Merge pull request #926 from F5Networks/devel_jira1416

adding bot-defence profile

bigip/provider.go

@@ -190,6 +190,7 @@ func Provider() *schema.Provider {
 			"bigip_ltm_cipher_group":                resourceBigipLtmCipherGroup(),
 			"bigip_partition":                       resourceBigipPartition(),
 			"bigip_ltm_request_log_profile":         resourceBigipLtmProfileRequestLog(),
+			"bigip_ltm_profile_bot_defense":         resourceBigipLtmProfileBotDefense(),
 		},
 	}
 	p.ConfigureContextFunc = func(ctx context.Context, d *schema.ResourceData) (interface{}, diag.Diagnostics) {

bigip/resource_bigip_ltm_profile_bot_defense.go

@@ -0,0 +1,143 @@
+/*
+Copyright 2024 F5 Networks Inc.
+This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
+If a copy of the MPL was not distributed with this file, You can obtain one at https://mozilla.org/MPL/2.0/.
+*/
+package bigip
+
+import (
+	"context"
+	"log"
+
+	bigip "github.com/f5devcentral/go-bigip"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+)
+
+func resourceBigipLtmProfileBotDefense() *schema.Resource {
+	return &schema.Resource{
+		CreateContext: resourceBigipLtmProfileBotDefenseCreate,
+		ReadContext:   resourceBigipLtmProfileBotDefenseRead,
+		UpdateContext: resourceBigipLtmProfileBotDefenseUpdate,
+		DeleteContext: resourceBigipLtmProfileBotDefenseDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				Description:  "Name of the Bot Defense profile",
+				ValidateFunc: validateF5NameWithDirectory,
+			},
+			"defaults_from": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				Default:      "/Common/bot-defense",
+				Description:  "Specifies the profile from which this profile inherits settings. The default is the system-supplied `request-log` profile",
+				ValidateFunc: validateF5Name,
+			},
+			"description": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				Description: "User defined description for Bot Defense profile",
+			},
+			"template": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				ValidateFunc: validation.StringInSlice([]string{
+					"relaxed",
+					"enabled"}, false),
+				Description: "Enables or disables Bot Defense. The default is `disabled`",
+			},
+			"enforcement_mode": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				ValidateFunc: validation.StringInSlice([]string{
+					"transparent",
+					"blocking"}, false),
+				Description: "Specifies the protocol to be used for high-speed logging of requests. The default is `mds-udp`",
+			},
+		},
+	}
+}
+
+func resourceBigipLtmProfileBotDefenseCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client := meta.(*bigip.BigIP)
+	name := d.Get("name").(string)
+	log.Printf("[INFO] Creating Bot Defense Profile:%+v ", name)
+	pss := &bigip.BotDefenseProfile{
+		Name: name,
+	}
+	config := getProfileBotDefenseConfig(d, pss)
+	log.Printf("[DEBUG] Bot Defense Profile config :%+v ", config)
+	err := client.AddBotDefenseProfile(config)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	d.SetId(name)
+	return resourceBigipLtmProfileBotDefenseRead(ctx, d, meta)
+}
+
+func resourceBigipLtmProfileBotDefenseRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client := meta.(*bigip.BigIP)
+	log.Printf("[INFO] Reading Bot Defense Profile:%+v ", client)
+	name := d.Id()
+	log.Printf("[INFO] Reading Bot Defense Profile:%+v ", name)
+	botProfile, err := client.GetBotDefenseProfile(name)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	log.Printf("[DEBUG] Bot Defense Profile config :%+v ", botProfile)
+	d.Set("name", botProfile.FullPath)
+	d.Set("defaults_from", botProfile.DefaultsFrom)
+	d.Set("description", botProfile.Description)
+	d.Set("template", botProfile.Template)
+	d.Set("enforcement_mode", botProfile.EnforcementMode)
+	return nil
+}
+
+func resourceBigipLtmProfileBotDefenseUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client := meta.(*bigip.BigIP)
+	name := d.Id()
+	log.Printf("[INFO] Updating Bot Defense Profile:%+v ", name)
+	pss := &bigip.BotDefenseProfile{
+		Name: name,
+	}
+	config := getProfileBotDefenseConfig(d, pss)
+
+	err := client.ModifyBotDefenseProfile(name, config)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	return resourceBigipLtmProfileBotDefenseRead(ctx, d, meta)
+}
+
+func resourceBigipLtmProfileBotDefenseDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client := meta.(*bigip.BigIP)
+
+	name := d.Id()
+	log.Println("[INFO] Deleting Bot Defense Profile " + name)
+	err := client.DeleteBotDefenseProfile(name)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	d.SetId("")
+	return nil
+}
+
+func getProfileBotDefenseConfig(d *schema.ResourceData, config *bigip.BotDefenseProfile) *bigip.BotDefenseProfile {
+	config.Name = d.Get("name").(string)
+	config.DefaultsFrom = d.Get("defaults_from").(string)
+	config.Description = d.Get("description").(string)
+	config.Template = d.Get("template").(string)
+	config.EnforcementMode = d.Get("enforcement_mode").(string)
+	log.Printf("[INFO][getProfileBotDefenseConfig] config:%+v ", config)
+	return config
+}

bigip/resource_bigip_ltm_profile_bot_defense_test.go

@@ -0,0 +1,83 @@
+package bigip
+
+import (
+	"fmt"
+	"testing"
+
+	bigip "github.com/f5devcentral/go-bigip"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+)
+
+var resBotDefenseName = "bigip_ltm_profile_bot_defense"
+
+func TestAccBigipLtmProfileBotDefenseTC1(t *testing.T) {
+	t.Parallel()
+	var instName = "test-bot-defense-tc1"
+	var TestBotDefenseName = fmt.Sprintf("/%s/%s", TestPartition, instName)
+	resFullName := fmt.Sprintf("%s.%s", resBotDefenseName, instName)
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAcctPreCheck(t)
+		},
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckBotDefensesDestroyed,
+		Steps: []resource.TestStep{
+			{
+				Config: testaccbigipltmprofileBotDefenseDefaultConfig(TestPartition, TestBotDefenseName, instName),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckBotDefenseExists(TestBotDefenseName),
+					resource.TestCheckResourceAttr(resFullName, "name", TestBotDefenseName),
+					resource.TestCheckResourceAttr(resFullName, "defaults_from", "/Common/bot-defense"),
+				),
+				Destroy: false,
+			},
+		},
+	})
+}
+
+func testCheckBotDefenseExists(name string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		client := testAccProvider.Meta().(*bigip.BigIP)
+		p, err := client.GetBotDefenseProfile(name)
+		if err != nil {
+			return err
+		}
+		if p == nil {
+			return fmt.Errorf("BotDefense %s was not created ", name)
+		}
+
+		return nil
+	}
+}
+
+func testCheckBotDefensesDestroyed(s *terraform.State) error {
+	client := testAccProvider.Meta().(*bigip.BigIP)
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "bigip_ltm_profile_bot_defence" {
+			continue
+		}
+
+		name := rs.Primary.ID
+		BotDefense, err := client.GetBotDefenseProfile(name)
+		if err != nil {
+			return err
+		}
+		if BotDefense != nil {
+			return fmt.Errorf("BotDefense %s not destroyed. ", name)
+		}
+	}
+	return nil
+}
+
+func testaccbigipltmprofileBotDefenseDefaultConfig(partition, profileName, resourceName string) string {
+	return fmt.Sprintf(`
+	resource "bigip_ltm_profile_bot_defence" "%[3]s" {
+		name = "%[2]s"
+		defaults_from = "/%[1]s/bot-defense"
+		description = "test-bot"
+		template = "relaxed"
+	  }
+`, partition, profileName, resourceName)
+}