Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for configuring authenticated origin pulls #749

Merged
merged 17 commits into from
Aug 17, 2020
Merged

Add support for configuring authenticated origin pulls #749

merged 17 commits into from
Aug 17, 2020

Conversation

dhaynespls
Copy link
Contributor

high level schema:

// Global AOP
resource "cloudflare_authenticated_origin_pulls" "foobar" {
  zone_id = ""
  enabled = true
}

resource "cloudflare_authenticated_origin_pulls_certificate" "foo" {
  certificate = ""
  private_key = ""
  type = ""
}


// Per Zone AOP
resource "cloudflare_authenticated_origin_pulls" "foobar" {
  zone_id = ""
  authenticated_origin_pulls_certificate = authenticated_origin_pulls_certificate.foo.id
  enabled = true
}

// Per Hostname AOP
resource "cloudflare_authenticated_origin_pulls" "foobar" {
  zone_id = ""
  hostname = "foobar.com"
  authenticated_origin_pulls_certificate = authenticated_origin_pulls_certificate.foo.id
  enabled = true
}

Through these two resources, and combinations of their attributes we can allow for all AOP endpoints to be hit based on the data provided.

Closes #736

@dhaynespls
736: Global AOP can be toggled through AOP resource
0af952e 
- AOP resource will be used for all forms of AOP, here we toggle global AOP
@dhaynespls
736: WIP first pass on aop_certificate resource
05cf9f5 
- This resource functions as a mechanism to upload certificates to the
per-zone and per-hostname AOP endpoints which can be later referenced
by the AOP resource by ID
@dhaynespls
736: Add support for AOP certificates as a resource
2f217a8
@dhaynespls
736: AOP Certificates have AccTests, and handle Create,Read,Update me…
121a9cf 
…chanisms

- AopType specifies which API the certificate should be uploaded to
- You cannot edit certificates
- Any changes must result in a reupload
@dhaynespls
736: Add support for configuring all AOP APIs within the AOP resource
a68c407 
- API is selected based on provided parameters
@dhaynespls
Copy link
Contributor Author

Tests will fail until cloudflare/cloudflare-go#511 is merged

jacobbednarz
jacobbednarz reviewed Jul 30, 2020
View reviewed changes
Copy link
Member

@jacobbednarz jacobbednarz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few minor nitpicks/questions from me but overall looks good!

Could you also add the website documentation to this PR?

cloudflare/resource_cloudflare_authenticated_origin_pulls.go Show resolved Hide resolved
cloudflare/resource_cloudflare_authenticated_origin_pulls.go Outdated Show resolved Hide resolved
cloudflare/resource_cloudflare_authenticated_origin_pulls.go Outdated Show resolved Hide resolved
cloudflare/resource_cloudflare_authenticated_origin_pulls.go Show resolved Hide resolved
cloudflare/resource_cloudflare_authenticated_origin_pulls.go Outdated Show resolved Hide resolved
cloudflare/resource_cloudflare_authenticated_origin_pulls_certificate.go Outdated Show resolved Hide resolved
cloudflare/resource_cloudflare_authenticated_origin_pulls_certificate.go Outdated Show resolved Hide resolved
cloudflare/resource_cloudflare_authenticated_origin_pulls_certificate.go Outdated Show resolved Hide resolved
cloudflare/resource_cloudflare_authenticated_origin_pulls_certificate_test.go Outdated Show resolved Hide resolved
cloudflare/resource_cloudflare_authenticated_origin_pulls_certificate_test.go Outdated Show resolved Hide resolved
@dhaynespls
Copy link
Contributor Author

Oh and good catch about docs I completely forgot they were a thing -- plus this resource is pretty confusing without some supporting docs about how to use it!

@jacobbednarz jacobbednarz added the workflow/pending-contributor-response Indicates an issue or PR requires a response from a contributor. label Aug 10, 2020
@dhaynespls
736: Remove debug print statements
0a2ebba
@dhaynespls
Merge branch 'dhaynespls/736-add-authenticated-origin-pulls-support' …
b294ebc 
…of github.com:dhaynespls/terraform-provider-cloudflare into dhaynespls/736-add-authenticated-origin-pulls-support
@dhaynespls dhaynespls marked this pull request as draft August 12, 2020 00:20
@dhaynespls
Copy link
Contributor Author

I will also look into importing as there is a use case where one has already configured all of the different types of AOP / has uploaded certificates that they'd like to import into terraform.

@dhaynespls dhaynespls marked this pull request as ready for review August 12, 2020 22:47
@dhaynespls
Copy link
Contributor Author

@jacobbednarz Ready for review again! Though I'm not sure what's going on with the website build 🤔

@jacobbednarz
Copy link
Member

Though I'm not sure what's going on with the website build

If you pull in the latest master, the website-build steps should be fixed again with a temporary workaround while the new documentation stuff is sorted out for the registry.

@jacobbednarz
don't parallelise shared certificate creation
5c9bc73 
This resource is restricted to one at a time in the zone and if we run
these tests, they collide resulting in a validation error.

Running them sequentially is slower but reliable.
@jacobbednarz
Append name to the hostname for uniqueness
6bdf475
@jacobbednarz
Copy link
Member

Hope you don't mind @dhaynespls but I pushed up a couple of commits that addressed some issues in the integration suite where parallelisation of the certificate creation tests collided as there is a one per zone restriction on it. With the fixes, the integration suite for these changes is ✅

jacobbednarz
jacobbednarz approved these changes Aug 14, 2020
View reviewed changes
Copy link
Member

@jacobbednarz jacobbednarz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for the persisted effort here @dhaynespls! You rock!

@patryk patryk merged commit b9a42dc into cloudflare:master Aug 17, 2020
@cdloh
Copy link
Contributor

cdloh commented Aug 17, 2020

@patryk @jacobbednarz this MR appears to have removed the cloudflare_custom_hostname resource.

cdloh pushed a commit to cdloh/terraform-provider-cloudflare that referenced this pull request Aug 17, 2020
Restore custom_hostname resource accidentally removed in cloudflare#749
861f4c2
@cdloh cdloh mentioned this pull request Aug 17, 2020
Merged
dhaynespls added a commit that referenced this pull request Aug 17, 2020
@dhaynespls
Merge pull request #769 from cdloh/restore_cloudflare_custom_hostname
16d57db 
Restore custom_hostname resource accidentally removed in #749
@dhaynespls
Copy link
Contributor Author

Good catch thank you @cdloh. I went ahead and merged as it's just a single line change in provider.go.

cdloh pushed a commit to cdloh/terraform-provider-cloudflare that referenced this pull request Aug 17, 2020
Merge branch 'master' into ch_fallback_origin_support
f840365 
# By Jacob Bednarz (3) and others
# Via GitHub (4) and Callum Loh (1)
* master:
  Restore custom_hostname resource accidentally removed in cloudflare#749
  Add support for configuring authenticated origin pulls (cloudflare#749)
  Update CHANGELOG.md
  ci: fix website-test
  Update CHANGELOG.md
  Add more info on cloudflare_zones data source breaking change
  Compare firewall descriptions after converting unicode + HTML entities
  Update CHANGELOG.md
  Support Spectrum applications with port ranges

# Conflicts:
#	cloudflare/provider.go
cdloh pushed a commit to cdloh/terraform-provider-cloudflare that referenced this pull request Aug 17, 2020
Merge branch 'master' into ch_fallback_origin_support
ddcb982 
# By Jacob Bednarz (3) and others
# Via GitHub (4) and Callum Loh (1)
* master:
  Restore custom_hostname resource accidentally removed in cloudflare#749
  Add support for configuring authenticated origin pulls (cloudflare#749)
  Update CHANGELOG.md
  ci: fix website-test
  Update CHANGELOG.md
  Add more info on cloudflare_zones data source breaking change
  Compare firewall descriptions after converting unicode + HTML entities
  Update CHANGELOG.md
  Support Spectrum applications with port ranges

# Conflicts:
#	cloudflare/provider.go
@dhaynespls dhaynespls deleted the dhaynespls/736-add-authenticated-origin-pulls-support branch August 17, 2020 17:09
@bryanchug bryanchug mentioned this pull request Sep 2, 2020
Closed
boekkooi-lengoo pushed a commit to boekkooi-lengoo/terraform-provider-cloudflare that referenced this pull request Feb 28, 2022
@aplunk @jacobbednarz
WDAPI-645 add device posture integration api (cloudflare#749)
beb29bf 
* WDAPI-645 add device posture integration api

* Update device_posture_rule.go

Co-authored-by: Jacob Bednarz <[email protected]>

Co-authored-by: andrew <[email protected]>
Co-authored-by: Jacob Bednarz <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jacobbednarz jacobbednarz jacobbednarz approved these changes

@patryk patryk patryk approved these changes

Assignees
No one assigned
Labels
workflow/pending-contributor-response Indicates an issue or PR requires a response from a contributor.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for all Authenticated Origin Pull APIs
4 participants
@dhaynespls @jacobbednarz @cdloh @patryk