From 444612103c877ee9f32ddbac7cba69a794cf2944 Mon Sep 17 00:00:00 2001 From: Dawson Hensel Date: Tue, 30 Jul 2024 16:49:50 -0700 Subject: [PATCH 1/3] Support admin code override disable_for_time field --- .changelog/3526.txt | 3 +++ .../resources/cloudflare_teams_account/resource.tf | 1 + .../resource_cloudflare_access_policy_test.go | 1 + .../resource_cloudflare_teams_accounts.go | 10 ++++++---- .../resource_cloudflare_teams_accounts_test.go | 2 ++ .../sdkv2provider/schema_cloudflare_teams_accounts.go | 5 +++++ 6 files changed, 18 insertions(+), 4 deletions(-) create mode 100644 .changelog/3526.txt diff --git a/.changelog/3526.txt b/.changelog/3526.txt new file mode 100644 index 0000000000..9b8c737336 --- /dev/null +++ b/.changelog/3526.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +Add `disable_for_time` attribute +``` \ No newline at end of file diff --git a/examples/resources/cloudflare_teams_account/resource.tf b/examples/resources/cloudflare_teams_account/resource.tf index 340bdde587..093e49b91a 100644 --- a/examples/resources/cloudflare_teams_account/resource.tf +++ b/examples/resources/cloudflare_teams_account/resource.tf @@ -34,6 +34,7 @@ resource "cloudflare_teams_account" "example" { udp = true root_ca = true virtual_ip = false + disable_for_time = 3600 } url_browser_isolation_enabled = true diff --git a/internal/sdkv2provider/resource_cloudflare_access_policy_test.go b/internal/sdkv2provider/resource_cloudflare_access_policy_test.go index 4f38be3cc7..a1f8e2ab14 100644 --- a/internal/sdkv2provider/resource_cloudflare_access_policy_test.go +++ b/internal/sdkv2provider/resource_cloudflare_access_policy_test.go @@ -1032,6 +1032,7 @@ func testAccessPolicyIsolationRequiredConfig(resourceID, zone, accountID string) udp = false root_ca = true virtual_ip = false + disable_for_time = 3600 } logging { redact_pii = true diff --git a/internal/sdkv2provider/resource_cloudflare_teams_accounts.go b/internal/sdkv2provider/resource_cloudflare_teams_accounts.go index 0be8455639..c07e30f76f 100644 --- a/internal/sdkv2provider/resource_cloudflare_teams_accounts.go +++ b/internal/sdkv2provider/resource_cloudflare_teams_accounts.go @@ -332,10 +332,11 @@ func flattenAntivirusConfig(antivirusConfig *cloudflare.TeamsAntivirus) []interf func flattenTeamsDeviceSettings(deviceSettings *cloudflare.TeamsDeviceSettings) []interface{} { return []interface{}{map[string]interface{}{ - "tcp": deviceSettings.GatewayProxyEnabled, - "udp": deviceSettings.GatewayProxyUDPEnabled, - "root_ca": deviceSettings.RootCertificateInstallationEnabled, - "virtual_ip": deviceSettings.UseZTVirtualIP, + "tcp": deviceSettings.GatewayProxyEnabled, + "udp": deviceSettings.GatewayProxyUDPEnabled, + "root_ca": deviceSettings.RootCertificateInstallationEnabled, + "virtual_ip": deviceSettings.UseZTVirtualIP, + "disable_for_time": deviceSettings.DisableForTime, }} } @@ -451,6 +452,7 @@ func inflateDeviceSettings(device interface{}) *cloudflare.TeamsDeviceSettings { GatewayProxyUDPEnabled: deviceSettings["udp"].(bool), RootCertificateInstallationEnabled: deviceSettings["root_ca"].(bool), UseZTVirtualIP: cloudflare.BoolPtr(deviceSettings["virtual_ip"].(bool)), + DisableForTime: deviceSettings["disable_for_time"].(int32), } } func flattenSSHSessionLogSettings(logSettings *cloudflare.AuditSSHSettings) []interface{} { diff --git a/internal/sdkv2provider/resource_cloudflare_teams_accounts_test.go b/internal/sdkv2provider/resource_cloudflare_teams_accounts_test.go index 73c7dfc8bd..eeeed8124b 100644 --- a/internal/sdkv2provider/resource_cloudflare_teams_accounts_test.go +++ b/internal/sdkv2provider/resource_cloudflare_teams_accounts_test.go @@ -62,6 +62,7 @@ func TestAccCloudflareTeamsAccounts_ConfigurationBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "proxy.0.udp", "false"), resource.TestCheckResourceAttr(name, "proxy.0.root_ca", "true"), resource.TestCheckResourceAttr(name, "proxy.0.virtual_ip", "true"), + resource.TestCheckResourceAttr(name, "proxy.0.disable_for_time", "3600"), resource.TestCheckResourceAttr(name, "payload_log.0.public_key", "EmpOvSXw8BfbrGCi0fhGiD/3yXk2SiV1Nzg2lru3oj0="), resource.TestCheckResourceAttr(name, "ssh_session_log.0.public_key", "testvSXw8BfbrGCi0fhGiD/3yXk2SiV1Nzg2lru3oj0="), resource.TestCheckResourceAttr(name, "non_identity_browser_isolation_enabled", "false"), @@ -111,6 +112,7 @@ resource "cloudflare_teams_account" "%[1]s" { udp = false root_ca = true virtual_ip = true + disable_for_time = 3600 } logging { redact_pii = true diff --git a/internal/sdkv2provider/schema_cloudflare_teams_accounts.go b/internal/sdkv2provider/schema_cloudflare_teams_accounts.go index e4c7135060..d9c6738874 100644 --- a/internal/sdkv2provider/schema_cloudflare_teams_accounts.go +++ b/internal/sdkv2provider/schema_cloudflare_teams_accounts.go @@ -247,6 +247,11 @@ var proxySchema = map[string]*schema.Schema{ Required: true, Description: "Whether virtual IP (CGNAT) is enabled account wide and will override existing local interface IP for ZT clients.", }, + "disable_for_time": { + Type: schema.TypeInt, + Required: true, + Description: "Sets the time limit in seconds that a user can use an override code to bypass WARP", + }, } var loggingSchema = map[string]*schema.Schema{ From 2525266187654432eaadc388af16d9342bf4c492 Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Wed, 21 Aug 2024 13:56:29 +1000 Subject: [PATCH 2/3] fix: use HCL casting, not the real type --- internal/sdkv2provider/resource_cloudflare_teams_accounts.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/sdkv2provider/resource_cloudflare_teams_accounts.go b/internal/sdkv2provider/resource_cloudflare_teams_accounts.go index c1be1df9ed..17c445b6cc 100644 --- a/internal/sdkv2provider/resource_cloudflare_teams_accounts.go +++ b/internal/sdkv2provider/resource_cloudflare_teams_accounts.go @@ -471,7 +471,7 @@ func inflateDeviceSettings(device interface{}) *cloudflare.TeamsDeviceSettings { GatewayProxyUDPEnabled: deviceSettings["udp"].(bool), RootCertificateInstallationEnabled: deviceSettings["root_ca"].(bool), UseZTVirtualIP: cloudflare.BoolPtr(deviceSettings["virtual_ip"].(bool)), - DisableForTime: deviceSettings["disable_for_time"].(int32), + DisableForTime: int32(deviceSettings["disable_for_time"].(int)), } } func flattenSSHSessionLogSettings(logSettings *cloudflare.AuditSSHSettings) []interface{} { From ca03934628bf63abc7a0e4b1f38a8126a9019c1b Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Wed, 21 Aug 2024 13:57:36 +1000 Subject: [PATCH 3/3] Update .changelog/3526.txt --- .changelog/3526.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changelog/3526.txt b/.changelog/3526.txt index 9b8c737336..070f234084 100644 --- a/.changelog/3526.txt +++ b/.changelog/3526.txt @@ -1,3 +1,3 @@ ```release-note:enhancement -Add `disable_for_time` attribute +resource/cloudflare_teams_account: Add `disable_for_time` attribute ``` \ No newline at end of file