F5Networks · RavinderReddyF5 · Aug 1, 2024 · Aug 1, 2024 · Aug 1, 2024
diff --git a/configs/testwaf.json b/configs/testwaf.json
@@ -0,0 +1,239 @@
+{
+    "policy": {
+     "app-protection": {
+      "enabled": true
+     },
+     "applicationLanguage": "utf-8",
+     "caseInsensitive": true,
+     "cookie-settings": {
+      "maximumCookieHeaderLength": "4096"
+     },
+     "csrf-protection": {
+      "enabled": false
+     },
+     "csrf-urls": [
+      {
+       "enforcementAction": "verify-origin",
+       "method": "POST",
+       "requiredParameters": "ignore",
+       "url": "*",
+       "wildcardOrder": 1
+      }
+     ],
+     "data-guard": {
+      "enabled": false,
+      "enforcementMode": "ignore-urls-in-list"
+     },
+     "description": "",
+     "dos-protection": {
+      "behavioral-dos": {
+       "badActorDetection": {
+        "enableTlsIndexing": true,
+        "enabled": true
+       },
+       "enableHttpSignatures": true,
+       "enableTlsSignatures": false,
+       "mitigationLevel": "standard"
+      },
+      "enabled": false
+     },
+     "enablePassiveMode": false,
+     "enforcementMode": "blocking",
+     "fullPath": "/Common/Rating-Based-Template",
+     "general": {
+      "allowedResponseCodes": [
+       400,
+       401,
+       403,
+       404,
+       405,
+       406,
+       407,
+       415,
+       417,
+       503
+      ],
+      "enableEventCorrelation": true,
+      "enforcementReadinessPeriod": 7,
+      "maskCreditCardNumbersInRequest": true,
+      "pathParameterHandling": "as-parameters",
+      "triggerAsmIruleEvent": "disabled",
+      "trustXff": false,
+      "useDynamicSessionIdInUrl": false
+     },
+     "header-settings": {
+      "maximumHttpHeaderLength": "8192"
+     },
+     "login-enforcement": {
+      "expirationTimePeriod": "disabled"
+     },
+     "name": "test",
+     "performStaging": true,
+     "policy-builder": {
+      "enableFullPolicyInspection": true,
+      "enableTrustedTrafficSiteChangeTracking": true,
+      "enableUntrustedTrafficSiteChangeTracking": true,
+      "inactiveEntityInactivityDurationInDays": 90,
+      "learnFromResponses": false,
+      "learnInactiveEntities": false,
+      "learnOnlyFromNonBotTraffic": true,
+      "learningMode": "on-demand",
+      "responseStatusCodes": [
+       "2xx",
+       "3xx",
+       "1xx"
+      ],
+      "trafficTighten": {
+       "maxModificationSuggestionScore": 50,
+       "minDaysBetweenSamples": 1,
+       "totalRequests": 15000
+      },
+      "trustAllIps": false,
+      "trustedTrafficLoosen": {
+       "differentSources": 1,
+       "maxDaysBetweenSamples": 7,
+       "minHoursBetweenSamples": 0
+      },
+      "trustedTrafficSiteChangeTracking": {
+       "differentSources": 1,
+       "maxDaysBetweenSamples": 7,
+       "minMinutesBetweenSamples": 0
+      },
+      "untrustedTrafficLoosen": {
+       "differentSources": 20,
+       "maxDaysBetweenSamples": 7,
+       "minHoursBetweenSamples": 1
+      },
+      "untrustedTrafficSiteChangeTracking": {
+       "differentSources": 10,
+       "maxDaysBetweenSamples": 7,
+       "minMinutesBetweenSamples": 20
+      }
+     },
+     "policy-builder-central-configuration": {
+      "buildingMode": "local",
+      "eventCorrelationMode": "local"
+     },
+     "policy-builder-cookie": {
+      "collapseCookiesIntoOneEntity": false,
+      "enforceUnmodifiedCookies": false,
+      "learnExplicitCookies": "never",
+      "maximumCookies": 100
+     },
+     "policy-builder-filetype": {
+      "learnExplicitFiletypes": "never",
+      "maximumFileTypes": 100
+     },
+     "policy-builder-header": {
+      "maximumHosts": 10000,
+      "validHostNames": false
+     },
+     "policy-builder-parameter": {
+      "classifyParameters": false,
+      "collapseParametersIntoOneEntity": false,
+      "dynamicParameters": {
+       "allHiddenFields": false,
+       "formParameters": false,
+       "linkParameters": false,
+       "uniqueValueSets": 10
+      },
+      "learnExplicitParameters": "never",
+      "maximumParameters": 10000,
+      "parameterLearningLevel": "global",
+      "parametersIntegerValue": false
+     },
+     "policy-builder-redirection-protection": {
+      "learnExplicitRedirectionDomains": "never",
+      "maximumRedirectionDomains": 100
+     },
+     "policy-builder-server-technologies": {
+      "enableServerTechnologiesDetection": false
+     },
+     "policy-builder-sessions-and-logins": {
+      "learnLoginPage": false
+     },
+     "policy-builder-url": {
+      "classifyUrls": false,
+      "classifyWebsocketUrls": false,
+      "collapseUrlsIntoOneEntity": false,
+      "learnExplicitUrls": "never",
+      "learnExplicitWebsocketUrls": "never",
+      "learnMethodsOnUrls": false,
+      "maximumUrls": 100,
+      "maximumWebsocketUrls": 100,
+      "wildcardUrlFiletypes": [
+       "bmp",
+       "wav",
+       "swf",
+       "gif",
+       "pcx",
+       "pdf",
+       "png",
+       "jpeg",
+       "ico",
+       "jpg"
+      ]
+     },
+     "protocolIndependent": true,
+     "redirection-protection": {
+      "redirectionProtectionEnabled": false
+     },
+     "request-loggers": [
+      {
+       "destination": "toda",
+       "escapingCharacters": [
+        {
+         "from": "\"",
+         "to": "\\\""
+        }
+       ],
+       "filter": [
+        {
+         "field": "enforcementState.hasViolations",
+         "values": [
+          true
+         ]
+        }
+       ],
+       "formatString": "{\"unit_hostname\":\"%unit_hostname%\",\"management_ip_address\":\"%management_ip_address%\",\"management_ip_address_2\":\"%management_ip_address_2%\",\"http_class_name\":\"%http_class_name%\",\"web_application_name\":\"%http_class_name%\",\"policy_name\":\"%policy_name%\",\"policy_apply_date\":\"%policy_apply_date%Z\",\"violations\":\"%violations%\",\"support_id\":\"%support_id%\",\"request_status\":\"%request_status%\",\"response_code\":\"%response_code%\",\"ip_client\":\"%ip_client%\",\"route_domain\":\"%route_domain%\",\"method\":\"%method%\",\"protocol\":\"%protocol%\",\"query_string\":\"%query_string%\",\"x_forwarded_for_header_value\":\"%x_forwarded_for_header_value%\",\"sig_ids\":\"%sig_ids%\",\"sig_names\":\"%sig_names%\",\"date_time\":\"%date_time%Z\",\"severity\":\"%severity%\",\"attack_type\":\"%attack_type%\",\"geo_location\":\"%geo_location%\",\"ip_address_intelligence\":\"%ip_address_intelligence%\",\"username\":\"%username%\",\"session_id\":\"%session_id%\",\"src_port\":\"%src_port%\",\"dest_port\":\"%dest_port%\",\"dest_ip\":\"%dest_ip%\",\"sub_violations\":\"%sub_violations%\",\"virus_name\":\"%virus_name%\",\"microservice\":\"%microservice%\",\"tap_event_id\":\"%tap_event_id%\",\"tap_vid\":\"%tap_vid%\",\"uri\":\"%uri%\",\"violation_details\":\"%violation_details%\",\"violation_rating\":\"%violation_rating%\",\"websocket_direction\":\"%websocket_direction%\",\"websocket_message_type\":\"%websocket_message_type%\",\"compression_method\":\"%compression_method%\",\"device_id\":\"%device_id%\",\"staged_sig_ids\":\"%staged_sig_ids%\",\"staged_sig_names\":\"%staged_sig_names%\",\"threat_campaign_names\":\"%threat_campaign_names%\",\"staged_threat_campaign_names\":\"%staged_threat_campaign_names%\",\"blocking_exception_reason\":\"%blocking_exception_reason%\",\"mobile_application_name\":\"%mobile_application_name%\",\"mobile_application_version\":\"%mobile_application_version%\",\"client_type\":\"%client_type%\",\"captcha_result\":\"%captcha_result%\",\"headers\":\"%headers%\",\"fragment\":\"%fragment%\",\"sig_cves\":\"%sig_cves%\",\"staged_sig_cves\":\"%staged_sig_cves%\",\"avr_id\":\"%avr_id%\",\"ip_with_route_domain\":\"%ip_with_route_domain%\",\"is_truncated\":\"%is_truncated%\",\"sig_set_names\":\"%sig_set_names%\",\"slot_number\":\"%slot_number%\",\"staged_sig_set_names\":\"%staged_sig_set_names%\",\"vs_name\":\"%vs_name%\",\"login_result\":\"%login_result%\",\"request\":\"%request%\",\"response\":\"%response%\",\"bot_signature_name\":\"%bot_signature_name%\",\"bot_anomalies\":\"%bot_anomalies%\",\"enforced_bot_anomalies\":\"%enforced_bot_anomalies%\",\"client_class\":\"%client_class%\",\"bot_category\":\"%bot_category%\",\"policy_builder_data\":\"%policy_builder_data%\"}",
+       "maxMessageSize": 65336,
+       "name": "waf-traffic-request"
+      }
+     ],
+     "sensitive-parameters": [
+      {
+       "name": "password"
+      }
+     ],
+     "signature-sets": [
+      {
+       "alarm": true,
+       "block": false,
+       "learn": true,
+       "name": "High Accuracy Signatures"
+      },
+      {
+       "alarm": true,
+       "block": false,
+       "learn": true,
+       "name": "All Signatures"
+      }
+     ],
+     "signature-settings": {
+      "attackSignatureFalsePositiveMode": "disabled",
+      "minimumAccuracyForAutoAddedSignatures": "high",
+      "placeSignaturesInStaging": false,
+      "signatureStaging": false,
+      "stagingCertificationDatetime": ""
+     },
+     "softwareVersion": "17.0.0",
+     "template": {
+      "name": "BlankTemplate"
+     },
+     "threat-campaign-settings": {
+      "threatCampaignEnforcementReadinessPeriod": 1,
+      "threatCampaignStaging": false
+     },
+     "type": "security"
+    }
+   }
diff --git a/docs/resources/cm_activate_instance_license.md b/docs/resources/cm_activate_instance_license.md
@@ -0,0 +1,46 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "bigipnext_cm_activate_instance_license Resource - terraform-provider-bigipnext"
+subcategory: ""
+description: |-
+  Resource used for Activate/Deactivate License for Instances on Central Manager Using JWT Token
+---
+
+# bigipnext_cm_activate_instance_license (Resource)
+
+Resource used for Activate/Deactivate License for Instances on Central Manager Using JWT Token
+
+## Example Usage
+
+```terraform
+resource "bigipnext_cm_activate_instance_license" "tokenadd" {
+  instances = [{
+    instance_address = "10.xxx.xxx.xxx"
+    jwt_id           = "8a3dc22e-xxxx-xxxxc-xxxx-xxxxxxxx4326"
+    },
+    {
+      instance_address = "10.146.194.174"
+      jwt_id           = "8a3dc22e-xxxx-xxxxc-xxxx-xxxxxxxx4326"
+    }
+  ]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `instances` (Attributes List) List of instances to activate the license (see [below for nested schema](#nestedatt--instances))
+
+### Read-Only
+
+- `id` (String) Unique Identifier for the resource
+
+<a id="nestedatt--instances"></a>
+### Nested Schema for `instances`
+
+Required:
+
+- `instance_address` (String) IP Address of the instance to activate the license
+- `jwt_id` (String) JWT ID to be used to activate the license
diff --git a/docs/resources/cm_add_jwt_token.md b/docs/resources/cm_add_jwt_token.md
@@ -0,0 +1,34 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "bigipnext_cm_add_jwt_token Resource - terraform-provider-bigipnext"
+subcategory: ""
+description: |-
+  Resource used for add/copy JWT Token on Central Manager
+---
+
+# bigipnext_cm_add_jwt_token (Resource)
+
+Resource used for add/copy JWT Token on Central Manager
+
+## Example Usage
+
+```terraform
+resource "bigipnext_cm_add_jwt_token" "tokenadd" {
+  token_name = "paid_test_jwt"
+  jwt_token  = "eyJhbG"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `jwt_token` (String, Sensitive) JWT token to be added on Central Manager
+- `token_name` (String) Nickname to be used to add the JWT token on Central Manager
+
+### Read-Only
+
+- `id` (String) Unique Identifier for the resource
+- `order_type` (String) JWT token to be added on Central Manager
+- `subscription_expiry` (String) JWT token to be added on Central Manager
diff --git a/docs/resources/cm_bootstrap.md b/docs/resources/cm_bootstrap.md
@@ -0,0 +1,61 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "bigipnext_cm_bootstrap Resource - terraform-provider-bigipnext"
+subcategory: ""
+description: |-
+  Resource used for bootstrapping Central Manager
+  ~> NOTE This resource does not support update and delete. When doing terraform destroy it will only remove the resource from the state
+---
+
+# bigipnext_cm_bootstrap (Resource)
+
+Resource used for bootstrapping Central Manager
+
+~> **NOTE** This resource does not support update and delete. When doing `terraform destroy` it will only remove the resource from the state
+
+## Example Usage
+
+```terraform
+resource "bigipnext_cm_bootstrap" "name" {
+  run_setup         = true
+  bootstrap_timeout = 800
+  external_storage = {
+    storage_type    = "NFS"
+    storage_address = "10.28.14.22"
+    storage_path    = "/exports/backup"
+    cm_storage_dir  = "backuppqr"
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `run_setup` (Boolean) Run setup on Central Manager
+
+### Optional
+
+- `bootstrap_timeout` (Number) Timeout for the bootstrap operation
+- `external_storage` (Attributes) External storage configuration (see [below for nested schema](#nestedatt--external_storage))
+
+### Read-Only
+
+- `bootstrap_status` (String) Status of the bootstrap operation
+- `id` (String) ID of the resource
+
+<a id="nestedatt--external_storage"></a>
+### Nested Schema for `external_storage`
+
+Required:
+
+- `storage_address` (String) IP Address of the external storage
+- `storage_path` (String) Directory path that is mounted on the external storage server
+- `storage_type` (String) Type of external storage. Supported values are NFS and SAMBA
+
+Optional:
+
+- `cm_storage_dir` (String) Folder name created on the external storage server to store Central Manager data
+- `password` (String) Password to access the external storage, required if storage type is SAMBA
+- `username` (String) Username to access the external storage, required if storage type is SAMBA
diff --git a/examples/resources/bigipnext_cm_activate_instance_license/resource.tf b/examples/resources/bigipnext_cm_activate_instance_license/resource.tf
@@ -0,0 +1,11 @@
+resource "bigipnext_cm_activate_instance_license" "tokenadd" {
+  instances = [{
+    instance_address = "10.xxx.xxx.xxx"
+    jwt_id           = "8a3dc22e-xxxx-xxxxc-xxxx-xxxxxxxx4326"
+    },
+    {
+      instance_address = "10.146.194.174"
+      jwt_id           = "8a3dc22e-xxxx-xxxxc-xxxx-xxxxxxxx4326"
+    }
+  ]
+}