Merge pull request #969 from F5Networks/url_enforcement_mode

Added new parameter to waf_entity_url resource

bigip/datasource_bigip_waf_entity_url.go

@@ -77,6 +77,35 @@ func dataSourceBigipWafEntityUrl() *schema.Resource {
 					},
 				},
 			},
+			"cross_origin_requests_enforcement": {
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"include_subdomains": {
+							Type:        schema.TypeBool,
+							Optional:    true,
+							Default:     false,
+							Description: "Specifies whether the subdomains are allowed to receive data from the web application.",
+						},
+						"origin_name": {
+							Type:        schema.TypeString,
+							Required:    true,
+							Description: "Specifies the name of the origin with which you want to share your data.",
+						},
+						"origin_port": {
+							Type:        schema.TypeString,
+							Required:    true,
+							Description: "Specifies the port that other web applications are allowed to use to request data from your web application.",
+						},
+						"origin_protocol": {
+							Type:        schema.TypeString,
+							Required:    true,
+							Description: "Specifies the protocol that other web applications are allowed to use to request data from your web application.",
+						},
+					},
+				},
+			},
 			"signature_overrides_disable": {
 				Type:        schema.TypeList,
 				Optional:    true,
@@ -131,6 +160,24 @@ func dataSourceBigipWafEntityUrlRead(ctx context.Context, d *schema.ResourceData
 		urlJson.MethodsOverrideOnUrlCheck = true
 	}
 
+	allowedOriginsCount := d.Get("cross_origin_requests_enforcement.#").(int)
+	if allowedOriginsCount > 0 {
+		urlJson.HTML5CrossOriginRequestsEnforcement.EnforcementMode = "enforce"
+
+		allowedOrigins := make([]bigip.WafUrlAllowedOrigins, 0, allowedOriginsCount)
+		for i := 0; i < allowedOriginsCount; i++ {
+			var a bigip.WafUrlAllowedOrigins
+			prefix := fmt.Sprintf("cross_origin_requests_enforcement.%d", i)
+			a.IncludeSubdomains = d.Get(prefix + ".include_subdomains").(bool)
+			a.OriginName = d.Get(prefix + ".origin_name").(string)
+			a.OriginPort = d.Get(prefix + ".origin_port").(string)
+			a.OriginProtocol = d.Get(prefix + ".origin_protocol").(string)
+			allowedOrigins = append(allowedOrigins, a)
+		}
+
+		urlJson.HTML5CrossOriginRequestsEnforcement.AllowerOrigins = allowedOrigins
+	}
+
 	jsonString, err := json.Marshal(urlJson)
 	if err != nil {
 		return diag.FromErr(err)

docs/data-sources/bigip_waf_entity_url.md

@@ -30,6 +30,18 @@ data "bigip_waf_entity_url" "WAFURL1" {
     allow  = true
     method = "BDELETE"
   }
+  cross_origin_requests_enforcement {
+    include_subdomains = true
+    origin_name        = "app1.com"
+    origin_port        = "80"
+    origin_protocol    = "http"
+  }
+  cross_origin_requests_enforcement {
+    include_subdomains = true
+    origin_name        = "app2.com"
+    origin_port        = "443"
+    origin_protocol    = "http"
+  }
 }
 
 ```
@@ -46,6 +58,12 @@ data "bigip_waf_entity_url" "WAFURL1" {
 * `method_overrides` - (Optional) A list of methods that are allowed or disallowed for a specific URL.
   * `allow` - (Required) Specifies that the system allows or disallows a method for this URL
   * `method` - (Required) Specifies an HTTP method.
+* `cross_origin_requests_enforcement` - (Optional) A list of options that enables your web-application to share data with a website hosted on a
+different domain.
+  * `include_subdomains` - (Required) Determines whether the subdomains are allowed to receive data from the web application.
+  * `origin_name` - (Required) Specifies the name of the origin with which you want to share your data.
+  * `origin_port` - (Required) Specifies the port that other web applications are allowed to use to request data from your web application.
+  * `origin_protocol` - (Required) Specifies the protocol that other web applications are allowed to use to request data from your web application.
 
 
 ## Attributes Reference