Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add type to Access applications #1076

Merged
merged 1 commit into from
Jun 23, 2021
Merged

Add type to Access applications #1076

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 11 additions & 2 deletions cloudflare/resource_cloudflare_access_application.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,11 @@ func resourceCloudflareAccessApplication() *schema.Resource {
"account_id": {
Type: schema.TypeString,
Optional: true,
Computed: true,
Copy link

@sboschman sboschman Jun 29, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this computed field removed? https://github.com/cloudflare/terraform-provider-cloudflare/blob/master/cloudflare/resource_cloudflare_access_mutual_tls_certificate.go#L28 also uses computed=true with a choice between account_id and zone_id.

Since upgrading to 2.21.0 to 2.22.0 I am unable to render cloudflare_access_application resources. It used to work without account_id and zone_id on the resource, as the account_id is supplied to the provider. This now results in Error: error creating Access resource: zone_id or account_id required. Supplying either account_id or zone_id explicitly to the resource throws the same error. If you define both account_id and zone_id at the same time it throws the expected errors: Error: "account_id": conflicts with zone_id and Error: "zone_id": conflicts with account_id

State (notice the empty account_id):

          "resources": [
            {
              "type": "cloudflare_access_application",
              "provider_name": "registry.terraform.io/cloudflare/cloudflare",
              "schema_version": 0,
              "values": {
                "account_id": "",
                "zone_id": null

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please open an issue following the issue template; this PR has already been merged.

ConflictsWith: []string{"zone_id"},
},
"zone_id": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ConflictsWith: []string{"account_id"},
},
"aud": {
Expand All @@ -48,6 +46,12 @@ func resourceCloudflareAccessApplication() *schema.Resource {
Type: schema.TypeString,
Required: true,
},
"type": {
Type: schema.TypeString,
Optional: true,
Default: "self_hosted",
ValidateFunc: validation.StringInSlice([]string{"self_hosted", "ssh", "vnc", "file"}, false),
},
"session_duration": {
Type: schema.TypeString,
Optional: true,
Expand Down Expand Up @@ -144,10 +148,12 @@ func resourceCloudflareAccessApplicationCreate(d *schema.ResourceData, meta inte
client := meta.(*cloudflare.API)

allowedIDPList := expandInterfaceToStringList(d.Get("allowed_idps"))
appType := d.Get("type").(string)

newAccessApplication := cloudflare.AccessApplication{
Name: d.Get("name").(string),
Domain: d.Get("domain").(string),
Type: cloudflare.AccessApplicationType(appType),
SessionDuration: d.Get("session_duration").(string),
AutoRedirectToIdentity: d.Get("auto_redirect_to_identity").(bool),
EnableBindingCookie: d.Get("enable_binding_cookie").(bool),
Expand Down Expand Up @@ -217,6 +223,7 @@ func resourceCloudflareAccessApplicationRead(d *schema.ResourceData, meta interf
d.Set("aud", accessApplication.AUD)
d.Set("session_duration", accessApplication.SessionDuration)
d.Set("domain", accessApplication.Domain)
d.Set("type", accessApplication.Type)
d.Set("auto_redirect_to_identity", accessApplication.AutoRedirectToIdentity)
d.Set("enable_binding_cookie", accessApplication.EnableBindingCookie)
d.Set("custom_deny_message", accessApplication.CustomDenyMessage)
Expand All @@ -235,11 +242,13 @@ func resourceCloudflareAccessApplicationUpdate(d *schema.ResourceData, meta inte
client := meta.(*cloudflare.API)

allowedIDPList := expandInterfaceToStringList(d.Get("allowed_idps"))
appType := d.Get("type").(string)

updatedAccessApplication := cloudflare.AccessApplication{
ID: d.Id(),
Name: d.Get("name").(string),
Domain: d.Get("domain").(string),
Type: cloudflare.AccessApplicationType(appType),
SessionDuration: d.Get("session_duration").(string),
AutoRedirectToIdentity: d.Get("auto_redirect_to_identity").(bool),
EnableBindingCookie: d.Get("enable_binding_cookie").(bool),
Expand Down
20 changes: 20 additions & 0 deletions cloudflare/resource_cloudflare_access_application_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ func TestAccCloudflareAccessApplicationBasic(t *testing.T) {
resource.TestCheckResourceAttr(name, "zone_id", zoneID),
resource.TestCheckResourceAttr(name, "name", rnd),
resource.TestCheckResourceAttr(name, "domain", fmt.Sprintf("%s.%s", rnd, domain)),
resource.TestCheckResourceAttr(name, "type", "self_hosted"),
resource.TestCheckResourceAttr(name, "session_duration", "24h"),
resource.TestCheckResourceAttr(name, "cors_headers.#", "0"),
resource.TestCheckResourceAttr(name, "auto_redirect_to_identity", "false"),
Expand All @@ -56,6 +57,7 @@ func TestAccCloudflareAccessApplicationBasic(t *testing.T) {
resource.TestCheckResourceAttr(name, "account_id", accountID),
resource.TestCheckResourceAttr(name, "name", rnd),
resource.TestCheckResourceAttr(name, "domain", fmt.Sprintf("%s.%s", rnd, domain)),
resource.TestCheckResourceAttr(name, "type", "self_hosted"),
resource.TestCheckResourceAttr(name, "session_duration", "24h"),
resource.TestCheckResourceAttr(name, "cors_headers.#", "0"),
resource.TestCheckResourceAttr(name, "auto_redirect_to_identity", "false"),
Expand All @@ -82,6 +84,7 @@ func TestAccCloudflareAccessApplicationWithCORS(t *testing.T) {
resource.TestCheckResourceAttr(name, "zone_id", zoneID),
resource.TestCheckResourceAttr(name, "name", rnd),
resource.TestCheckResourceAttr(name, "domain", fmt.Sprintf("%s.%s", rnd, domain)),
resource.TestCheckResourceAttr(name, "type", "self_hosted"),
resource.TestCheckResourceAttr(name, "session_duration", "24h"),
resource.TestCheckResourceAttr(name, "cors_headers.#", "1"),
resource.TestCheckResourceAttr(name, "cors_headers.0.allowed_methods.#", "3"),
Expand Down Expand Up @@ -111,6 +114,7 @@ func TestAccCloudflareAccessApplicationWithAutoRedirectToIdentity(t *testing.T)
resource.TestCheckResourceAttr(name, "zone_id", zoneID),
resource.TestCheckResourceAttr(name, "name", rnd),
resource.TestCheckResourceAttr(name, "domain", fmt.Sprintf("%s.%s", rnd, domain)),
resource.TestCheckResourceAttr(name, "type", "self_hosted"),
resource.TestCheckResourceAttr(name, "session_duration", "24h"),
resource.TestCheckResourceAttr(name, "auto_redirect_to_identity", "true"),
),
Expand All @@ -136,6 +140,7 @@ func TestAccCloudflareAccessApplicationWithEnableBindingCookie(t *testing.T) {
resource.TestCheckResourceAttr(name, "zone_id", zoneID),
resource.TestCheckResourceAttr(name, "name", rnd),
resource.TestCheckResourceAttr(name, "domain", fmt.Sprintf("%s.%s", rnd, domain)),
resource.TestCheckResourceAttr(name, "type", "self_hosted"),
resource.TestCheckResourceAttr(name, "session_duration", "24h"),
resource.TestCheckResourceAttr(name, "enable_binding_cookie", "true"),
),
Expand All @@ -161,6 +166,7 @@ func TestAccCloudflareAccessApplicationWithCustomDenyFields(t *testing.T) {
resource.TestCheckResourceAttr(name, "zone_id", zoneID),
resource.TestCheckResourceAttr(name, "name", rnd),
resource.TestCheckResourceAttr(name, "domain", fmt.Sprintf("%s.%s", rnd, domain)),
resource.TestCheckResourceAttr(name, "type", "self_hosted"),
resource.TestCheckResourceAttr(name, "session_duration", "24h"),
resource.TestCheckResourceAttr(name, "custom_deny_message", "denied!"),
resource.TestCheckResourceAttr(name, "custom_deny_url", "https://www.cloudflare.com"),
Expand All @@ -187,6 +193,7 @@ func TestAccCloudflareAccessApplicationWithADefinedIdps(t *testing.T) {
resource.TestCheckResourceAttr(name, "zone_id", zoneID),
resource.TestCheckResourceAttr(name, "name", rnd),
resource.TestCheckResourceAttr(name, "domain", fmt.Sprintf("%s.%s", rnd, domain)),
resource.TestCheckResourceAttr(name, "type", "self_hosted"),
resource.TestCheckResourceAttr(name, "session_duration", "24h"),
resource.TestCheckResourceAttr(name, "auto_redirect_to_identity", "true"),
resource.TestCheckResourceAttr(name, "allowed_idps.#", "1"),
Expand All @@ -202,6 +209,7 @@ resource "cloudflare_access_application" "%[1]s" {
%[3]s_id = "%[4]s"
name = "%[1]s"
domain = "%[1]s.%[2]s"
type = "self_hosted"
session_duration = "24h"
auto_redirect_to_identity = false
}
Expand All @@ -214,6 +222,7 @@ resource "cloudflare_access_application" "%[1]s" {
zone_id = "%[2]s"
name = "%[1]s"
domain = "%[1]s.%[3]s"
type = "self_hosted"
session_duration = "24h"
cors_headers {
allowed_methods = ["GET", "POST", "OPTIONS"]
Expand All @@ -232,6 +241,7 @@ resource "cloudflare_access_application" "%[1]s" {
zone_id = "%[2]s"
name = "%[1]s"
domain = "%[1]s.%[3]s"
type = "self_hosted"
session_duration = "24h"
auto_redirect_to_identity = true
}
Expand All @@ -244,6 +254,7 @@ resource "cloudflare_access_application" "%[1]s" {
zone_id = "%[2]s"
name = "%[1]s"
domain = "%[1]s.%[3]s"
type = "self_hosted"
session_duration = "24h"
enable_binding_cookie = true
}
Expand All @@ -256,6 +267,7 @@ resource "cloudflare_access_application" "%[1]s" {
zone_id = "%[2]s"
name = "%[1]s"
domain = "%[1]s.%[3]s"
type = "self_hosted"
session_duration = "24h"
custom_deny_message = "denied!"
custom_deny_url = "https://www.cloudflare.com"
Expand All @@ -274,6 +286,7 @@ resource "cloudflare_access_application" "%[1]s" {
zone_id = "%[2]s"
name = "%[1]s"
domain = "%[1]s.%[3]s"
type = "self_hosted"
session_duration = "24h"
auto_redirect_to_identity = true
allowed_idps = [cloudflare_access_identity_provider.%[1]s.id]
Expand Down Expand Up @@ -501,6 +514,7 @@ func testAccessApplicationWithZoneID(resourceID, zone, zoneID string) string {
name = "%[1]s"
zone_id = "%[3]s"
domain = "%[1]s.%[2]s"
type = "self_hosted"
}
`, resourceID, zone, zoneID)
}
Expand All @@ -511,6 +525,7 @@ func testAccessApplicationWithZoneIDUpdated(resourceID, zone, zoneID string) str
name = "%[1]s-updated"
zone_id = "%[3]s"
domain = "%[1]s.%[2]s"
type = "self_hosted"
}
`, resourceID, zone, zoneID)
}
Expand All @@ -521,6 +536,7 @@ func testAccessApplicationWithMissingCORSMethods(resourceID, zone, zoneID string
name = "%[1]s-updated"
zone_id = "%[3]s"
domain = "%[1]s.%[2]s"
type = "self_hosted"

cors_headers {
allow_all_origins = true
Expand All @@ -535,6 +551,7 @@ func testAccessApplicationWithMissingCORSOrigins(resourceID, zone, zoneID string
name = "%[1]s-updated"
zone_id = "%[3]s"
domain = "%[1]s.%[2]s"
type = "self_hosted"

cors_headers {
allow_all_methods = true
Expand All @@ -549,6 +566,7 @@ func testAccessApplicationWithInvalidSessionDuration(resourceID, zone, zoneID st
name = "%[1]s-updated"
zone_id = "%[3]s"
domain = "%[1]s.%[2]s"
type = "self_hosted"
session_duration = "24z"
}
`, resourceID, zone, zoneID)
Expand All @@ -560,6 +578,7 @@ func testAccessApplicationMisconfiguredCORSAllowAllOriginsWithCredentials(resour
name = "%[1]s-updated"
zone_id = "%[3]s"
domain = "%[1]s.%[2]s"
type = "self_hosted"

cors_headers {
allowed_methods = ["GET"]
Expand All @@ -576,6 +595,7 @@ func testAccessApplicationMisconfiguredCORSAllowWildcardOriginWithCredentials(re
name = "%[1]s-updated"
zone_id = "%[3]s"
domain = "%[1]s.%[2]s"
type = "self_hosted"

cors_headers {
allowed_methods = ["GET"]
Expand Down
4 changes: 4 additions & 0 deletions website/docs/r/access_application.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ resource "cloudflare_access_application" "staging_app" {
zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe"
name = "staging application"
domain = "staging.example.com"
type = "self_hosted"
session_duration = "24h"
auto_redirect_to_identity = false
}
Expand All @@ -28,6 +29,7 @@ resource "cloudflare_access_application" "staging_app" {
zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe"
name = "staging application"
domain = "staging.example.com"
type = "self_hosted"
session_duration = "24h"
cors_headers {
allowed_methods = ["GET", "POST", "OPTIONS"]
Expand All @@ -49,6 +51,8 @@ The following arguments are supported:
* `name` - (Required) Friendly name of the Access Application.
* `domain` - (Required) The complete URL of the asset you wish to put
Cloudflare Access in front of. Can include subdomains or paths. Or both.
* `type` - (Optional) The application type. Defaults to `self_hosted`. Valid
values are `self_hosted`, `ssh`, `vnc`, or `file`.
* `session_duration` - (Optional) How often a user will be forced to
re-authorise. Must be in the format `"48h"` or `"2h45m"`.
Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. Defaults to `24h`.
Expand Down