From 3e1dca8c8d2a2fa82eb23fa3799d3fe3a8673a97 Mon Sep 17 00:00:00 2001 From: Russell Kerns Date: Mon, 5 Feb 2024 15:28:07 -0600 Subject: [PATCH] AUTH-5608 added warp auth fields to access organizations and apps --- .changelog/3103.txt | 7 +++++++ .../resource_cloudflare_access_application.go | 3 +++ .../resource_cloudflare_access_application_test.go | 3 +++ .../resource_cloudflare_access_organization.go | 4 ++++ .../resource_cloudflare_access_organization_test.go | 4 ++++ .../schema_cloudflare_access_application.go | 8 +++++++- .../schema_cloudflare_access_organization.go | 10 ++++++++++ 7 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 .changelog/3103.txt diff --git a/.changelog/3103.txt b/.changelog/3103.txt new file mode 100644 index 00000000000..e47e759177c --- /dev/null +++ b/.changelog/3103.txt @@ -0,0 +1,7 @@ +```release-note:enhancement +resource/cloudflare_access_application: adds the ability to set allow_authenticate_via_warp. +``` + +```release-note:enhancement +resource/cloudflare_access_organization: adds the ability to set allow_authenticate_via_warp and warp_auth_session_duration. +``` \ No newline at end of file diff --git a/internal/sdkv2provider/resource_cloudflare_access_application.go b/internal/sdkv2provider/resource_cloudflare_access_application.go index c8ac4dc227a..6564cf08a42 100644 --- a/internal/sdkv2provider/resource_cloudflare_access_application.go +++ b/internal/sdkv2provider/resource_cloudflare_access_application.go @@ -53,6 +53,7 @@ func resourceCloudflareAccessApplicationCreate(ctx context.Context, d *schema.Re SkipInterstitial: cloudflare.BoolPtr(d.Get("skip_interstitial").(bool)), AppLauncherVisible: cloudflare.BoolPtr(d.Get("app_launcher_visible").(bool)), ServiceAuth401Redirect: cloudflare.BoolPtr(d.Get("service_auth_401_redirect").(bool)), + AllowAuthenticateViaWarp: cloudflare.BoolPtr(d.Get("allow_authenticate_via_warp").(bool)), } if value, ok := d.GetOk("allowed_idps"); ok { @@ -159,6 +160,7 @@ func resourceCloudflareAccessApplicationRead(ctx context.Context, d *schema.Reso d.Set("bg_color", accessApplication.AccessAppLauncherCustomization.BackgroundColor) d.Set("header_bg_color", accessApplication.AccessAppLauncherCustomization.HeaderBackgroundColor) d.Set("app_launcher_logo_url", accessApplication.AccessAppLauncherCustomization.LogoURL) + d.Set("allow_authenticate_via_warp", accessApplication.AllowAuthenticateViaWarp) if _, ok := d.GetOk("footer_links"); ok { footerLinks := convertFooterLinksStructToSchema(d, accessApplication.AccessAppLauncherCustomization.FooterLinks) @@ -213,6 +215,7 @@ func resourceCloudflareAccessApplicationUpdate(ctx context.Context, d *schema.Re SkipInterstitial: cloudflare.BoolPtr(d.Get("skip_interstitial").(bool)), AppLauncherVisible: cloudflare.BoolPtr(d.Get("app_launcher_visible").(bool)), ServiceAuth401Redirect: cloudflare.BoolPtr(d.Get("service_auth_401_redirect").(bool)), + AllowAuthenticateViaWarp: cloudflare.BoolPtr(d.Get("allow_authenticate_via_warp").(bool)), } if appType != "saas" { diff --git a/internal/sdkv2provider/resource_cloudflare_access_application_test.go b/internal/sdkv2provider/resource_cloudflare_access_application_test.go index 7f113e1c985..5d915788998 100644 --- a/internal/sdkv2provider/resource_cloudflare_access_application_test.go +++ b/internal/sdkv2provider/resource_cloudflare_access_application_test.go @@ -97,6 +97,7 @@ func TestAccCloudflareAccessApplication_BasicZone(t *testing.T) { resource.TestCheckResourceAttr(name, "cors_headers.#", "0"), resource.TestCheckResourceAttr(name, "saas_app.#", "0"), resource.TestCheckResourceAttr(name, "auto_redirect_to_identity", "false"), + resource.TestCheckResourceAttr(name, "allow_authenticate_via_warp", "true"), ), }, }, @@ -126,6 +127,7 @@ func TestAccCloudflareAccessApplication_BasicAccount(t *testing.T) { resource.TestCheckResourceAttr(name, "cors_headers.#", "0"), resource.TestCheckResourceAttr(name, "sass_app.#", "0"), resource.TestCheckResourceAttr(name, "auto_redirect_to_identity", "false"), + resource.TestCheckResourceAttr(name, "allow_authenticate_via_warp", "true"), ), }, }, @@ -641,6 +643,7 @@ resource "cloudflare_access_application" "%[1]s" { type = "self_hosted" session_duration = "24h" auto_redirect_to_identity = false + allow_authenticate_via_warp = true } `, rnd, domain, identifier.Type, identifier.Identifier) } diff --git a/internal/sdkv2provider/resource_cloudflare_access_organization.go b/internal/sdkv2provider/resource_cloudflare_access_organization.go index 6772265be14..f6d6f3edd21 100644 --- a/internal/sdkv2provider/resource_cloudflare_access_organization.go +++ b/internal/sdkv2provider/resource_cloudflare_access_organization.go @@ -61,6 +61,8 @@ func resourceCloudflareAccessOrganizationRead(ctx context.Context, d *schema.Res d.Set("user_seat_expiration_inactive_time", organization.UserSeatExpirationInactiveTime) d.Set("auto_redirect_to_identity", organization.AutoRedirectToIdentity) d.Set("session_duration", organization.SessionDuration) + d.Set("warp_auth_session_duration", organization.WarpAuthSessionDuration) + d.Set("allow_authenticate_via_warp", organization.AllowAuthenticateViaWarp) loginDesign := convertLoginDesignStructToSchema(ctx, d, &organization.LoginDesign) if loginDesignErr := d.Set("login_design", loginDesign); loginDesignErr != nil { @@ -87,6 +89,8 @@ func resourceCloudflareAccessOrganizationUpdate(ctx context.Context, d *schema.R UserSeatExpirationInactiveTime: d.Get("user_seat_expiration_inactive_time").(string), AutoRedirectToIdentity: cloudflare.BoolPtr(d.Get("auto_redirect_to_identity").(bool)), SessionDuration: cloudflare.StringPtr(d.Get("session_duration").(string)), + WarpAuthSessionDuration: cloudflare.StringPtr(d.Get("warp_auth_session_duration").(string)), + AllowAuthenticateViaWarp: cloudflare.BoolPtr(d.Get("allow_authenticate_via_warp").(bool)), } loginDesign := convertLoginDesignSchemaToStruct(d) updatedAccessOrganization.LoginDesign = *loginDesign diff --git a/internal/sdkv2provider/resource_cloudflare_access_organization_test.go b/internal/sdkv2provider/resource_cloudflare_access_organization_test.go index 5141f2ff195..e474791736f 100644 --- a/internal/sdkv2provider/resource_cloudflare_access_organization_test.go +++ b/internal/sdkv2provider/resource_cloudflare_access_organization_test.go @@ -37,6 +37,8 @@ func TestAccCloudflareAccessOrganization(t *testing.T) { resource.TestCheckResourceAttr(name, "login_design.0.header_text", "My header text"), resource.TestCheckResourceAttr(name, "login_design.0.footer_text", "My footer text"), resource.TestCheckResourceAttr(name, "session_duration", "12h"), + resource.TestCheckResourceAttr(name, "warp_auth_session_duration", "36h"), + resource.TestCheckResourceAttr(name, "allow_authenticate_via_warp", "false"), ), ResourceName: name, ImportState: true, @@ -86,6 +88,8 @@ func testAccCloudflareAccessOrganizationConfigBasic(rnd, accountID string) strin user_seat_expiration_inactive_time = "1460h" auto_redirect_to_identity = false session_duration = "12h" + warp_auth_session_duration = "36h" + allow_authenticate_via_warp = false login_design { background_color = "#FFFFFF" diff --git a/internal/sdkv2provider/schema_cloudflare_access_application.go b/internal/sdkv2provider/schema_cloudflare_access_application.go index 518619405f4..5934ab9c4af 100644 --- a/internal/sdkv2provider/schema_cloudflare_access_application.go +++ b/internal/sdkv2provider/schema_cloudflare_access_application.go @@ -2,9 +2,10 @@ package sdkv2provider import ( "fmt" - "github.com/cloudflare/cloudflare-go" "time" + "github.com/cloudflare/cloudflare-go" + "github.com/cloudflare/terraform-provider-cloudflare/internal/consts" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" @@ -386,6 +387,11 @@ func resourceCloudflareAccessApplicationSchema() map[string]*schema.Schema { }, }, }, + "allow_authenticate_via_warp": { + Type: schema.TypeBool, + Optional: true, + Description: "When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.", + }, } } diff --git a/internal/sdkv2provider/schema_cloudflare_access_organization.go b/internal/sdkv2provider/schema_cloudflare_access_organization.go index e381c3bd464..23a004892e2 100644 --- a/internal/sdkv2provider/schema_cloudflare_access_organization.go +++ b/internal/sdkv2provider/schema_cloudflare_access_organization.go @@ -121,6 +121,16 @@ func resourceCloudflareAccessOrganizationSchema() map[string]*schema.Schema { }, }, }, + "allow_authenticate_via_warp": { + Type: schema.TypeBool, + Optional: true, + Description: "When set to true, users can authenticate via WARP for any application in your organization. Application settings will take precedence over this value.", + }, + "warp_auth_session_duration": { + Type: schema.TypeString, + Optional: true, + Description: "The amount of time that tokens issued for applications will be valid. Must be in the format 30m or 2h45m. Valid time units are: m, h.", + }, } }