Add aegis option to zone settings

cloudflare · Jan 2, 2025 · 159b9a2 · 159b9a2
1 parent 04ef12b
commit 159b9a2
Show file tree

Hide file tree

Showing 5 changed files with 81 additions and 1 deletion.
diff --git a/.changelog/4820.txt b/.changelog/4820.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/cloudflare_zone_settings_override: Add support for `aegis`
+```
diff --git a/docs/resources/zone_settings_override.md b/docs/resources/zone_settings_override.md
@@ -107,6 +107,7 @@ Optional:
 - `minify` (Block List, Max: 1) (see [below for nested schema](#nestedblock--settings--minify))
 - `mirage` (String)
 - `mobile_redirect` (Block List, Max: 1, Deprecated) (see [below for nested schema](#nestedblock--settings--mobile_redirect))
+- `aegis` (Block List, Max: 1) (see [below for nested schema](#nestedblock--settings--aegis))
 - `nel` (Block List, Max: 1) (see [below for nested schema](#nestedblock--settings--nel))
 - `opportunistic_encryption` (String)
 - `opportunistic_onion` (String)
@@ -165,6 +166,14 @@ Required:
 
 - `enabled` (Boolean)
 
+<a id="nestedblock--settings--aegis"></a>
+### Nested Schema for `settings.aegis`
+
+Optional:
+
+- `enabled` (Boolean)
+- `pool_id` (String)
+
 
 <a id="nestedblock--settings--security_header"></a>
 ### Nested Schema for `settings.security_header`
@@ -213,6 +222,7 @@ Read-Only:
 - `minify` (List of Object) (see [below for nested schema](#nestedobjatt--initial_settings--minify))
 - `mirage` (String)
 - `mobile_redirect` (List of Object) (see [below for nested schema](#nestedobjatt--initial_settings--mobile_redirect))
+- `aegis` (List of Object) (see [below for nested schema](#nestedobjatt--initial_settings--aegis))
 - `nel` (List of Object) (see [below for nested schema](#nestedobjatt--initial_settings--nel))
 - `opportunistic_encryption` (String)
 - `opportunistic_onion` (String)
@@ -271,6 +281,14 @@ Read-Only:
 
 - `enabled` (Boolean)
 
+<a id="nestedobjatt--initial_settings--aegis"></a>
+### Nested Schema for `initial_settings.aegis`
+
+Read-Only:
+
+- `enabled` (Boolean)
+- `pool_id` (String)
+
 
 <a id="nestedobjatt--initial_settings--security_header"></a>
 ### Nested Schema for `initial_settings.security_header`

diff --git a/internal/sdkv2provider/resource_cloudflare_zone_settings_override.go b/internal/sdkv2provider/resource_cloudflare_zone_settings_override.go
@@ -51,6 +51,7 @@ var fetchAsSingleSetting = []string{
 	"nel",
 	"replace_insecure_js",
 	"speed_brain",
+	"aegis",
 }
 
 func resourceCloudflareZoneSettingsOverrideCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
@@ -202,7 +203,7 @@ func flattenZoneSettings(ctx context.Context, d *schema.ResourceData, settings [
 			continue
 		}
 
-		if s.ID == "nel" {
+		if s.ID == "nel" || s.ID == "aegis" {
 			cfg[s.ID] = []interface{}{s.Value.(map[string]interface{})}
 		} else if s.ID == "security_header" {
 			cfg[s.ID] = []interface{}{s.Value.(map[string]interface{})["strict_transport_security"]}
@@ -371,6 +372,7 @@ func expandZoneSetting(d *schema.ResourceData, keyFormatString, k string, settin
 			}
 		}
 	case "nel":
+	case "aegis":
 		{
 			listValue := settingValue.([]interface{})
 			if len(listValue) > 0 && listValue != nil {

diff --git a/internal/sdkv2provider/resource_cloudflare_zone_settings_override_test.go b/internal/sdkv2provider/resource_cloudflare_zone_settings_override_test.go
@@ -248,6 +248,38 @@ resource "cloudflare_zone_settings_override" "%[1]s" {
 }`, rnd, zoneID)
 }
 
+func TestAccCloudflareZoneSettingsOverride_Aegis(t *testing.T) {
+	zoneID := os.Getenv("CLOUDFLARE_ZONE_ID")
+	rnd := generateRandomResourceName()
+	name := "cloudflare_zone_settings_override." + rnd
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: providerFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckCloudflareZoneSettingsOverrideAegis(rnd, zoneID),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudflareZoneSettings(name),
+					resource.TestCheckResourceAttr(name, "settings.0.aegis.0.pool_id", "example-pool"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckCloudflareZoneSettingsOverrideAegis(rnd, zoneID string) string {
+	return fmt.Sprintf(`
+resource "cloudflare_zone_settings_override" "%[1]s" {
+  zone_id = "%[2]s"
+  settings {
+    aegis {
+      pool_id = "example-pool"
+	}
+  }
+}`, rnd, zoneID)
+}
+
 func TestAccCloudflareZoneSettingsOverride_SpeedBrain(t *testing.T) {
 	zoneID := os.Getenv("CLOUDFLARE_ZONE_ID")
 	rnd := generateRandomResourceName()

diff --git a/internal/sdkv2provider/schema_cloudflare_zone_settings_override.go b/internal/sdkv2provider/schema_cloudflare_zone_settings_override.go
@@ -1,6 +1,8 @@
 package sdkv2provider
 
 import (
+	"regexp"
+
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/consts"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
@@ -567,6 +569,29 @@ var resourceCloudflareZoneSettingsSchema = map[string]*schema.Schema{
 			},
 		},
 	},
+
+	"aegis": {
+		Type:     schema.TypeList,
+		Optional: true,
+		Computed: true,
+		MinItems: 1,
+		MaxItems: 1,
+		Elem: &schema.Resource{
+			Schema: map[string]*schema.Schema{
+				"enabled": {
+					Description: "Whether Aegis zone setting is enabled.",
+					Type:        schema.TypeBool,
+					Optional:    true,
+				},
+				"pool_id": {
+					Description:  "Egress pool id which refers to a grouping of dedicated egress IPs through which Cloudflare will connect to origin.",
+					Type:         schema.TypeString,
+					Optional:     true,
+					ValidateFunc: validation.StringMatch(regexp.MustCompile("[-_a-zA-Z0-9]+"), "Only alphanumeric characters, hyphens and underscores are allowed."),
+				},
+			},
+		},
+	},
 }
 
 var resourceCloudflareZoneSettingsSchemaV0 = map[string]*schema.Schema{