Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cipher rule #868

Merged
merged 8 commits into from
Sep 14, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions bigip/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,7 @@ func Provider() *schema.Provider {
"bigip_net_route": resourceBigipNetRoute(),
"bigip_net_selfip": resourceBigipNetSelfIP(),
"bigip_net_vlan": resourceBigipNetVlan(),
"bigip_ltm_cipher_rule": resourceBigipLtmCipherRule(),
"bigip_ltm_irule": resourceBigipLtmIRule(),
"bigip_ltm_datagroup": resourceBigipLtmDataGroup(),
"bigip_ltm_monitor": resourceBigipLtmMonitor(),
Expand Down
163 changes: 163 additions & 0 deletions bigip/resource_bigip_ltm_cipher_rule.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,163 @@
package bigip

import (
"context"
"fmt"
"log"
"os"
"strings"

bigip "github.com/f5devcentral/go-bigip"
"github.com/f5devcentral/go-bigip/f5teem"
"github.com/google/uuid"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
)

func resourceBigipLtmCipherRule() *schema.Resource {
return &schema.Resource{
CreateContext: resourceBigipLtmCipherRuleCreate,
ReadContext: resourceBigipLtmCipherRuleRead,
UpdateContext: resourceBigipLtmCipherRuleUpdate,
DeleteContext: resourceBigipLtmCipherRuleDelete,
Importer: &schema.ResourceImporter{
StateContext: schema.ImportStatePassthroughContext,
},

Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Description: "The cipher rule name.",
Required: true,
},
"partition": {
Type: schema.TypeString,
Description: "The partition name.",
Optional: true,
Default: "Common",
},
"cipher_suites": {
Type: schema.TypeString,
Description: "The cipher suites.",
Default: "DEFAULT",
Optional: true,
},
"dh_groups": {
Type: schema.TypeString,
Description: "The DH groups.",
Optional: true,
},
"signature_algorithms": {
Type: schema.TypeString,
Description: "The signature algorithms.",
Optional: true,
},
"full_path": {
Type: schema.TypeString,
Description: "The full path of the cipher rule.",
Computed: true,
},
},
}
}

func resourceBigipLtmCipherRuleCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
client := meta.(*bigip.BigIP)
name := d.Get("name").(string)
partition := d.Get("partition").(string)
log.Println("[INFO] Creating Cipher Rule: ", name, " in partition: ", partition)
cipherRule := &bigip.CipherRule{
Name: name,
Partition: partition,
Cipher: d.Get("cipher_suites").(string),
DHGroups: d.Get("dh_groups").(string),
SignatureAlgorithms: d.Get("signature_algorithms").(string),
}
err := client.CreateCipherRule(cipherRule)
if err != nil {
return diag.FromErr(err)
}
fullPath := fmt.Sprintf("/%s/%s", partition, name)
d.SetId(fullPath)
if !client.Teem {
id := uuid.New()
uniqueID := id.String()
assetInfo := f5teem.AssetInfo{
Name: "Terraform-provider-bigip",
Version: client.UserAgent,
Id: uniqueID,
}
apiKey := os.Getenv("TEEM_API_KEY")
teemDevice := f5teem.AnonymousClient(assetInfo, apiKey)
f := map[string]interface{}{
"Terraform Version": client.UserAgent,
}
tsVer := strings.Split(client.UserAgent, "/")
err = teemDevice.Report(f, "bigip_ltm_cipher_rule", tsVer[3])
if err != nil {
log.Printf("[ERROR]Sending Telemetry data failed:%v", err)
}
}
return resourceBigipLtmCipherRuleRead(ctx, d, meta)
}

func resourceBigipLtmCipherRuleRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
client := meta.(*bigip.BigIP)

id := d.Id()
id = strings.Replace(id, "/", "", 1)
name_partition := strings.Split(id, "/")
name := name_partition[1]
partition := name_partition[0]

log.Printf("----------------name_partition: %v------------------", name_partition)

log.Println("[INFO] Reading Cipher Rule: ", name)
cipherRule, err := client.GetCipherRule(name, partition)
if err != nil {
return diag.FromErr(err)
}
if cipherRule == nil {
return diag.FromErr(fmt.Errorf("cipher Rule not found"))
}
fullPath := fmt.Sprintf("/%s/%s", partition, name)
_ = d.Set("name", cipherRule.Name)
_ = d.Set("partition", cipherRule.Partition)
_ = d.Set("cipher_suites", cipherRule.Cipher)
_ = d.Set("dh_groups", cipherRule.DHGroups)
_ = d.Set("signature_algorithms", cipherRule.SignatureAlgorithms)
_ = d.Set("full_path", fullPath)
return nil
}

func resourceBigipLtmCipherRuleUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
client := meta.(*bigip.BigIP)
name := d.Get("name").(string)
partition := d.Get("partition").(string)
log.Println("[INFO] Updating Cipher Rule: ", name, " in partition: ", partition)
cipherRule := &bigip.CipherRule{
Name: name,
Partition: partition,
Cipher: d.Get("cipher_suites").(string),
DHGroups: d.Get("dh_groups").(string),
SignatureAlgorithms: d.Get("signature_algorithms").(string),
}
err := client.ModifyCipherRule(cipherRule)
if err != nil {
return diag.FromErr(err)
}
return resourceBigipLtmCipherRuleRead(ctx, d, meta)
}

func resourceBigipLtmCipherRuleDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
client := meta.(*bigip.BigIP)
name := d.Get("name").(string)
partition := d.Get("partition").(string)
log.Println("[INFO] Deleting Cipher Rule: ", name, " in partition: ", partition)
err := client.DeleteCipherRule(name, partition)
if err != nil {
return diag.FromErr(err)
}
d.SetId("")
return nil
}
37 changes: 37 additions & 0 deletions bigip/resource_bigip_ltm_cipher_rule_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
package bigip

import (
"testing"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
)

const testResourceCipherRule = `
resource "bigip_ltm_cipher_rule" "testcipher" {
name = "testcipher"
partition = "Common"
cipher_suites = "fips"
dh_groups = "P256:P384:FFDHE2048:FFDHE3072:FFDHE4096"
signature_algorithms = "DEFAULT"
}`

func TestAccCipherRule(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() {
testAcctPreCheck(t)
},
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testResourceCipherRule,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("bigip_ltm_cipher_rule.testcipher", "name", "testcipher"),
resource.TestCheckResourceAttr("bigip_ltm_cipher_rule.testcipher", "partition", "Common"),
resource.TestCheckResourceAttr("bigip_ltm_cipher_rule.testcipher", "cipher_suites", "fips"),
resource.TestCheckResourceAttr("bigip_ltm_cipher_rule.testcipher", "dh_groups", "P256:P384:FFDHE2048:FFDHE3072:FFDHE4096"),
resource.TestCheckResourceAttr("bigip_ltm_cipher_rule.testcipher", "signature_algorithms", "DEFAULT"),
),
},
},
})
}
1 change: 1 addition & 0 deletions bigip/resource_bigip_ltm_policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ func resourceBigipLtmPolicy() *schema.Resource {
Optional: true,
Description: "Publish the Policy",
ForceNew: true,
Deprecated: "This attribute is not required anymore because the resource automatically publishes the policy, for that reason this field is deprecated and will be removed in a future release.",
},
"controls": {
Type: schema.TypeSet,
Expand Down
9 changes: 5 additions & 4 deletions bigip/resource_bigip_ltm_virtual_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -211,10 +211,11 @@ func resourceBigipLtmVirtualServer() *schema.Resource {
Description: "Specifies a network protocol name you want the system to use to direct traffic on this virtual server. The default is TCP. The Protocol setting is not available when you select Performance (HTTP) as the Type.",
},
"policies": {
Type: schema.TypeSet,
Elem: &schema.Schema{Type: schema.TypeString},
Set: schema.HashString,
Optional: true,
Type: schema.TypeSet,
Elem: &schema.Schema{Type: schema.TypeString},
Set: schema.HashString,
Optional: true,
Description: "Specifies the policies for the virtual server",
},
"vlans": {
Type: schema.TypeSet,
Expand Down
31 changes: 29 additions & 2 deletions bigip/resource_bigip_ssl_key_cert.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import (
"log"
"strings"

"github.com/f5devcentral/go-bigip"
bigip "github.com/f5devcentral/go-bigip"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
)
Expand Down Expand Up @@ -97,6 +97,10 @@ func resourceBigipSSLKeyCertCreate(ctx context.Context, d *schema.ResourceData,
Passphrase: passphrase,
}

t, err := client.StartTransaction()
if err != nil {
return diag.FromErr(fmt.Errorf("error while starting transaction: %v", err))
}
err = client.AddKey(&keyCfg)
if err != nil {
return diag.FromErr(fmt.Errorf("error while adding the ssl key: %v", err))
Expand All @@ -105,6 +109,10 @@ func resourceBigipSSLKeyCertCreate(ctx context.Context, d *schema.ResourceData,
if err != nil {
return diag.FromErr(fmt.Errorf("error while uploading the ssl cert: %v", err))
}
err = client.CommitTransaction(t.TransID)
if err != nil {
return diag.FromErr(fmt.Errorf("error while ending transaction: %d", err))
}

id := keyName + "_" + certName
d.SetId(id)
Expand Down Expand Up @@ -166,6 +174,11 @@ func resourceBigipSSLKeyCertUpdate(ctx context.Context, d *schema.ResourceData,
}

keyFullPath := fmt.Sprintf("/%s/%s", partition, keyName)

t, err := client.StartTransaction()
if err != nil {
return diag.FromErr(fmt.Errorf("error while trying to start transaction: %s", err))
}
err = client.ModifyKey(keyFullPath, &keyCfg)
if err != nil {
return diag.FromErr(fmt.Errorf("error while trying to modify the ssl key (%s): %s", keyFullPath, err))
Expand All @@ -175,6 +188,10 @@ func resourceBigipSSLKeyCertUpdate(ctx context.Context, d *schema.ResourceData,
if err != nil {
return diag.FromErr(fmt.Errorf("error while updating the ssl certificate (%s): %s", certName, err))
}
err = client.CommitTransaction(t.TransID)
if err != nil {
return diag.FromErr(fmt.Errorf("error while trying to end transaction: %s", err))
}

return resourceBigipSSLKeyCertRead(ctx, d, meta)
}
Expand All @@ -191,7 +208,12 @@ func resourceBigipSSLKeyCertDelete(ctx context.Context, d *schema.ResourceData,
keyFullPath := "/" + partition + "/" + keyName
certFullPath := "/" + partition + "/" + certName

err := client.DeleteKey(keyFullPath)
t, err := client.StartTransaction()
if err != nil {
return diag.FromErr(fmt.Errorf("error while starting transaction: %v", err))
}

err = client.DeleteKey(keyFullPath)
if err != nil {
log.Printf("[ERROR] unable to delete the ssl key (%s) (%v) ", keyFullPath, err)
}
Expand All @@ -201,6 +223,11 @@ func resourceBigipSSLKeyCertDelete(ctx context.Context, d *schema.ResourceData,
log.Printf("[ERROR] unable to delete the ssl certificate (%s) (%v) ", certFullPath, err)
}

err = client.CommitTransaction(t.TransID)
if err != nil {
return diag.FromErr(fmt.Errorf("error while ending transaction: %v", err))
}

d.SetId("")
return nil
}
Expand Down
67 changes: 67 additions & 0 deletions bigip/resource_bigip_ssl_key_cert_test.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
package bigip

import (
"fmt"
"log"
"os"
"testing"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
Expand All @@ -16,6 +19,29 @@ resource "bigip_ssl_key_cert" "testkeycert" {
}
`

var sslProfileCertKey = `
resource "bigip_ssl_key_cert" "testkeycert" {
partition = "Common"
key_name = "ssl-test-key"
key_content = "${file("` + folder + `/../examples/%s")}"
cert_name = "ssl-test-cert"
cert_content = "${file("` + folder + `/../examples/%s")}"
}

resource "bigip_ltm_profile_server_ssl" "test-ServerSsl" {
name = "/Common/test-ServerSsl"
defaults_from = "/Common/serverssl"
authenticate = "always"
ciphers = "DEFAULT"
cert = "/Common/ssl-test-cert"
key = "/Common/ssl-test-key"

depends_on = [
bigip_ssl_key_cert.testkeycert
]
}
`

func TestAccBigipSSLCertKeyCreate(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() {
Expand Down Expand Up @@ -45,3 +71,44 @@ func TestAccBigipSSLCertKeyCreate(t *testing.T) {
},
})
}

func TestAccBigipSSLCertKeyCreateCertKeyProfile(t *testing.T) {
create := fmt.Sprintf(sslProfileCertKey, "serverkey.key", "servercert.crt")
modify := fmt.Sprintf(sslProfileCertKey, "serverkey2.key", "servercert2.crt")
crt1Content, _ := os.ReadFile(folder + `/../examples/` + "servercert.crt")
key1Content, _ := os.ReadFile(folder + `/../examples/` + "serverkey.key")
crt2Content, _ := os.ReadFile(folder + `/../examples/` + "servercert2.crt")
key2Content, _ := os.ReadFile(folder + `/../examples/` + "serverkey2.key")

log.Println(create)
log.Println(modify)
resource.Test(t, resource.TestCase{
PreCheck: func() {
testAcctPreCheck(t)
},
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: create,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "key_name", "ssl-test-key"),
resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "cert_name", "ssl-test-cert"),
resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "partition", "Common"),
resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "key_content", string(key1Content)),
resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "cert_content", string(crt1Content)),
),
Destroy: false,
},
{
Config: modify,
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "key_name", "ssl-test-key"),
resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "cert_name", "ssl-test-cert"),
resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "partition", "Common"),
resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "key_content", string(key2Content)),
resource.TestCheckResourceAttr("bigip_ssl_key_cert.testkeycert", "cert_content", string(crt2Content)),
),
},
},
})
}
Loading