Merge pull request #1223 from citrix/1170-feature-request-aaa-paramet…

…er-wafprotection-and-securityinsights Updated aaaparameter resource with additional supported attributes
citrix · Nov 21, 2024 · 954da8c · 954da8c
2 parents 86a02ff + afd7bd3
commit 954da8c
Show file tree

Hide file tree

Showing 7 changed files with 95 additions and 6 deletions.
diff --git a/citrixadc/resource_citrixadc_aaaparameter.go b/citrixadc/resource_citrixadc_aaaparameter.go
@@ -124,6 +124,27 @@ func resourceCitrixAdcAaaparameter() *schema.Resource {
 				Optional: true,
 				Computed: true,
 			},
+			"httponlycookie": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+			"enhancedepa": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
+			"wafprotection": {
+				Type:     schema.TypeList,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Optional: true,
+				Computed: true,
+			},
+			"securityinsights": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+			},
 		},
 	}
 }
@@ -155,6 +176,10 @@ func createAaaparameterFunc(d *schema.ResourceData, meta interface{}) error {
 		Pwdexpirynotificationdays:  d.Get("pwdexpirynotificationdays").(int),
 		Samesite:                   d.Get("samesite").(string),
 		Tokenintrospectioninterval: d.Get("tokenintrospectioninterval").(int),
+		Httponlycookie:             d.Get("httponlycookie").(string),
+		Enhancedepa:                d.Get("enhancedepa").(string),
+		Wafprotection:              toStringList(d.Get("wafprotection").([]interface{})),
+		Securityinsights:           d.Get("securityinsights").(string),
 	}
 
 	err := client.UpdateUnnamedResource(service.Aaaparameter.Type(), &aaaparameter)
@@ -203,6 +228,10 @@ func readAaaparameterFunc(d *schema.ResourceData, meta interface{}) error {
 	d.Set("pwdexpirynotificationdays", data["pwdexpirynotificationdays"])
 	d.Set("samesite", data["samesite"])
 	d.Set("tokenintrospectioninterval", data["tokenintrospectioninterval"])
+	d.Set("httponlycookie", data["httponlycookie"])
+	d.Set("enhancedepa", data["enhancedepa"])
+	d.Set("wafprotection", data["wafprotection"])
+	d.Set("securityinsights", data["securityinsights"])
 
 	return nil
 
@@ -267,6 +296,7 @@ func updateAaaparameterFunc(d *schema.ResourceData, meta interface{}) error {
 	if d.HasChange("failedlogintimeout") {
 		log.Printf("[DEBUG]  citrixadc-provider: Failedlogintimeout has changed for aaaparameter, starting update")
 		aaaparameter.Failedlogintimeout = d.Get("failedlogintimeout").(int)
+		aaaparameter.Maxloginattempts = d.Get("maxloginattempts").(int)
 		hasChange = true
 	}
 	if d.HasChange("ftmode") {
@@ -319,6 +349,26 @@ func updateAaaparameterFunc(d *schema.ResourceData, meta interface{}) error {
 		aaaparameter.Tokenintrospectioninterval = d.Get("tokenintrospectioninterval").(int)
 		hasChange = true
 	}
+	if d.HasChange("httponlycookie") {
+		log.Printf("[DEBUG]  citrixadc-provider: Httponlycookie has changed for aaaparameter, starting update")
+		aaaparameter.Httponlycookie = d.Get("httponlycookie").(string)
+		hasChange = true
+	}
+	if d.HasChange("enhancedepa") {
+		log.Printf("[DEBUG]  citrixadc-provider: Enhancedepa has changed for aaaparameter, starting update")
+		aaaparameter.Enhancedepa = d.Get("enhancedepa").(string)
+		hasChange = true
+	}
+	if d.HasChange("wafprotection") {
+		log.Printf("[DEBUG]  citrixadc-provider: wafprotection has changed for aaaparameter, starting update")
+		aaaparameter.Wafprotection = toStringList(d.Get("wafprotection").([]interface{}))
+		hasChange = true
+	}
+	if d.HasChange("securityinsights") {
+		log.Printf("[DEBUG]  citrixadc-provider: Securityinsights has changed for aaaparameter, starting update")
+		aaaparameter.Securityinsights = d.Get("securityinsights").(string)
+		hasChange = true
+	}
 
 	if hasChange {
 		err := client.UpdateUnnamedResource(service.Aaaparameter.Type(), &aaaparameter)

diff --git a/citrixadc/resource_citrixadc_aaaparameter_test.go b/citrixadc/resource_citrixadc_aaaparameter_test.go
@@ -28,7 +28,7 @@ const testAccAaaparameter_basic = `
 	resource "citrixadc_aaaparameter" "tf_aaaparameter" {
 		enablestaticpagecaching    = "NO"
 		enableenhancedauthfeedback = "YES"
-		defaultauthtype            = "LDAP"
+		defaultauthtype            = "LOCAL"
 		maxaaausers                = 3
 		maxloginattempts           = 5
 		failedlogintimeout         = 15
@@ -60,7 +60,7 @@ func TestAccAaaparameter_basic(t *testing.T) {
 					testAccCheckAaaparameterExist("citrixadc_aaaparameter.tf_aaaparameter", nil),
 					resource.TestCheckResourceAttr("citrixadc_aaaparameter.tf_aaaparameter", "enablestaticpagecaching", "NO"),
 					resource.TestCheckResourceAttr("citrixadc_aaaparameter.tf_aaaparameter", "enableenhancedauthfeedback", "YES"),
-					resource.TestCheckResourceAttr("citrixadc_aaaparameter.tf_aaaparameter", "defaultauthtype", "LDAP"),
+					resource.TestCheckResourceAttr("citrixadc_aaaparameter.tf_aaaparameter", "defaultauthtype", "LOCAL"),
 					resource.TestCheckResourceAttr("citrixadc_aaaparameter.tf_aaaparameter", "maxaaausers", "3"),
 					resource.TestCheckResourceAttr("citrixadc_aaaparameter.tf_aaaparameter", "maxloginattempts", "5"),
 					resource.TestCheckResourceAttr("citrixadc_aaaparameter.tf_aaaparameter", "failedlogintimeout", "15"),

diff --git a/docs/resources/aaaparameter.md b/docs/resources/aaaparameter.md
@@ -17,6 +17,9 @@ resource "citrixadc_aaaparameter" "tf_aaaparameter" {
   maxaaausers                = 3
   maxloginattempts           = 5
   failedlogintimeout         = 15
+  securityinsights           = "DISABLED"
+  enhancedepa                = "DISABLED"
+  httponlycookie             = "DISABLED"
 }
 ```
 
@@ -44,6 +47,22 @@ resource "citrixadc_aaaparameter" "tf_aaaparameter" {
 * `apitokencache` - (Optional) Option to enable/disable API cache feature. Possible values: [ ENABLED, DISABLED ]
 * `tokenintrospectioninterval` - (Optional) Frequency at which a token must be verified at the Authorization Server (AS) despite being found in cache.
 * `defaultcspheader` - (Optional) Parameter to enable/disable default CSP header. Possible values: [ ENABLED, DISABLED ]
+* `httponlycookie` - (Optional) Parameter to set/reset HttpOnly Flag for NSC_AAAC/NSC_TMAS cookies in nfactor. Default value: DISABLED | Possible values: [ ENABLED, DISABLED ]
+* `enhancedepa` - (Optional) Parameter to enable/disable EPA v2 functionality. Default value: DISABLED | Possible values: [ ENABLED, DISABLED ]
+* `wafprotection` - (Optional) (List of strings) Entities for which WAF Protection need to be applied. Available settings function as follows. 
+  * AUTH - Endpoints used for Authentication applicable for both AAATM, IDP, GATEWAY use cases.
+  * VPN - Endpoints used for Gateway use cases.
+  * DISABLED - No Endpoint WAF protection. Currently supported only in default partition.
+
+    Possible values: [ DISABLED, AUTH, VPN ]
+
+* `securityinsights` - (Optional) On enabling this option, the Citrix ADC will send the security insight records to the configured collectors when request comes to Authentication endpoint. 
+  * If cs vserver is frontend with Authentication vserver as target for cs action, then record is sent using Authentication vserver name.
+  * If vpn/lb/cs vserver are configured with Authentication ON, then then record is sent using vpn/lb/cs vserver name accordingly.
+  * If authentication vserver is frontend, then record is sent using Authentication vserver name.
+
+    Default value: DISABLED |
+    Possible values: [ ENABLED, DISABLED ]
 
 
 ## Attribute Reference

diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/citrix/terraform-provider-citrixadc
 go 1.19
 
 require (
-	github.com/citrix/adc-nitro-go v0.0.0-20240828101652-94a4ce81c2dc
+	github.com/citrix/adc-nitro-go v0.0.0-20241114071000-5fec5a6364f2
 	github.com/gruntwork-io/terratest v0.47.2
 	github.com/hashicorp/terraform-plugin-sdk v1.17.2
 	github.com/mitchellh/mapstructure v1.5.0

diff --git a/go.sum b/go.sum
@@ -238,8 +238,8 @@ github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXH
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/citrix/adc-nitro-go v0.0.0-20240828101652-94a4ce81c2dc h1:MoBCY3Zp7+LTmzi2rHqeNre2DIhkSBzg5TCWf9fevyQ=
-github.com/citrix/adc-nitro-go v0.0.0-20240828101652-94a4ce81c2dc/go.mod h1:DL1n+MgO15981ahrt+CsQVv43yyUrTdigPq3dIxydD8=
+github.com/citrix/adc-nitro-go v0.0.0-20241114071000-5fec5a6364f2 h1:JpimJbuiYm5GBJjA3f0DzCnJ4ZNjkEzudtv5AZweMf8=
+github.com/citrix/adc-nitro-go v0.0.0-20241114071000-5fec5a6364f2/go.mod h1:DL1n+MgO15981ahrt+CsQVv43yyUrTdigPq3dIxydD8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=

diff --git a/vendor/github.com/citrix/adc-nitro-go/resource/config/aaa/aaaparameter.go b/vendor/github.com/citrix/adc-nitro-go/resource/config/aaa/aaaparameter.go
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -98,7 +98,7 @@ github.com/bgentry/go-netrc/netrc
 # github.com/bgentry/speakeasy v0.1.0
 ## explicit
 github.com/bgentry/speakeasy
-# github.com/citrix/adc-nitro-go v0.0.0-20240828101652-94a4ce81c2dc
+# github.com/citrix/adc-nitro-go v0.0.0-20241114071000-5fec5a6364f2
 ## explicit; go 1.14
 github.com/citrix/adc-nitro-go/resource/config/aaa
 github.com/citrix/adc-nitro-go/resource/config/adm