Merge pull request #3526 from da-cf/support-override-device-global-se…

…ttings Support admin code override disable_for_time field
cloudflare · Sep 2, 2024 · d3cc413 · d3cc413
2 parents 6ecbea3 + 27c1d43
commit d3cc413
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 4 deletions.
diff --git a/.changelog/3526.txt b/.changelog/3526.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/cloudflare_teams_account: Add `disable_for_time` attribute
+```
diff --git a/examples/resources/cloudflare_teams_account/resource.tf b/examples/resources/cloudflare_teams_account/resource.tf
@@ -34,6 +34,7 @@ resource "cloudflare_teams_account" "example" {
     udp        = true
     root_ca    = true
     virtual_ip = false
+    disable_for_time = 3600
   }
 
   url_browser_isolation_enabled = true

diff --git a/internal/sdkv2provider/resource_cloudflare_access_policy_test.go b/internal/sdkv2provider/resource_cloudflare_access_policy_test.go
@@ -1032,6 +1032,7 @@ func testAccessPolicyIsolationRequiredConfig(resourceID, zone, accountID string)
 		  udp = false
 		  root_ca = true
 		  virtual_ip = false
+		  disable_for_time = 3600
 		}
 		logging {
 		  redact_pii = true

diff --git a/internal/sdkv2provider/resource_cloudflare_teams_accounts.go b/internal/sdkv2provider/resource_cloudflare_teams_accounts.go
@@ -351,10 +351,11 @@ func flattenAntivirusConfig(antivirusConfig *cloudflare.TeamsAntivirus) []interf
 
 func flattenTeamsDeviceSettings(deviceSettings *cloudflare.TeamsDeviceSettings) []interface{} {
 	return []interface{}{map[string]interface{}{
-		"tcp":        deviceSettings.GatewayProxyEnabled,
-		"udp":        deviceSettings.GatewayProxyUDPEnabled,
-		"root_ca":    deviceSettings.RootCertificateInstallationEnabled,
-		"virtual_ip": deviceSettings.UseZTVirtualIP,
+		"tcp":              deviceSettings.GatewayProxyEnabled,
+		"udp":              deviceSettings.GatewayProxyUDPEnabled,
+		"root_ca":          deviceSettings.RootCertificateInstallationEnabled,
+		"virtual_ip":       deviceSettings.UseZTVirtualIP,
+		"disable_for_time": deviceSettings.DisableForTime,
 	}}
 }
 
@@ -470,6 +471,7 @@ func inflateDeviceSettings(device interface{}) *cloudflare.TeamsDeviceSettings {
 		GatewayProxyUDPEnabled:             deviceSettings["udp"].(bool),
 		RootCertificateInstallationEnabled: deviceSettings["root_ca"].(bool),
 		UseZTVirtualIP:                     cloudflare.BoolPtr(deviceSettings["virtual_ip"].(bool)),
+		DisableForTime:                     int32(deviceSettings["disable_for_time"].(int)),
 	}
 }
 func flattenSSHSessionLogSettings(logSettings *cloudflare.AuditSSHSettings) []interface{} {

diff --git a/internal/sdkv2provider/resource_cloudflare_teams_accounts_test.go b/internal/sdkv2provider/resource_cloudflare_teams_accounts_test.go
@@ -62,6 +62,7 @@ func TestAccCloudflareTeamsAccounts_ConfigurationBasic(t *testing.T) {
 					resource.TestCheckResourceAttr(name, "proxy.0.udp", "false"),
 					resource.TestCheckResourceAttr(name, "proxy.0.root_ca", "true"),
 					resource.TestCheckResourceAttr(name, "proxy.0.virtual_ip", "true"),
+					resource.TestCheckResourceAttr(name, "proxy.0.disable_for_time", "3600"),
 					resource.TestCheckResourceAttr(name, "payload_log.0.public_key", "EmpOvSXw8BfbrGCi0fhGiD/3yXk2SiV1Nzg2lru3oj0="),
 					resource.TestCheckResourceAttr(name, "ssh_session_log.0.public_key", "testvSXw8BfbrGCi0fhGiD/3yXk2SiV1Nzg2lru3oj0="),
 					resource.TestCheckResourceAttr(name, "non_identity_browser_isolation_enabled", "false"),
@@ -111,6 +112,7 @@ resource "cloudflare_zero_trust_gateway_settings" "%[1]s" {
     udp = false
 	root_ca = true
 	virtual_ip = true
+	disable_for_time = 3600
   }
   logging {
     redact_pii = true

diff --git a/internal/sdkv2provider/schema_cloudflare_teams_accounts.go b/internal/sdkv2provider/schema_cloudflare_teams_accounts.go
@@ -247,6 +247,11 @@ var proxySchema = map[string]*schema.Schema{
 		Required:    true,
 		Description: "Whether virtual IP (CGNAT) is enabled account wide and will override existing local interface IP for ZT clients.",
 	},
+	"disable_for_time": {
+		Type:        schema.TypeInt,
+		Required:    true,
+		Description: "Sets the time limit in seconds that a user can use an override code to bypass WARP",
+	},
 }
 
 var loggingSchema = map[string]*schema.Schema{