Merge pull request #4820 from zaidoon1/zaidoon/aegis

cloudflare · Jan 3, 2025 · 6a42f26 · 6a42f26
2 parents 04ef12b + ad5cb73
commit 6a42f26
Show file tree

Hide file tree

Showing 5 changed files with 125 additions and 1 deletion.
diff --git a/.changelog/4820.txt b/.changelog/4820.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/cloudflare_zone_settings_override: Add support for `aegis`
+```
diff --git a/docs/resources/zone_settings_override.md b/docs/resources/zone_settings_override.md
@@ -78,6 +78,7 @@ resource "cloudflare_zone_settings_override" "test" {
 
 Optional:
 
+- `aegis` (Block List, Max: 1) (see [below for nested schema](#nestedblock--settings--aegis))
 - `always_online` (String)
 - `always_use_https` (String)
 - `automatic_https_rewrites` (String)
@@ -138,6 +139,15 @@ Optional:
 - `websockets` (String)
 - `zero_rtt` (String)
 
+<a id="nestedblock--settings--aegis"></a>
+### Nested Schema for `settings.aegis`
+
+Optional:
+
+- `enabled` (Boolean) Whether Aegis zone setting is enabled.
+- `pool_id` (String) Egress pool id which refers to a grouping of dedicated egress IPs through which Cloudflare will connect to origin.
+
+
 <a id="nestedblock--settings--minify"></a>
 ### Nested Schema for `settings.minify`
 
@@ -184,6 +194,7 @@ Optional:
 
 Read-Only:
 
+- `aegis` (List of Object) (see [below for nested schema](#nestedobjatt--initial_settings--aegis))
 - `always_online` (String)
 - `always_use_https` (String)
 - `automatic_https_rewrites` (String)
@@ -244,6 +255,15 @@ Read-Only:
 - `websockets` (String)
 - `zero_rtt` (String)
 
+<a id="nestedobjatt--initial_settings--aegis"></a>
+### Nested Schema for `initial_settings.aegis`
+
+Read-Only:
+
+- `enabled` (Boolean)
+- `pool_id` (String)
+
+
 <a id="nestedobjatt--initial_settings--minify"></a>
 ### Nested Schema for `initial_settings.minify`
 

diff --git a/internal/sdkv2provider/resource_cloudflare_zone_settings_override.go b/internal/sdkv2provider/resource_cloudflare_zone_settings_override.go
@@ -51,6 +51,7 @@ var fetchAsSingleSetting = []string{
 	"nel",
 	"replace_insecure_js",
 	"speed_brain",
+	"aegis",
 }
 
 func resourceCloudflareZoneSettingsOverrideCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
@@ -202,7 +203,7 @@ func flattenZoneSettings(ctx context.Context, d *schema.ResourceData, settings [
 			continue
 		}
 
-		if s.ID == "nel" {
+		if s.ID == "nel" || s.ID == "aegis" {
 			cfg[s.ID] = []interface{}{s.Value.(map[string]interface{})}
 		} else if s.ID == "security_header" {
 			cfg[s.ID] = []interface{}{s.Value.(map[string]interface{})["strict_transport_security"]}
@@ -371,6 +372,7 @@ func expandZoneSetting(d *schema.ResourceData, keyFormatString, k string, settin
 			}
 		}
 	case "nel":
+	case "aegis":
 		{
 			listValue := settingValue.([]interface{})
 			if len(listValue) > 0 && listValue != nil {

diff --git a/internal/sdkv2provider/resource_cloudflare_zone_settings_override_test.go b/internal/sdkv2provider/resource_cloudflare_zone_settings_override_test.go
@@ -248,6 +248,79 @@ resource "cloudflare_zone_settings_override" "%[1]s" {
 }`, rnd, zoneID)
 }
 
+func TestAccCloudflareZoneSettingsOverride_Aegis(t *testing.T) {
+	skipForDefaultZone(t, "Requires dedicated Aegis setup.")
+
+	zoneID := os.Getenv("CLOUDFLARE_ZONE_ID")
+	rnd := generateRandomResourceName()
+	name := "cloudflare_zone_settings_override." + rnd
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: providerFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckCloudflareZoneSettingsOverrideAegisEnable(rnd, zoneID),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(name, "settings.0.aegis.0.pool_id", "cache-team-trakal-pool"),
+					resource.TestCheckResourceAttr(name, "settings.0.aegis.0.enabled", "true"),
+				),
+			},
+			{
+				Config: testAccCheckCloudflareZoneSettingsOverrideAegisDisable(rnd, zoneID),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(name, "settings.0.aegis.0.pool_id", ""),
+					resource.TestCheckResourceAttr(name, "settings.0.aegis.0.enabled", "false"),
+				),
+			},
+			{
+				Config: testAccCheckCloudflareZoneSettingsOverrideAegisEnableNoExplicitEnabled(rnd, zoneID),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(name, "settings.0.aegis.0.pool_id", "cache-team-trakal-pool"),
+					resource.TestCheckResourceAttr(name, "settings.0.aegis.0.enabled", "true"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckCloudflareZoneSettingsOverrideAegisEnable(rnd, zoneID string) string {
+	return fmt.Sprintf(`
+resource "cloudflare_zone_settings_override" "%[1]s" {
+  zone_id = "%[2]s"
+  settings {
+    aegis {
+	  enabled = true
+      pool_id = "cache-team-trakal-pool"
+	}
+  }
+}`, rnd, zoneID)
+}
+
+func testAccCheckCloudflareZoneSettingsOverrideAegisEnableNoExplicitEnabled(rnd, zoneID string) string {
+	return fmt.Sprintf(`
+resource "cloudflare_zone_settings_override" "%[1]s" {
+  zone_id = "%[2]s"
+  settings {
+    aegis {
+      pool_id = "cache-team-trakal-pool"
+	}
+  }
+}`, rnd, zoneID)
+}
+
+func testAccCheckCloudflareZoneSettingsOverrideAegisDisable(rnd, zoneID string) string {
+	return fmt.Sprintf(`
+resource "cloudflare_zone_settings_override" "%[1]s" {
+  zone_id = "%[2]s"
+  settings {
+    aegis {
+      enabled = false
+	}
+  }
+}`, rnd, zoneID)
+}
+
 func TestAccCloudflareZoneSettingsOverride_SpeedBrain(t *testing.T) {
 	zoneID := os.Getenv("CLOUDFLARE_ZONE_ID")
 	rnd := generateRandomResourceName()

diff --git a/internal/sdkv2provider/schema_cloudflare_zone_settings_override.go b/internal/sdkv2provider/schema_cloudflare_zone_settings_override.go
@@ -1,6 +1,8 @@
 package sdkv2provider
 
 import (
+	"regexp"
+
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/consts"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
@@ -567,6 +569,30 @@ var resourceCloudflareZoneSettingsSchema = map[string]*schema.Schema{
 			},
 		},
 	},
+
+	"aegis": {
+		Type:     schema.TypeList,
+		Optional: true,
+		Computed: true,
+		MinItems: 1,
+		MaxItems: 1,
+		Elem: &schema.Resource{
+			Schema: map[string]*schema.Schema{
+				"enabled": {
+					Description: "Whether Aegis zone setting is enabled.",
+					Type:        schema.TypeBool,
+					Optional:    true,
+					Default:     true,
+				},
+				"pool_id": {
+					Description:  "Egress pool id which refers to a grouping of dedicated egress IPs through which Cloudflare will connect to origin.",
+					Type:         schema.TypeString,
+					Optional:     true,
+					ValidateFunc: validation.StringMatch(regexp.MustCompile("[-_a-zA-Z0-9]+"), "Only alphanumeric characters, hyphens and underscores are allowed."),
+				},
+			},
+		},
+	},
 }
 
 var resourceCloudflareZoneSettingsSchemaV0 = map[string]*schema.Schema{