginReference = d.Get("login_ref").(string)
 	}
 	if !d.Get("validate_certs_disable").(bool) {
 		if d.Get("trusted_cert_path").(string) == "" {
-			return nil, diag.FromErr(fmt.Errorf("Valid Trust Certificate path not provided using :%+v ", "trusted_cert_path"))
+			return nil, diag.FromErr(fmt.Errorf("valid Trust Certificate path not provided using :%+v ", "trusted_cert_path"))
 		}
 		config.TrustedCertificate = d.Get("trusted_cert_path").(string)
 	}

bigip/resource_bigip_as3.go

@@ -321,7 +321,7 @@ func resourceBigipAs3Update(ctx context.Context, d *schema.ResourceData, meta in
 	log.Printf("[DEBUG] successfulTenants :%+v", successfulTenants)
 	if err != nil {
 		if successfulTenants == "" {
-			return diag.FromErr(fmt.Errorf("Error updating json  %s: %v", tenantList, err))
+			return diag.FromErr(fmt.Errorf("error updating json  %s: %v", tenantList, err))
 		}
 		_ = d.Set("tenant_list", successfulTenants)
 		if len(successfulTenants) != len(tenantList) {

bigip/resource_bigip_ltm_profile_httpcompress_test.go

@@ -19,13 +19,13 @@ var TestHttpcompressName = fmt.Sprintf("/%s/test-httpcompress", TestPartition)
 
 var TestHttpcompressResource = `
 resource "bigip_ltm_profile_httpcompress" "test-httpcompress" {
-            name = "/Common/test-httpcompress"
-	    defaults_from = "/Common/httpcompression"
-            uri_exclude = ["f5.com"]
-            uri_include = ["cisco.com"]
-	    content_type_include = ["nicecontent.com"]
-	    content_type_exclude = ["nicecontentexclude.com"]
-        }
+	name                 = "/Common/test-httpcompress"
+	defaults_from        = "/Common/httpcompression"
+	uri_exclude          = ["f5.com"]
+	uri_include          = ["cisco.com"]
+	content_type_include = ["nicecontent.com"]
+	content_type_exclude = ["nicecontentexclude.com"]
+  }
 `
 
 func TestAccBigipLtmProfileHttpcompress_create(t *testing.T) {
@@ -39,7 +39,7 @@ func TestAccBigipLtmProfileHttpcompress_create(t *testing.T) {
 			{
 				Config: TestHttpcompressResource,
 				Check: resource.ComposeTestCheckFunc(
-					testCheckHttpcompressExists(TestHttpcompressName, true),
+					testCheckHttpcompressExists("/Common/test-httpcompress", true),
 					resource.TestCheckResourceAttr("bigip_ltm_profile_httpcompress.test-httpcompress", "name", "/Common/test-httpcompress"),
 					resource.TestCheckResourceAttr("bigip_ltm_profile_httpcompress.test-httpcompress", "defaults_from", "/Common/httpcompression"),
 					resource.TestCheckTypeSetElemAttr("bigip_ltm_profile_httpcompress.test-httpcompress", "uri_exclude.*", "f5.com"),
@@ -146,7 +146,7 @@ func testCheckHttpcompressExists(name string, exists bool) resource.TestCheckFun
 	return func(s *terraform.State) error {
 		client := testAccProvider.Meta().(*bigip.BigIP)
 		p, err := client.GetHttpcompress(name)
-		if err != nil {
+		if err != nil && exists {
 			return err
 		}
 		if exists && p == nil {
@@ -168,10 +168,10 @@ func testCheckHttpcompresssDestroyed(s *terraform.State) error {
 		}
 
 		name := rs.Primary.ID
-		httpcompress, err := client.GetHttpcompress(name)
-		if err != nil {
-			return err
-		}
+		httpcompress, _ := client.GetHttpcompress(name)
+		// if err != nil {
+		// 	return err
+		// }
 		if httpcompress != nil {
 			return fmt.Errorf("httpcompress %s not destroyed. ", name)
 		}

bigip/resource_bigip_ltm_profile_ssl_client.go

@@ -267,7 +267,7 @@ func resourceBigipLtmProfileClientSsl() *schema.Resource {
 			"cipher_group": {
 				Type:          schema.TypeString,
 				Optional:      true,
-				Default:       "none",
+				Computed:      true,
 				Description:   "Cipher group for the ssl client profile",
 				ConflictsWith: []string{"ciphers"},
 			},

bigip/resource_bigip_ltm_profile_ssl_client_test.go

@@ -413,7 +413,17 @@ func TestAccBigipLtmProfileClientSsl_UpdateCipherGroup(t *testing.T) {
 					resource.TestCheckResourceAttr(resFullName, "name", instFullName),
 					resource.TestCheckResourceAttr(resFullName, "partition", "Common"),
 					resource.TestCheckResourceAttr(resFullName, "defaults_from", "/Common/clientssl"),
-					resource.TestCheckResourceAttr(resFullName, "cipher_group", "none"),
+					// resource.TestCheckResourceAttr(resFullName, "cipher_group", "none"),
+				),
+			},
+			{
+				Config: testaccbigipltmprofileclientsslUpdateparam(instName, "cipher_group"),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckClientSslExists(instFullName),
+					resource.TestCheckResourceAttr(resFullName, "name", instFullName),
+					resource.TestCheckResourceAttr(resFullName, "partition", "Common"),
+					resource.TestCheckResourceAttr(resFullName, "defaults_from", "/Common/clientssl"),
+					resource.TestCheckResourceAttr(resFullName, "cipher_group", "/Common/f5-aes"),
 				),
 			},
 			{

bigip/resource_bigip_net_vlan.go

@@ -53,7 +53,6 @@ func resourceBigipNetVlan() *schema.Resource {
 							Optional:    true,
 							Description: "Vlan name",
 						},
-
 						"tagged": {
 							Type:        schema.TypeBool,
 							Optional:    true,
@@ -62,6 +61,13 @@ func resourceBigipNetVlan() *schema.Resource {
 					},
 				},
 			},
+			"mtu": {
+				Type:         schema.TypeInt,
+				Optional:     true,
+				Description:  "Maximum Transmission Unit (MTU) for the VLAN",
+				Default:      1500,
+				ValidateFunc: validation.IntBetween(576, 9198),
+			},
 			"cmp_hash": {
 				Type:         schema.TypeString,
 				Optional:     true,
@@ -79,6 +85,7 @@ func resourceBigipNetVlanCreate(ctx context.Context, d *schema.ResourceData, met
 
 	name := d.Get("name").(string)
 	tag := d.Get("tag").(int)
+	mtu := d.Get("mtu").(int)
 
 	log.Printf("[INFO] Creating VLAN %s", name)
 
@@ -87,6 +94,7 @@ func resourceBigipNetVlanCreate(ctx context.Context, d *schema.ResourceData, met
 	r := &bigip.Vlan{
 		Name:    name,
 		Tag:     tag,
+		MTU:     mtu,
 		CMPHash: d.Get("cmp_hash").(string),
 	}
 
@@ -135,6 +143,7 @@ func resourceBigipNetVlanRead(ctx context.Context, d *schema.ResourceData, meta
 	_ = d.Set("name", vlan.FullPath)
 	_ = d.Set("tag", vlan.Tag)
 	_ = d.Set("cmp_hash", vlan.CMPHash)
+	_ = d.Set("mtu", vlan.MTU)
 
 	log.Printf("[DEBUG] Reading VLAN %s Interfaces", name)
 
@@ -178,6 +187,7 @@ func resourceBigipNetVlanUpdate(ctx context.Context, d *schema.ResourceData, met
 	r := &bigip.Vlan{
 		Name:    name,
 		Tag:     d.Get("tag").(int),
+		MTU:     d.Get("mtu").(int),
 		CMPHash: d.Get("cmp_hash").(string),
 	}
 

bigip/resource_bigip_net_vlan_test.go

@@ -26,6 +26,7 @@ resource "bigip_net_vlan" "test-vlan" {
 		vlanport = 1.1
 		tagged = true
 	}
+	mtu = 900
 }
 `
 
@@ -45,6 +46,7 @@ func TestAccBigipNetvlan_create(t *testing.T) {
 					resource.TestCheckResourceAttr("bigip_net_vlan.test-vlan", "tag", "101"),
 					resource.TestCheckResourceAttr("bigip_net_vlan.test-vlan", "interfaces.0.vlanport", "1.1"),
 					resource.TestCheckResourceAttr("bigip_net_vlan.test-vlan", "interfaces.0.tagged", "true"),
+					resource.TestCheckResourceAttr("bigip_net_vlan.test-vlan", "mtu", "900"),
 				),
 			},
 		},

docs/index.md

@@ -17,6 +17,7 @@ This provider uses the iControlREST API. All the resources are validated with Bi
 ~> **NOTE** For AWAF resources, F5 BIG-IP version should be > v16.x , and ASM need to be provisioned.
 
 ## Example Usage
+
 ```hcl
 variable hostname {}
 variable username {}
@@ -45,11 +46,14 @@ provider "bigip" {
 - `password` - (type `string`) BIG-IP Password for authentication. Can be set via the `BIGIP_PASSWORD` environment variable.
 - `token_auth` - (Optional, Default `true`) Enable to use token authentication. Can be set via the `BIGIP_TOKEN_AUTH` environment variable.
 - `token_value` - (Optional) A token generated outside the provider, in place of password
+- `api_timeout` - (Optional, type `int`) A timeout for AS3 requests, represented as a number of seconds.
+- `token_timeout` - (Optional, type `int`) A lifespan to request for the AS3 auth token, represented as a number of seconds.
+- `api_retries` - (Optional, type `int`) Amount of times to retry AS3 API requests.
 - `login_ref` - (Optional,Default `tmos`) Login reference for token authentication (see BIG-IP REST docs for details). May be set via the `BIGIP_LOGIN_REF` environment variable.
 - `port` - (Optional) Management Port to connect to BIG-IP,this is mainly required if we have single nic BIG-IP in AWS/Azure/GCP (or) Management port other than `443`. Can be set via `BIGIP_PORT` environment variable.
 - `validate_certs_disable` - (Optional, Default `true`) If set to true, Disables TLS certificate check on BIG-IP. Can be set via the `BIGIP_VERIFY_CERT_DISABLE` environment variable.
 - `trusted_cert_path` - (type `string`) Provides Certificate Path to be used TLS Validate.It will be required only if `validate_certs_disable` set to `false`.Can be set via the `BIGIP_TRUSTED_CERT_PATH` environment variable.
 
 ~> **Note** For BIG-IQ resources these provider credentials `address`,`username`,`password` can be set to BIG-IQ credentials.
 
-~> **Note** The F5 BIG-IP provider gathers non-identifiable usage data for the purposes of improving the product as outlined in the end user license agreement for BIG-IP. To opt out of data collection, use the following : `export TEEM_DISABLE=true`
+~> **Note** The F5 BIG-IP provider gathers non-identifiable usage data for the purposes of improving the product as outlined in the end user license agreement for BIG-IP. To opt out of data collection, use the following : `export TEEM_DISABLE=true`

docs/resources/bigip_net_vlan.md

@@ -42,3 +42,5 @@ resource "bigip_net_vlan" "vlan1" {
 * `cmp_hash` - (Optional,type `string`) Specifies how the traffic on the VLAN will be disaggregated. The value selected determines the traffic disaggregation method. possible options: [`default`, `src-ip`, `dst-ip`]
 
 * `tagged` - Specifies a list of tagged interfaces or trunks associated with this VLAN. Note that you can associate tagged interfaces or trunks with any number of VLANs.
+
+* `mtu` - Specifies the maximum transmission unit (MTU) for traffic on this VLAN. The default value is `1500`.

go.mod

@@ -10,8 +10,8 @@ require (
 	github.com/Azure/azure-storage-blob-go v0.13.0
 	github.com/Azure/go-autorest/autorest v0.11.18
 	github.com/Azure/go-autorest/autorest/adal v0.9.13
-	github.com/f5devcentral/go-bigip v0.0.0-20231120063103-95f22f4d262c
-	github.com/f5devcentral/go-bigip/f5teem v0.0.0-20231120063103-95f22f4d262c
+	github.com/f5devcentral/go-bigip v0.0.0-20240102182502-074c3e5c7aee
+	github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240102182502-074c3e5c7aee
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.25.0
 	github.com/stretchr/testify v1.8.4

go.sum

@@ -51,10 +51,10 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg=
 github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
-github.com/f5devcentral/go-bigip v0.0.0-20231120063103-95f22f4d262c h1:D0BniMWVM/IOkhNZk17d6ukX2CVnbAhr2MavEDrDQj4=
-github.com/f5devcentral/go-bigip v0.0.0-20231120063103-95f22f4d262c/go.mod h1:0Lkr0fBU6O1yBxF2mt9JFwXpaFbIb/wAY7oM3dMJDdA=
-github.com/f5devcentral/go-bigip/f5teem v0.0.0-20231120063103-95f22f4d262c h1:FEs8wSVxdTTZHPwR/GuESA5GXZJi/NulZuOjbiOHD1M=
-github.com/f5devcentral/go-bigip/f5teem v0.0.0-20231120063103-95f22f4d262c/go.mod h1:r7o5I22EvO+fps2u10bz4ZUlTlNHopQSWzVcW19hK3U=
+github.com/f5devcentral/go-bigip v0.0.0-20240102182502-074c3e5c7aee h1:RVNlRNmKTdRVEacKkgXM+LVM0HZEDY07wneeUXXZTeo=
+github.com/f5devcentral/go-bigip v0.0.0-20240102182502-074c3e5c7aee/go.mod h1:0Lkr0fBU6O1yBxF2mt9JFwXpaFbIb/wAY7oM3dMJDdA=
+github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240102182502-074c3e5c7aee h1:fmGl57vb62P4gkOASOURc7IoAxfoaRmPpLXed4uBDoo=
+github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240102182502-074c3e5c7aee/go.mod h1:r7o5I22EvO+fps2u10bz4ZUlTlNHopQSWzVcW19hK3U=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=

vendor/modules.txt

@@ -42,10 +42,10 @@ github.com/apparentlymart/go-textseg/v13/textseg
 # github.com/davecgh/go-spew v1.1.1
 ## explicit
 github.com/davecgh/go-spew/spew
-# github.com/f5devcentral/go-bigip v0.0.0-20231120063103-95f22f4d262c
+# github.com/f5devcentral/go-bigip v0.0.0-20240102182502-074c3e5c7aee
 ## explicit; go 1.20
 github.com/f5devcentral/go-bigip
-# github.com/f5devcentral/go-bigip/f5teem v0.0.0-20231120063103-95f22f4d262c
+# github.com/f5devcentral/go-bigip/f5teem v0.0.0-20240102182502-074c3e5c7aee
 ## explicit; go 1.13
 github.com/f5devcentral/go-bigip/f5teem
 # github.com/fatih/color v1.13.0