From a4361a9c3428455ab7e259f2928b06b5d61be542 Mon Sep 17 00:00:00 2001
From: Ujjwal Kumar <Ujjwal.Kumar1@ibm.com>
Date: Tue, 16 Mar 2021 22:03:26 +0530
Subject: [PATCH] enhancement: added DH group 19 and sha 512 support for TFP

---
 ibm/resource_ibm_is_ike_policy.go            | 4 ++--
 ibm/resource_ibm_is_ipsec_policy.go          | 2 +-
 ibm/validators.go                            | 4 ++--
 website/docs/r/is_ike_policy.html.markdown   | 6 +++---
 website/docs/r/is_ipsec_policy.html.markdown | 4 ++--
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/ibm/resource_ibm_is_ike_policy.go b/ibm/resource_ibm_is_ike_policy.go
index 0c4c9d1c3a..ef2760aa40 100644
--- a/ibm/resource_ibm_is_ike_policy.go
+++ b/ibm/resource_ibm_is_ike_policy.go
@@ -144,9 +144,9 @@ func resourceIBMISIKEPolicy() *schema.Resource {
 func resourceIBMISIKEValidator() *ResourceValidator {
 
 	validateSchema := make([]ValidateSchema, 1)
-	authentication_algorithm := "md5, sha1, sha256"
+	authentication_algorithm := "md5, sha1, sha256, sha512"
 	encryption_algorithm := "triple_des, aes128, aes256"
-	dh_group := "2, 5, 14"
+	dh_group := "2, 5, 14, 19"
 	ike_version := "1, 2"
 	validateSchema = append(validateSchema,
 		ValidateSchema{
diff --git a/ibm/resource_ibm_is_ipsec_policy.go b/ibm/resource_ibm_is_ipsec_policy.go
index cbef9594fa..691505fc25 100644
--- a/ibm/resource_ibm_is_ipsec_policy.go
+++ b/ibm/resource_ibm_is_ipsec_policy.go
@@ -143,7 +143,7 @@ func resourceIBMISIPSecPolicy() *schema.Resource {
 func resourceIBMISIPSECValidator() *ResourceValidator {
 
 	validateSchema := make([]ValidateSchema, 1)
-	authentication_algorithm := "md5, sha1, sha256"
+	authentication_algorithm := "md5, sha1, sha256, sha512"
 	encryption_algorithm := "triple_des, aes128, aes256"
 	pfs := "disabled, group_2, group_5, group_14"
 	validateSchema = append(validateSchema,
diff --git a/ibm/validators.go b/ibm/validators.go
index bbaa8f233e..937209427e 100644
--- a/ibm/validators.go
+++ b/ibm/validators.go
@@ -259,9 +259,9 @@ func validateMaxConn(v interface{}, k string) (ws []string, errors []error) {
 
 func validateKeyLifeTime(v interface{}, k string) (ws []string, errors []error) {
 	secs := v.(int)
-	if secs < 300 || secs > 86400 {
+	if secs < 1800 || secs > 86400 {
 		errors = append(errors, fmt.Errorf(
-			"%q must be between 300 and 86400",
+			"%q must be between 1800 and 86400",
 			k))
 		return
 	}
diff --git a/website/docs/r/is_ike_policy.html.markdown b/website/docs/r/is_ike_policy.html.markdown
index e8c0c7dbad..d1d33dc5c6 100644
--- a/website/docs/r/is_ike_policy.html.markdown
+++ b/website/docs/r/is_ike_policy.html.markdown
@@ -32,11 +32,11 @@ resource "ibm_is_ike_policy" "example" {
 The following arguments are supported:
 
 * `name` - (Required, string) Name of the IKE policy.
-* `authentication_algorithm` - (Required, string)  The authentication algorithm. Enumeration type: md5, sha1, sha256.
+* `authentication_algorithm` - (Required, string)  The authentication algorithm. Enumeration type: md5, sha1, sha256, sha512.
 * `encryption_algorithm` - (Required, string) The encryption algorithm. Enumeration type: triple_des, aes128, aes256.
-* `dh_group` - (Required, int) The Diffie-Hellman group. Enumeration type: 2, 5, 14.
+* `dh_group` - (Required, int) The Diffie-Hellman group. Enumeration type: 2, 5, 14, 19.
 * `ike_version` - (Optional,int) The IKE protocol version. Enumeration type: 1, 2.
-* `key_lifetime` - (Optional, int) The key lifetime in seconds. Maximum: 86400, Minimum: 300. Default is 28800.
+* `key_lifetime` - (Optional, int) The key lifetime in seconds. Maximum: 86400, Minimum: 1800. Default is 28800.
 * `resource_group` - (Optional, Forces new resource, string) The resource group ID where the ike policy to be created.
 
 ## Attribute Reference
diff --git a/website/docs/r/is_ipsec_policy.html.markdown b/website/docs/r/is_ipsec_policy.html.markdown
index e00bbb178e..0ed5d1fb6f 100644
--- a/website/docs/r/is_ipsec_policy.html.markdown
+++ b/website/docs/r/is_ipsec_policy.html.markdown
@@ -31,10 +31,10 @@ resource "ibm_is_ipsec_policy" "example" {
 The following arguments are supported:
 
 * `name` - (Required, string) Name of the IPsec policy.
-* `authentication_algorithm` - (Required, string)  The authentication algorithm. Enumeration type: md5, sha1, sha256.
+* `authentication_algorithm` - (Required, string)  The authentication algorithm. Enumeration type: md5, sha1, sha256, sha512.
 * `encryption_algorithm` - (Required, string) The encryption algorithm. Enumeration type: triple_des, aes128, aes256.
 * `pfs` - (Required, string) Perfect Forward Secrecy. Enumeration type: disabled, group_2, group_5, group_14.
-* `key_lifetime` - (Optional, int) The key lifetime in seconds. Maximum: 86400, Minimum: 300. Default is 3600.
+* `key_lifetime` - (Optional, int) The key lifetime in seconds. Maximum: 86400, Minimum: 1800. Default is 3600.
 * `resource_group` - (Optional, Forces new resource, string) The resource group ID where the ip sec policy to be created.
 
 ## Attribute Reference