Skip to content

Commit

Permalink
#CWMS-2926 add use_default_ciphers field and documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
Pavel-Koev committed Oct 19, 2023
1 parent 491a5c2 commit efd7495
Show file tree
Hide file tree
Showing 4 changed files with 39 additions and 6 deletions.
5 changes: 3 additions & 2 deletions incapsula/client_site_ssl_settings.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,9 @@ type InboundTLSSettingsConfiguration struct {
}

type TLSConfiguration struct {
TLSVersion string `json:"tlsVersion"`
CiphersSupport []string `json:"ciphersSupport"`
TLSVersion string `json:"tlsVersion"`
UseDefaultCiphers bool `json:"useDefaultCiphers"`
CiphersSupport []string `json:"ciphersSupport"`
}

type SSLSettingsDTO struct {
Expand Down
7 changes: 5 additions & 2 deletions incapsula/client_site_ssl_settings_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -279,14 +279,16 @@ func getUpdateSiteSSLSettingsDTO() SSLSettingsResponse {
ConfigurationProfile: "CUSTOM",
TLSConfigurations: []TLSConfiguration{
{
TLSVersion: "TLS 1.1",
TLSVersion: "TLS 1.1",
UseDefaultCiphers: false,
CiphersSupport: []string{
"TLS_AES_128_GCM_SHA256",
"TLS_AES_128_GCM_SHA256",
},
},
{
TLSVersion: "TLS 1.2",
TLSVersion: "TLS 1.2",
UseDefaultCiphers: false,
CiphersSupport: []string{
"TLS_AES_128_GCM_SHA256",
"TLS_AES_128_GCM_SHA256",
Expand Down Expand Up @@ -329,6 +331,7 @@ func getValidJSONResponse() string {
"tlsConfiguration": [
{
"tlsVersion": "TLS 1.1",
"useDefaultCiphers": false,
"ciphersSupport": [
"TLS_AES_128_GCM_SHA256",
"TLS_AES_128_GCM_SHA256"
Expand Down
11 changes: 9 additions & 2 deletions incapsula/resource_site_ssl_settings.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,10 @@ var inboundTLSSettingsResource = schema.Resource{
Type: schema.TypeString,
Required: true,
},
"use_default_ciphers": {
Type: schema.TypeBool,
Required: true,
},
"ciphers_support": {
Type: schema.TypeList,
Required: true,
Expand Down Expand Up @@ -230,6 +234,7 @@ func mapInboundTLSSettingsResponseToResource(d *schema.ResourceData, settingsDat
for _, tlsConfig := range inboundTLSSettingsFromServer.TLSConfigurations {
tlsConfigMap := make(map[string]interface{})
tlsConfigMap["tls_version"] = tlsConfig.TLSVersion
tlsConfigMap["use_default_ciphers"] = tlsConfig.UseDefaultCiphers
tlsConfigMap["ciphers_support"] = toStringInterfaceSlice(tlsConfig.CiphersSupport)

tlsConfigurations = append(tlsConfigurations, tlsConfigMap)
Expand Down Expand Up @@ -261,11 +266,13 @@ func mapInboundTLSSettingsResourceToDTO(resourceData *schema.ResourceData) *Inbo
for _, tlsConfig := range tlsConfigurations {
tlsConfigMap := tlsConfig.(map[string]interface{})
tlsVersion := tlsConfigMap["tls_version"].(string)
useDefaultCiphers := tlsConfigMap["use_default_ciphers"].(bool)
ciphersSupport := tlsConfigMap["ciphers_support"].([]interface{})

tlsConfigDTO := TLSConfiguration{
TLSVersion: tlsVersion,
CiphersSupport: toStringSlice(ciphersSupport),
TLSVersion: tlsVersion,
UseDefaultCiphers: useDefaultCiphers,
CiphersSupport: toStringSlice(ciphersSupport),
}

dto.TLSConfigurations = append(dto.TLSConfigurations, tlsConfigDTO)
Expand Down
22 changes: 22 additions & 0 deletions website/docs/r/site_ssl_settings.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ The following arguments are supported:
* `site_id` - (Required) Numeric identifier of the site to operate on.
* `hsts` - (Optional): HTTP Strict Transport Security (HSTS) configuration settings for the site.
- Type: `set` of `hsts_config` resource (defined below)
* `inbound_tls_settings` - (Optional): Transport Layer Security (TLS) configuration settings for the site.
- Type: `set` of `inbound_tls_settings` resource (defined below)

## Schema of `hsts_config` resource

Expand All @@ -55,6 +57,26 @@ The `hsts_config` resource represents the configuration settings for HTTP Strict
- Type: `bool`
- Default: `false`

## Schema of `inbound_tls_settings` resource

The `inbound_tls_settings` resource represents the configuration settings for Transport Layer Security (TLS).

* `configuration_profile` - (Required): Where to use a pre-defined or custom configuration for TLS settings.
- Type: `string`
* `tls_configuration` - (Optional): List supported TLS versions and ciphers.
- Type: `List`

### Nested Schema for `tls_configuration`

* `tls_version` - (Required): TLS supported versions.
- Type: `string`
* `use_default_ciphers` - (Required): Whether to use Imperva’s default ciphers for this TLS version
- Type: `bool`
- Default: `true`
* `ciphers_support` - (Optional): List of ciphers to use for this TLS version.
- Type: `List`


## Attributes Reference

The following attributes are exported:
Expand Down

0 comments on commit efd7495

Please sign in to comment.