From 159b9a25f2988cf925e8290ceffeca708cce0dd6 Mon Sep 17 00:00:00 2001 From: Zaidoon Abd Al Hadi Date: Sun, 10 Nov 2024 01:07:43 -0500 Subject: [PATCH 1/5] Add aegis option to zone settings --- .changelog/4820.txt | 3 ++ docs/resources/zone_settings_override.md | 18 +++++++++++ ...ource_cloudflare_zone_settings_override.go | 4 ++- ..._cloudflare_zone_settings_override_test.go | 32 +++++++++++++++++++ ...chema_cloudflare_zone_settings_override.go | 25 +++++++++++++++ 5 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 .changelog/4820.txt diff --git a/.changelog/4820.txt b/.changelog/4820.txt new file mode 100644 index 0000000000..b56fff9ed0 --- /dev/null +++ b/.changelog/4820.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/cloudflare_zone_settings_override: Add support for `aegis` +``` diff --git a/docs/resources/zone_settings_override.md b/docs/resources/zone_settings_override.md index 73e11b60a6..120e61dcef 100644 --- a/docs/resources/zone_settings_override.md +++ b/docs/resources/zone_settings_override.md @@ -107,6 +107,7 @@ Optional: - `minify` (Block List, Max: 1) (see [below for nested schema](#nestedblock--settings--minify)) - `mirage` (String) - `mobile_redirect` (Block List, Max: 1, Deprecated) (see [below for nested schema](#nestedblock--settings--mobile_redirect)) +- `aegis` (Block List, Max: 1) (see [below for nested schema](#nestedblock--settings--aegis)) - `nel` (Block List, Max: 1) (see [below for nested schema](#nestedblock--settings--nel)) - `opportunistic_encryption` (String) - `opportunistic_onion` (String) @@ -165,6 +166,14 @@ Required: - `enabled` (Boolean) + +### Nested Schema for `settings.aegis` + +Optional: + +- `enabled` (Boolean) +- `pool_id` (String) + ### Nested Schema for `settings.security_header` @@ -213,6 +222,7 @@ Read-Only: - `minify` (List of Object) (see [below for nested schema](#nestedobjatt--initial_settings--minify)) - `mirage` (String) - `mobile_redirect` (List of Object) (see [below for nested schema](#nestedobjatt--initial_settings--mobile_redirect)) +- `aegis` (List of Object) (see [below for nested schema](#nestedobjatt--initial_settings--aegis)) - `nel` (List of Object) (see [below for nested schema](#nestedobjatt--initial_settings--nel)) - `opportunistic_encryption` (String) - `opportunistic_onion` (String) @@ -271,6 +281,14 @@ Read-Only: - `enabled` (Boolean) + +### Nested Schema for `initial_settings.aegis` + +Read-Only: + +- `enabled` (Boolean) +- `pool_id` (String) + ### Nested Schema for `initial_settings.security_header` diff --git a/internal/sdkv2provider/resource_cloudflare_zone_settings_override.go b/internal/sdkv2provider/resource_cloudflare_zone_settings_override.go index cff7233f7d..ba994f63e0 100644 --- a/internal/sdkv2provider/resource_cloudflare_zone_settings_override.go +++ b/internal/sdkv2provider/resource_cloudflare_zone_settings_override.go @@ -51,6 +51,7 @@ var fetchAsSingleSetting = []string{ "nel", "replace_insecure_js", "speed_brain", + "aegis", } func resourceCloudflareZoneSettingsOverrideCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { @@ -202,7 +203,7 @@ func flattenZoneSettings(ctx context.Context, d *schema.ResourceData, settings [ continue } - if s.ID == "nel" { + if s.ID == "nel" || s.ID == "aegis" { cfg[s.ID] = []interface{}{s.Value.(map[string]interface{})} } else if s.ID == "security_header" { cfg[s.ID] = []interface{}{s.Value.(map[string]interface{})["strict_transport_security"]} @@ -371,6 +372,7 @@ func expandZoneSetting(d *schema.ResourceData, keyFormatString, k string, settin } } case "nel": + case "aegis": { listValue := settingValue.([]interface{}) if len(listValue) > 0 && listValue != nil { diff --git a/internal/sdkv2provider/resource_cloudflare_zone_settings_override_test.go b/internal/sdkv2provider/resource_cloudflare_zone_settings_override_test.go index 8b6deb1771..9dca1051d4 100644 --- a/internal/sdkv2provider/resource_cloudflare_zone_settings_override_test.go +++ b/internal/sdkv2provider/resource_cloudflare_zone_settings_override_test.go @@ -248,6 +248,38 @@ resource "cloudflare_zone_settings_override" "%[1]s" { }`, rnd, zoneID) } +func TestAccCloudflareZoneSettingsOverride_Aegis(t *testing.T) { + zoneID := os.Getenv("CLOUDFLARE_ZONE_ID") + rnd := generateRandomResourceName() + name := "cloudflare_zone_settings_override." + rnd + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProviderFactories: providerFactories, + Steps: []resource.TestStep{ + { + Config: testAccCheckCloudflareZoneSettingsOverrideAegis(rnd, zoneID), + Check: resource.ComposeTestCheckFunc( + testAccCheckCloudflareZoneSettings(name), + resource.TestCheckResourceAttr(name, "settings.0.aegis.0.pool_id", "example-pool"), + ), + }, + }, + }) +} + +func testAccCheckCloudflareZoneSettingsOverrideAegis(rnd, zoneID string) string { + return fmt.Sprintf(` +resource "cloudflare_zone_settings_override" "%[1]s" { + zone_id = "%[2]s" + settings { + aegis { + pool_id = "example-pool" + } + } +}`, rnd, zoneID) +} + func TestAccCloudflareZoneSettingsOverride_SpeedBrain(t *testing.T) { zoneID := os.Getenv("CLOUDFLARE_ZONE_ID") rnd := generateRandomResourceName() diff --git a/internal/sdkv2provider/schema_cloudflare_zone_settings_override.go b/internal/sdkv2provider/schema_cloudflare_zone_settings_override.go index 9cab4563c5..c18e9e2bf2 100644 --- a/internal/sdkv2provider/schema_cloudflare_zone_settings_override.go +++ b/internal/sdkv2provider/schema_cloudflare_zone_settings_override.go @@ -1,6 +1,8 @@ package sdkv2provider import ( + "regexp" + "github.com/cloudflare/terraform-provider-cloudflare/internal/consts" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" @@ -567,6 +569,29 @@ var resourceCloudflareZoneSettingsSchema = map[string]*schema.Schema{ }, }, }, + + "aegis": { + Type: schema.TypeList, + Optional: true, + Computed: true, + MinItems: 1, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Description: "Whether Aegis zone setting is enabled.", + Type: schema.TypeBool, + Optional: true, + }, + "pool_id": { + Description: "Egress pool id which refers to a grouping of dedicated egress IPs through which Cloudflare will connect to origin.", + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringMatch(regexp.MustCompile("[-_a-zA-Z0-9]+"), "Only alphanumeric characters, hyphens and underscores are allowed."), + }, + }, + }, + }, } var resourceCloudflareZoneSettingsSchemaV0 = map[string]*schema.Schema{ From e82453a04eeca9ef8c2f8bfeb4911f45b1bbc47e Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Fri, 3 Jan 2025 09:48:29 +1100 Subject: [PATCH 2/5] `make docs` --- docs/resources/zone_settings_override.md | 38 +++++++++++++----------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/docs/resources/zone_settings_override.md b/docs/resources/zone_settings_override.md index 120e61dcef..8ed9ba2e27 100644 --- a/docs/resources/zone_settings_override.md +++ b/docs/resources/zone_settings_override.md @@ -78,6 +78,7 @@ resource "cloudflare_zone_settings_override" "test" { Optional: +- `aegis` (Block List, Max: 1) (see [below for nested schema](#nestedblock--settings--aegis)) - `always_online` (String) - `always_use_https` (String) - `automatic_https_rewrites` (String) @@ -107,7 +108,6 @@ Optional: - `minify` (Block List, Max: 1) (see [below for nested schema](#nestedblock--settings--minify)) - `mirage` (String) - `mobile_redirect` (Block List, Max: 1, Deprecated) (see [below for nested schema](#nestedblock--settings--mobile_redirect)) -- `aegis` (Block List, Max: 1) (see [below for nested schema](#nestedblock--settings--aegis)) - `nel` (Block List, Max: 1) (see [below for nested schema](#nestedblock--settings--nel)) - `opportunistic_encryption` (String) - `opportunistic_onion` (String) @@ -139,6 +139,15 @@ Optional: - `websockets` (String) - `zero_rtt` (String) + +### Nested Schema for `settings.aegis` + +Optional: + +- `enabled` (Boolean) Whether Aegis zone setting is enabled. +- `pool_id` (String) Egress pool id which refers to a grouping of dedicated egress IPs through which Cloudflare will connect to origin. + + ### Nested Schema for `settings.minify` @@ -166,14 +175,6 @@ Required: - `enabled` (Boolean) - -### Nested Schema for `settings.aegis` - -Optional: - -- `enabled` (Boolean) -- `pool_id` (String) - ### Nested Schema for `settings.security_header` @@ -193,6 +194,7 @@ Optional: Read-Only: +- `aegis` (List of Object) (see [below for nested schema](#nestedobjatt--initial_settings--aegis)) - `always_online` (String) - `always_use_https` (String) - `automatic_https_rewrites` (String) @@ -222,7 +224,6 @@ Read-Only: - `minify` (List of Object) (see [below for nested schema](#nestedobjatt--initial_settings--minify)) - `mirage` (String) - `mobile_redirect` (List of Object) (see [below for nested schema](#nestedobjatt--initial_settings--mobile_redirect)) -- `aegis` (List of Object) (see [below for nested schema](#nestedobjatt--initial_settings--aegis)) - `nel` (List of Object) (see [below for nested schema](#nestedobjatt--initial_settings--nel)) - `opportunistic_encryption` (String) - `opportunistic_onion` (String) @@ -254,6 +255,15 @@ Read-Only: - `websockets` (String) - `zero_rtt` (String) + +### Nested Schema for `initial_settings.aegis` + +Read-Only: + +- `enabled` (Boolean) +- `pool_id` (String) + + ### Nested Schema for `initial_settings.minify` @@ -281,14 +291,6 @@ Read-Only: - `enabled` (Boolean) - -### Nested Schema for `initial_settings.aegis` - -Read-Only: - -- `enabled` (Boolean) -- `pool_id` (String) - ### Nested Schema for `initial_settings.security_header` From 69c769ebf3e2f2259032668f3ed25c3b4d9e4209 Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Fri, 3 Jan 2025 11:14:58 +1100 Subject: [PATCH 3/5] add default for aegis enablement --- .../sdkv2provider/schema_cloudflare_zone_settings_override.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/sdkv2provider/schema_cloudflare_zone_settings_override.go b/internal/sdkv2provider/schema_cloudflare_zone_settings_override.go index c18e9e2bf2..73739d97f5 100644 --- a/internal/sdkv2provider/schema_cloudflare_zone_settings_override.go +++ b/internal/sdkv2provider/schema_cloudflare_zone_settings_override.go @@ -582,6 +582,7 @@ var resourceCloudflareZoneSettingsSchema = map[string]*schema.Schema{ Description: "Whether Aegis zone setting is enabled.", Type: schema.TypeBool, Optional: true, + Default: true, }, "pool_id": { Description: "Egress pool id which refers to a grouping of dedicated egress IPs through which Cloudflare will connect to origin.", From 41a2f44aabb8d9ead1e56b2ea49c1f6f7211153a Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Fri, 3 Jan 2025 11:19:59 +1100 Subject: [PATCH 4/5] skip aegis test for default zone --- .../resource_cloudflare_zone_settings_override_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/internal/sdkv2provider/resource_cloudflare_zone_settings_override_test.go b/internal/sdkv2provider/resource_cloudflare_zone_settings_override_test.go index 9dca1051d4..ffe526b1b3 100644 --- a/internal/sdkv2provider/resource_cloudflare_zone_settings_override_test.go +++ b/internal/sdkv2provider/resource_cloudflare_zone_settings_override_test.go @@ -249,6 +249,8 @@ resource "cloudflare_zone_settings_override" "%[1]s" { } func TestAccCloudflareZoneSettingsOverride_Aegis(t *testing.T) { + skipForDefaultZone(t, "Requires dedicated Aegis setup.") + zoneID := os.Getenv("CLOUDFLARE_ZONE_ID") rnd := generateRandomResourceName() name := "cloudflare_zone_settings_override." + rnd From ad5cb737df357c72649b3e46853094b5a3a74b6a Mon Sep 17 00:00:00 2001 From: Zaidoon Abd Al Hadi Date: Thu, 2 Jan 2025 21:39:44 -0500 Subject: [PATCH 5/5] add more tests --- ..._cloudflare_zone_settings_override_test.go | 49 +++++++++++++++++-- 1 file changed, 44 insertions(+), 5 deletions(-) diff --git a/internal/sdkv2provider/resource_cloudflare_zone_settings_override_test.go b/internal/sdkv2provider/resource_cloudflare_zone_settings_override_test.go index ffe526b1b3..fcae3209f1 100644 --- a/internal/sdkv2provider/resource_cloudflare_zone_settings_override_test.go +++ b/internal/sdkv2provider/resource_cloudflare_zone_settings_override_test.go @@ -260,23 +260,62 @@ func TestAccCloudflareZoneSettingsOverride_Aegis(t *testing.T) { ProviderFactories: providerFactories, Steps: []resource.TestStep{ { - Config: testAccCheckCloudflareZoneSettingsOverrideAegis(rnd, zoneID), + Config: testAccCheckCloudflareZoneSettingsOverrideAegisEnable(rnd, zoneID), Check: resource.ComposeTestCheckFunc( - testAccCheckCloudflareZoneSettings(name), - resource.TestCheckResourceAttr(name, "settings.0.aegis.0.pool_id", "example-pool"), + resource.TestCheckResourceAttr(name, "settings.0.aegis.0.pool_id", "cache-team-trakal-pool"), + resource.TestCheckResourceAttr(name, "settings.0.aegis.0.enabled", "true"), + ), + }, + { + Config: testAccCheckCloudflareZoneSettingsOverrideAegisDisable(rnd, zoneID), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(name, "settings.0.aegis.0.pool_id", ""), + resource.TestCheckResourceAttr(name, "settings.0.aegis.0.enabled", "false"), + ), + }, + { + Config: testAccCheckCloudflareZoneSettingsOverrideAegisEnableNoExplicitEnabled(rnd, zoneID), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(name, "settings.0.aegis.0.pool_id", "cache-team-trakal-pool"), + resource.TestCheckResourceAttr(name, "settings.0.aegis.0.enabled", "true"), ), }, }, }) } -func testAccCheckCloudflareZoneSettingsOverrideAegis(rnd, zoneID string) string { +func testAccCheckCloudflareZoneSettingsOverrideAegisEnable(rnd, zoneID string) string { + return fmt.Sprintf(` +resource "cloudflare_zone_settings_override" "%[1]s" { + zone_id = "%[2]s" + settings { + aegis { + enabled = true + pool_id = "cache-team-trakal-pool" + } + } +}`, rnd, zoneID) +} + +func testAccCheckCloudflareZoneSettingsOverrideAegisEnableNoExplicitEnabled(rnd, zoneID string) string { + return fmt.Sprintf(` +resource "cloudflare_zone_settings_override" "%[1]s" { + zone_id = "%[2]s" + settings { + aegis { + pool_id = "cache-team-trakal-pool" + } + } +}`, rnd, zoneID) +} + +func testAccCheckCloudflareZoneSettingsOverrideAegisDisable(rnd, zoneID string) string { return fmt.Sprintf(` resource "cloudflare_zone_settings_override" "%[1]s" { zone_id = "%[2]s" settings { aegis { - pool_id = "example-pool" + enabled = false } } }`, rnd, zoneID)