fix(CIS): updated domain settings (IBM-Cloud#6163)

* fix(CIS): Update domain settings

* go mod changes

Author: sirijareddyibm

go.mod

@@ -32,7 +32,7 @@ require (
 	github.com/IBM/logs-go-sdk v0.4.0
 	github.com/IBM/logs-router-go-sdk v1.0.7
 	github.com/IBM/mqcloud-go-sdk v0.2.0
-	github.com/IBM/networking-go-sdk v0.51.3
+	github.com/IBM/networking-go-sdk v0.51.4
 	github.com/IBM/platform-services-go-sdk v0.78.0
 	github.com/IBM/project-go-sdk v0.3.5
 	github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5
@@ -207,6 +207,7 @@ require (
 	go.opentelemetry.io/otel/metric v1.28.0 // indirect
 	go.opentelemetry.io/otel/trace v1.28.0 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
+	go.uber.org/automaxprocs v1.6.0 // indirect
 	go.uber.org/ratelimit v0.2.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/mod v0.21.0 // indirect

go.sum

@@ -154,8 +154,8 @@ github.com/IBM/logs-router-go-sdk v1.0.7 h1:uQjQAAcQdo3XvhY6MC7HakhZaXIUsGfUmKj2
 github.com/IBM/logs-router-go-sdk v1.0.7/go.mod h1:tCN2vFgu5xG0ob9iJcxi5M4bJ6mWmu3nhmRPnvlwev0=
 github.com/IBM/mqcloud-go-sdk v0.2.0 h1:QOWk8ZGk0QfIL0MOGTKzNdM3Qe0Hk+ifAFtNSFQo5HU=
 github.com/IBM/mqcloud-go-sdk v0.2.0/go.mod h1:VZQKMtqmcdXKhmLhLiPuS/UHMs/5yo2tA/nD83cQt9E=
-github.com/IBM/networking-go-sdk v0.51.3 h1:GW2VLP7XVcAHin6eWnCNA9l3gsv5tnyjf5UgGwMA7hk=
-github.com/IBM/networking-go-sdk v0.51.3/go.mod h1:T27XI2gtPjT7tW9nkHgrpBUNbmAc9OR41Z78Y493PoA=
+github.com/IBM/networking-go-sdk v0.51.4 h1:rkbR+gUkksLKjNYL5YEWEAMv3qddR0mUkxObDMa4l/s=
+github.com/IBM/networking-go-sdk v0.51.4/go.mod h1:gjCFEp+UVP7FUlcq2C1RaoZAXFcD39CQdlUk7uVKko4=
 github.com/IBM/platform-services-go-sdk v0.78.0 h1:OqfO8Qd4HQJcpgP/CLnjqFPgXtXLPbPxXlRzX4SQUH0=
 github.com/IBM/platform-services-go-sdk v0.78.0/go.mod h1:sX7rPXMNqmAt6wQyjnF+oISRFwz6I6XNX9My/mzLqp4=
 github.com/IBM/project-go-sdk v0.3.5 h1:L+YClFUa14foS0B/hOOY9n7sIdsT5/XQicnXOyJSpyM=
@@ -1013,8 +1013,8 @@ github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+
 github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM=
 github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
 github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
-github.com/onsi/ginkgo/v2 v2.23.0 h1:FA1xjp8ieYDzlgS5ABTpdUDB7wtngggONc8a7ku2NqQ=
-github.com/onsi/ginkgo/v2 v2.23.0/go.mod h1:zXTP6xIp3U8aVuXN8ENK9IXRaTjFnpVB9mGmaSRvxnM=
+github.com/onsi/ginkgo/v2 v2.23.4 h1:ktYTpKJAVZnDT4VjxSbiBenUjmlL/5QkBEocaWXiQus=
+github.com/onsi/ginkgo/v2 v2.23.4/go.mod h1:Bt66ApGPBFzHyR+JO10Zbt0Gsp4uWxu5mIOTusL46e8=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
@@ -1046,8 +1046,8 @@ github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJK
 github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
 github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
 github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
-github.com/onsi/gomega v1.36.3 h1:hID7cr8t3Wp26+cYnfcjR6HpJ00fdogN6dqZ1t6IylU=
-github.com/onsi/gomega v1.36.3/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
+github.com/onsi/gomega v1.37.0 h1:CdEG8g0S133B4OswTDC/5XPSzE1OeP29QOioj2PID2Y=
+github.com/onsi/gomega v1.37.0/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
 github.com/openshift/api v0.0.0-20210105115604-44119421ec6b/go.mod h1:aqU5Cq+kqKKPbDMqxo9FojgDeSpNJI7iuskjXjtojDg=
 github.com/openshift/api v0.0.0-20240301093301-ce10821dc999 h1:+S998xHiJApsJZjRAO8wyedU9GfqFd8mtwWly6LqHDo=
 github.com/openshift/api v0.0.0-20240301093301-ce10821dc999/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4=
@@ -1298,6 +1298,8 @@ go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
 go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
+go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=

ibm/service/cis/resource_ibm_cis_domain_settings.go

@@ -72,6 +72,8 @@ const (
 	cisDomainSettingsMaxUploadValidatorID       = "max_upload"
 	cisDomainSettingsCipherValidatorID          = "cipher"
 	cisDomainSettingsProxyReadTimeout           = "proxy_read_timeout"
+	cisDomainSettingsOpportunisticOnion         = "opportunistic_onion"
+	cisDomainSettingsLogRetention               = "log_retention"
 )
 
 func ResourceIBMCISSettings() *schema.Resource {
@@ -484,6 +486,21 @@ func ResourceIBMCISSettings() *schema.Resource {
 					},
 				},
 			},
+			cisDomainSettingsOpportunisticOnion: {
+				Type:        schema.TypeString,
+				Description: "Opportunistic onion setting",
+				Optional:    true,
+				Computed:    true,
+				ValidateFunc: validate.InvokeValidator(
+					ibmCISDomainSettings,
+					cisDomainSettingsOpportunisticOnion),
+			},
+			cisDomainSettingsLogRetention: {
+				Type:        schema.TypeBool,
+				Description: "Log Retention setting",
+				Optional:    true,
+				Computed:    true,
+			},
 		},
 
 		Create:   resourceCISSettingsUpdate,
@@ -780,6 +797,13 @@ func ResourceIBMCISDomainSettingValidator() *validate.ResourceValidator {
 			Optional:                   true,
 			MinValue:                   "1",
 			MaxValue:                   "6000"})
+	validateSchema = append(validateSchema,
+		validate.ValidateSchema{
+			Identifier:                 cisDomainSettingsOpportunisticOnion,
+			ValidateFunctionIdentifier: validate.ValidateAllowedStringValue,
+			Type:                       validate.TypeString,
+			Optional:                   true,
+			AllowedValues:              "on, off"})
 	ibmCISDomainSettingResourceValidator := validate.ResourceValidator{
 		ResourceName: ibmCISDomainSettings,
 		Schema:       validateSchema}
@@ -821,6 +845,8 @@ var settingsList = []string{
 	cisDomainSettingsOriginMaxHTTPVersion,
 	cisDomainSettingsOriginPostQuantumEncryption,
 	cisDomainSettingsProxyReadTimeout,
+	cisDomainSettingsOpportunisticOnion,
+	cisDomainSettingsLogRetention,
 }
 
 func resourceCISSettingsUpdate(d *schema.ResourceData, meta interface{}) error {
@@ -1155,6 +1181,22 @@ func resourceCISSettingsUpdate(d *schema.ResourceData, meta interface{}) error {
 					_, resp, err = cisClient.UpdateMobileRedirect(opt)
 				}
 			}
+		case cisDomainSettingsOpportunisticOnion:
+			if d.HasChange(item) {
+				if v, ok := d.GetOk(item); ok {
+					opt := cisClient.NewUpdateOpportunisticOnionOptions()
+					opt.SetValue(v.(string))
+					_, resp, err = cisClient.UpdateOpportunisticOnion(opt)
+				}
+			}
+		case cisDomainSettingsLogRetention:
+			if d.HasChange(item) {
+				if v, ok := d.GetOk(item); ok {
+					opt := cisClient.NewUpdateLogRetentionOptions(*cisClient.Crn, *cisClient.ZoneIdentifier)
+					opt.SetFlag(v.(bool))
+					_, resp, err = cisClient.UpdateLogRetention(opt)
+				}
+			}
 		}
 		if err != nil {
 			if resp != nil && resp.StatusCode == 405 {
@@ -1534,6 +1576,23 @@ func resourceCISSettingsRead(d *schema.ResourceData, meta interface{}) error {
 			}
 			settingResponse = resp
 			settingErr = err
+
+		case cisDomainSettingsOpportunisticOnion:
+			opt := cisClient.NewGetOpportunisticOnionOptions()
+			result, resp, err := cisClient.GetOpportunisticOnion(opt)
+			if err == nil {
+				d.Set(cisDomainSettingsOpportunisticOnion, result.Result.Value)
+			}
+			settingResponse = resp
+			settingErr = err
+		case cisDomainSettingsLogRetention:
+			opt := cisClient.NewGetLogRetentionOptions(*cisClient.Crn, *cisClient.ZoneIdentifier)
+			result, resp, err := cisClient.GetLogRetention(opt)
+			if err == nil {
+				d.Set(cisDomainSettingsLogRetention, result.Result.Flag)
+			}
+			settingResponse = resp
+			settingErr = err
 		}
 
 		if settingErr != nil {

metadata/provider_metadata.json

@@ -94240,6 +94240,22 @@
                 "options": "on, off",
                 "optional": true,
                 "computed": true
+            },
+            {
+                "name": "opportunistic_onion",
+                "type": "TypeString",
+                "description": "opportunistic_onion setting",
+                "options": "on, off",
+                "optional": true,
+                "computed": true
+            },
+            {
+                "name": "log_retention",
+                "type": "TypeBool",
+                "description": "log_retention setting",
+                "options": "true, false",
+                "optional": true,
+                "computed": true
             }
         ],
         "ibm_cis_edge_functions_action": [
@@ -152774,4 +152790,4 @@
         ]
     },
     "Version": "1.59.0"
-}
+}

website/docs/r/cis_domain_settings.html.markdown

@@ -43,6 +43,8 @@ resource "ibm_cis_domain_settings" "test_domain_settings" {
   tls_client_auth             = "off"
   true_client_ip_header       = "off"
   websockets                  = "off"
+  opportunistic_onion         = "off"
+  log_retention               = false
   challenge_ttl               = 31536000
   max_upload                  = 300
   cipher                      = ["AES128-SHA256"]
@@ -115,6 +117,8 @@ resource "ibm_cis_domain_settings" "test_domain_settings" {
   tls_client_auth             = "off"
   true_client_ip_header       = "off"
   websockets                  = "off"
+  opportunistic_onion         = "off"
+  log_retention               = false
   challenge_ttl               = 31536000
   max_upload                  = 300
   cipher                      = []
@@ -209,6 +213,8 @@ Review the argument references that you can specify for your resource.
 - `origin_max_http_version` - (Optional, String) Sets the highest HTTP version to use with origin. Supported values are `1` and `2`.
 - `origin_post_quantum_encryption` - (Optional, String) Wheather to use post-quantum key agreement algorithms when connecting to the origin. Supported values are `off`, `preferred` and `supported`.
 - `proxy_read_timeout` - (Optional, Integer) Maximum time between two read operations from origin. Valid values are `1-6000`.
+- `opportunistic_onion` - (Optional, String) Supported values are `off` and `on`.
+- `log_retention` - (Optional, String) Supported values are `false` and `true`.
 
 ### Note