add PQC flag to site ssl config resource (#613)

* add PQC flag to site ssl config resource

* add PQC flag to site ssl config resource

---------

Co-authored-by: eilon.shai <eilon.shai@imperva.com>

Author: eilon-shai

incapsula/client_site_ssl_settings.go

@@ -28,6 +28,7 @@ type TLSConfiguration struct {
 type SSLSettingsDTO struct {
 	HstsConfiguration               *HSTSConfiguration               `json:"hstsConfiguration,omitempty"`
 	InboundTLSSettingsConfiguration *InboundTLSSettingsConfiguration `json:"inboundTlsSettings,omitempty"`
+	DisablePQCSupport               bool                             `json:"disablePQCSupport"`
 }
 
 type SSLSettingsResponse struct {

incapsula/client_site_ssl_settings_test.go

@@ -300,7 +300,7 @@ func getUpdateSiteSSLSettingsDTO() SSLSettingsResponse {
 						},
 					},
 				},
-				// add more setting types here
+				DisablePQCSupport: true,
 			},
 		},
 	}

incapsula/resource_site_ssl_settings.go

@@ -2,10 +2,11 @@ package incapsula
 
 import (
 	"fmt"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"log"
 	"strconv"
 	"strings"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
 var hstsConfigResource = schema.Resource{
@@ -126,6 +127,12 @@ func resourceSiteSSLSettings() *schema.Resource {
 				Elem:     &inboundTLSSettingsResource,
 				Set:      schema.HashResource(&inboundTLSSettingsResource),
 			},
+			"disable_pqc_support": {
+				Type:        schema.TypeBool,
+				Description: "Disable Post-Quantum Cryptography support for SNI traffic",
+				Optional:    true,
+				Default:     false,
+			},
 		},
 	}
 }
@@ -165,6 +172,7 @@ func resourceSiteSSLSettingsRead(d *schema.ResourceData, m interface{}) error {
 
 	mapHSTSResponseToHSTSResource(d, settingsData)
 	mapInboundTLSSettingsResponseToResource(d, settingsData)
+	d.Set("disable_pqc_support", settingsData.Data[0].DisablePQCSupport)
 	// map other settings here
 
 	return nil
@@ -334,7 +342,7 @@ func getSSLSettingsDTO(d *schema.ResourceData) SSLSettingsResponse {
 			{
 				HstsConfiguration:               hstsSettings,
 				InboundTLSSettingsConfiguration: inboundTLSSettings,
-				// add more setting types here
+				DisablePQCSupport:               d.Get("disable_pqc_support").(bool),
 			},
 		},
 	}

website/docs/r/site_ssl_settings.html.markdown

@@ -52,7 +52,8 @@ resource "incapsula_site_ssl_settings" "example"  {
         "TLS_AES_256_GCM_SHA384",
       ]
     }
-  }
+  },
+  disable_pqc_support: false
 }
 ```
 
@@ -66,6 +67,9 @@ The following arguments are supported:
     - Type: `set` of `hsts_config` resource (defined below)
 * `inbound_tls_settings` - (Optional): Transport Layer Security (TLS) configuration settings for the site.
   - Type: `set` of `inbound_tls_settings` resource (defined below)
+* `disable_pqc_support` - (Optional): Disable Post-Quantum Cryptography support for SNI traffic.
+    - Type: `bool`
+    - Default: `false`
 
 ## Schema of `hsts_config` resource