From 36e7cb0299e034fe84ca9cbf16eac9d9d19832ee Mon Sep 17 00:00:00 2001 From: Rohit Myali Date: Thu, 14 Nov 2024 08:46:53 +0000 Subject: [PATCH 1/2] updated adc-nitro-go and vendor directory Signed-off-by: Rohit Myali --- go.mod | 2 +- go.sum | 4 ++-- .../resource/config/aaa/aaaparameter.go | 20 +++++++++++++++++++ vendor/modules.txt | 2 +- 4 files changed, 24 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index f04c21168..710336c49 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/citrix/terraform-provider-citrixadc go 1.19 require ( - github.com/citrix/adc-nitro-go v0.0.0-20240828101652-94a4ce81c2dc + github.com/citrix/adc-nitro-go v0.0.0-20241114071000-5fec5a6364f2 github.com/gruntwork-io/terratest v0.47.2 github.com/hashicorp/terraform-plugin-sdk v1.17.2 github.com/mitchellh/mapstructure v1.5.0 diff --git a/go.sum b/go.sum index f0a6236c1..8c418a20e 100644 --- a/go.sum +++ b/go.sum @@ -238,8 +238,8 @@ github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXH github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/citrix/adc-nitro-go v0.0.0-20240828101652-94a4ce81c2dc h1:MoBCY3Zp7+LTmzi2rHqeNre2DIhkSBzg5TCWf9fevyQ= -github.com/citrix/adc-nitro-go v0.0.0-20240828101652-94a4ce81c2dc/go.mod h1:DL1n+MgO15981ahrt+CsQVv43yyUrTdigPq3dIxydD8= +github.com/citrix/adc-nitro-go v0.0.0-20241114071000-5fec5a6364f2 h1:JpimJbuiYm5GBJjA3f0DzCnJ4ZNjkEzudtv5AZweMf8= +github.com/citrix/adc-nitro-go v0.0.0-20241114071000-5fec5a6364f2/go.mod h1:DL1n+MgO15981ahrt+CsQVv43yyUrTdigPq3dIxydD8= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= diff --git a/vendor/github.com/citrix/adc-nitro-go/resource/config/aaa/aaaparameter.go b/vendor/github.com/citrix/adc-nitro-go/resource/config/aaa/aaaparameter.go index 9cc759cf7..6a3290f08 100644 --- a/vendor/github.com/citrix/adc-nitro-go/resource/config/aaa/aaaparameter.go +++ b/vendor/github.com/citrix/adc-nitro-go/resource/config/aaa/aaaparameter.go @@ -122,6 +122,26 @@ type Aaaparameter struct { * Parameter to enable/disable default CSP header */ Defaultcspheader string `json:"defaultcspheader,omitempty"` + /** + * Parameter to set/reset HttpOnly Flag for NSC_AAAC/NSC_TMAS cookies in nfactor + */ + Httponlycookie string `json:"httponlycookie,omitempty"` + /** + * Parameter to enable/disable EPA v2 functionality + */ + Enhancedepa string `json:"enhancedepa,omitempty"` + /** + * Entities for which WAF Protection need to be applied. Available settings function as follows + AUTH - Endpoints used for Authentication applicable for both AAATM, IDP, GATEWAY use cases. + VPN - Endpoints used for Gateway use cases. + DISABLED - No Endpoint WAF protection. Currently supported only in default partition. + Possible values = DISABLED, AUTH, VPN + */ + Wafprotection []string `json:"wafprotection,omitempty"` + /** + * On enabling this option, the Citrix ADC will send the security insight records to the configured collectors when request comes to Authentication endpoint + */ + Securityinsights string `json:"securityinsights,omitempty"` //------- Read only Parameter ---------; diff --git a/vendor/modules.txt b/vendor/modules.txt index 8bb763efa..fd83030ca 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -98,7 +98,7 @@ github.com/bgentry/go-netrc/netrc # github.com/bgentry/speakeasy v0.1.0 ## explicit github.com/bgentry/speakeasy -# github.com/citrix/adc-nitro-go v0.0.0-20240828101652-94a4ce81c2dc +# github.com/citrix/adc-nitro-go v0.0.0-20241114071000-5fec5a6364f2 ## explicit; go 1.14 github.com/citrix/adc-nitro-go/resource/config/aaa github.com/citrix/adc-nitro-go/resource/config/adm From afd7bd3e662de1db2cd2b1b24c70a2ccba2a0920 Mon Sep 17 00:00:00 2001 From: rohit-myali Date: Thu, 14 Nov 2024 12:11:44 +0000 Subject: [PATCH 2/2] Updated aaaparameter resource with additional supported attributes Signed-off-by: rohit-myali --- citrixadc/resource_citrixadc_aaaparameter.go | 50 +++++++++++++++++++ .../resource_citrixadc_aaaparameter_test.go | 4 +- docs/resources/aaaparameter.md | 19 +++++++ 3 files changed, 71 insertions(+), 2 deletions(-) diff --git a/citrixadc/resource_citrixadc_aaaparameter.go b/citrixadc/resource_citrixadc_aaaparameter.go index 7521106be..87f5e33c6 100644 --- a/citrixadc/resource_citrixadc_aaaparameter.go +++ b/citrixadc/resource_citrixadc_aaaparameter.go @@ -124,6 +124,27 @@ func resourceCitrixAdcAaaparameter() *schema.Resource { Optional: true, Computed: true, }, + "httponlycookie": { + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "enhancedepa": { + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "wafprotection": { + Type: schema.TypeList, + Elem: &schema.Schema{Type: schema.TypeString}, + Optional: true, + Computed: true, + }, + "securityinsights": { + Type: schema.TypeString, + Optional: true, + Computed: true, + }, }, } } @@ -155,6 +176,10 @@ func createAaaparameterFunc(d *schema.ResourceData, meta interface{}) error { Pwdexpirynotificationdays: d.Get("pwdexpirynotificationdays").(int), Samesite: d.Get("samesite").(string), Tokenintrospectioninterval: d.Get("tokenintrospectioninterval").(int), + Httponlycookie: d.Get("httponlycookie").(string), + Enhancedepa: d.Get("enhancedepa").(string), + Wafprotection: toStringList(d.Get("wafprotection").([]interface{})), + Securityinsights: d.Get("securityinsights").(string), } err := client.UpdateUnnamedResource(service.Aaaparameter.Type(), &aaaparameter) @@ -203,6 +228,10 @@ func readAaaparameterFunc(d *schema.ResourceData, meta interface{}) error { d.Set("pwdexpirynotificationdays", data["pwdexpirynotificationdays"]) d.Set("samesite", data["samesite"]) d.Set("tokenintrospectioninterval", data["tokenintrospectioninterval"]) + d.Set("httponlycookie", data["httponlycookie"]) + d.Set("enhancedepa", data["enhancedepa"]) + d.Set("wafprotection", data["wafprotection"]) + d.Set("securityinsights", data["securityinsights"]) return nil @@ -267,6 +296,7 @@ func updateAaaparameterFunc(d *schema.ResourceData, meta interface{}) error { if d.HasChange("failedlogintimeout") { log.Printf("[DEBUG] citrixadc-provider: Failedlogintimeout has changed for aaaparameter, starting update") aaaparameter.Failedlogintimeout = d.Get("failedlogintimeout").(int) + aaaparameter.Maxloginattempts = d.Get("maxloginattempts").(int) hasChange = true } if d.HasChange("ftmode") { @@ -319,6 +349,26 @@ func updateAaaparameterFunc(d *schema.ResourceData, meta interface{}) error { aaaparameter.Tokenintrospectioninterval = d.Get("tokenintrospectioninterval").(int) hasChange = true } + if d.HasChange("httponlycookie") { + log.Printf("[DEBUG] citrixadc-provider: Httponlycookie has changed for aaaparameter, starting update") + aaaparameter.Httponlycookie = d.Get("httponlycookie").(string) + hasChange = true + } + if d.HasChange("enhancedepa") { + log.Printf("[DEBUG] citrixadc-provider: Enhancedepa has changed for aaaparameter, starting update") + aaaparameter.Enhancedepa = d.Get("enhancedepa").(string) + hasChange = true + } + if d.HasChange("wafprotection") { + log.Printf("[DEBUG] citrixadc-provider: wafprotection has changed for aaaparameter, starting update") + aaaparameter.Wafprotection = toStringList(d.Get("wafprotection").([]interface{})) + hasChange = true + } + if d.HasChange("securityinsights") { + log.Printf("[DEBUG] citrixadc-provider: Securityinsights has changed for aaaparameter, starting update") + aaaparameter.Securityinsights = d.Get("securityinsights").(string) + hasChange = true + } if hasChange { err := client.UpdateUnnamedResource(service.Aaaparameter.Type(), &aaaparameter) diff --git a/citrixadc/resource_citrixadc_aaaparameter_test.go b/citrixadc/resource_citrixadc_aaaparameter_test.go index 392614a8e..bab406cb1 100644 --- a/citrixadc/resource_citrixadc_aaaparameter_test.go +++ b/citrixadc/resource_citrixadc_aaaparameter_test.go @@ -28,7 +28,7 @@ const testAccAaaparameter_basic = ` resource "citrixadc_aaaparameter" "tf_aaaparameter" { enablestaticpagecaching = "NO" enableenhancedauthfeedback = "YES" - defaultauthtype = "LDAP" + defaultauthtype = "LOCAL" maxaaausers = 3 maxloginattempts = 5 failedlogintimeout = 15 @@ -60,7 +60,7 @@ func TestAccAaaparameter_basic(t *testing.T) { testAccCheckAaaparameterExist("citrixadc_aaaparameter.tf_aaaparameter", nil), resource.TestCheckResourceAttr("citrixadc_aaaparameter.tf_aaaparameter", "enablestaticpagecaching", "NO"), resource.TestCheckResourceAttr("citrixadc_aaaparameter.tf_aaaparameter", "enableenhancedauthfeedback", "YES"), - resource.TestCheckResourceAttr("citrixadc_aaaparameter.tf_aaaparameter", "defaultauthtype", "LDAP"), + resource.TestCheckResourceAttr("citrixadc_aaaparameter.tf_aaaparameter", "defaultauthtype", "LOCAL"), resource.TestCheckResourceAttr("citrixadc_aaaparameter.tf_aaaparameter", "maxaaausers", "3"), resource.TestCheckResourceAttr("citrixadc_aaaparameter.tf_aaaparameter", "maxloginattempts", "5"), resource.TestCheckResourceAttr("citrixadc_aaaparameter.tf_aaaparameter", "failedlogintimeout", "15"), diff --git a/docs/resources/aaaparameter.md b/docs/resources/aaaparameter.md index bd195a10c..b79fdca91 100644 --- a/docs/resources/aaaparameter.md +++ b/docs/resources/aaaparameter.md @@ -17,6 +17,9 @@ resource "citrixadc_aaaparameter" "tf_aaaparameter" { maxaaausers = 3 maxloginattempts = 5 failedlogintimeout = 15 + securityinsights = "DISABLED" + enhancedepa = "DISABLED" + httponlycookie = "DISABLED" } ``` @@ -44,6 +47,22 @@ resource "citrixadc_aaaparameter" "tf_aaaparameter" { * `apitokencache` - (Optional) Option to enable/disable API cache feature. Possible values: [ ENABLED, DISABLED ] * `tokenintrospectioninterval` - (Optional) Frequency at which a token must be verified at the Authorization Server (AS) despite being found in cache. * `defaultcspheader` - (Optional) Parameter to enable/disable default CSP header. Possible values: [ ENABLED, DISABLED ] +* `httponlycookie` - (Optional) Parameter to set/reset HttpOnly Flag for NSC_AAAC/NSC_TMAS cookies in nfactor. Default value: DISABLED | Possible values: [ ENABLED, DISABLED ] +* `enhancedepa` - (Optional) Parameter to enable/disable EPA v2 functionality. Default value: DISABLED | Possible values: [ ENABLED, DISABLED ] +* `wafprotection` - (Optional) (List of strings) Entities for which WAF Protection need to be applied. Available settings function as follows. + * AUTH - Endpoints used for Authentication applicable for both AAATM, IDP, GATEWAY use cases. + * VPN - Endpoints used for Gateway use cases. + * DISABLED - No Endpoint WAF protection. Currently supported only in default partition. + + Possible values: [ DISABLED, AUTH, VPN ] + +* `securityinsights` - (Optional) On enabling this option, the Citrix ADC will send the security insight records to the configured collectors when request comes to Authentication endpoint. + * If cs vserver is frontend with Authentication vserver as target for cs action, then record is sent using Authentication vserver name. + * If vpn/lb/cs vserver are configured with Authentication ON, then then record is sent using vpn/lb/cs vserver name accordingly. + * If authentication vserver is frontend, then record is sent using Authentication vserver name. + + Default value: DISABLED | + Possible values: [ ENABLED, DISABLED ] ## Attribute Reference