From 04ebb2eda822480fa7be219f52176d10ce898175 Mon Sep 17 00:00:00 2001 From: George Webb Date: Thu, 26 Oct 2023 15:52:03 +0100 Subject: [PATCH] Add support for `body_scanning` to `cloudflare_teams_account` --- .changelog/2887.txt | 3 ++ docs/resources/teams_account.md | 4 +++ .../cloudflare_teams_account/resource.tf | 4 +++ .../resource_cloudflare_access_policy_test.go | 3 ++ .../resource_cloudflare_teams_accounts.go | 32 +++++++++++++++++-- ...resource_cloudflare_teams_accounts_test.go | 4 +++ .../schema_cloudflare_teams_accounts.go | 19 +++++++++++ 7 files changed, 66 insertions(+), 3 deletions(-) create mode 100644 .changelog/2887.txt diff --git a/.changelog/2887.txt b/.changelog/2887.txt new file mode 100644 index 00000000000..1596d684f37 --- /dev/null +++ b/.changelog/2887.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/cloudflare_teams_account: add support for `body_scanning` config +``` diff --git a/docs/resources/teams_account.md b/docs/resources/teams_account.md index 84ddb032157..3d15e250699 100644 --- a/docs/resources/teams_account.md +++ b/docs/resources/teams_account.md @@ -26,6 +26,10 @@ resource "cloudflare_teams_account" "example" { background_color = "#000000" } + body_scanning { + inspection_mode = "deep" + } + antivirus { enabled_download_phase = true enabled_upload_phase = false diff --git a/examples/resources/cloudflare_teams_account/resource.tf b/examples/resources/cloudflare_teams_account/resource.tf index 3ee23738aca..2c020a1708a 100644 --- a/examples/resources/cloudflare_teams_account/resource.tf +++ b/examples/resources/cloudflare_teams_account/resource.tf @@ -10,6 +10,10 @@ resource "cloudflare_teams_account" "example" { background_color = "#000000" } + body_scanning { + inspection_mode = "deep" + } + antivirus { enabled_download_phase = true enabled_upload_phase = false diff --git a/internal/sdkv2provider/resource_cloudflare_access_policy_test.go b/internal/sdkv2provider/resource_cloudflare_access_policy_test.go index a5a86e9d9d3..ed4bbed99b5 100644 --- a/internal/sdkv2provider/resource_cloudflare_access_policy_test.go +++ b/internal/sdkv2provider/resource_cloudflare_access_policy_test.go @@ -993,6 +993,9 @@ func testAccessPolicyIsolationRequiredConfig(resourceID, zone, accountID string) mailto_subject = "hello" mailto_address = "test@cloudflare.com" } + body_scanning { + inspection_mode = "deep" + } fips { tls = true } diff --git a/internal/sdkv2provider/resource_cloudflare_teams_accounts.go b/internal/sdkv2provider/resource_cloudflare_teams_accounts.go index 4eb696dbb72..4ffac2f4364 100644 --- a/internal/sdkv2provider/resource_cloudflare_teams_accounts.go +++ b/internal/sdkv2provider/resource_cloudflare_teams_accounts.go @@ -52,6 +52,12 @@ func resourceCloudflareTeamsAccountRead(ctx context.Context, d *schema.ResourceD } } + if configuration.Settings.BodyScanning != nil { + if err := d.Set("body_scanning", flattenBodyScanningConfig(configuration.Settings.BodyScanning)); err != nil { + return diag.FromErr(fmt.Errorf("error parsing account body scanning config: %w", err)) + } + } + if configuration.Settings.Antivirus != nil { if err := d.Set("antivirus", flattenAntivirusConfig(configuration.Settings.Antivirus)); err != nil { return diag.FromErr(fmt.Errorf("error parsing account antivirus config: %w", err)) @@ -140,6 +146,7 @@ func resourceCloudflareTeamsAccountUpdate(ctx context.Context, d *schema.Resourc client := meta.(*cloudflare.API) accountID := d.Get(consts.AccountIDSchemaKey).(string) blockPageConfig := inflateBlockPageConfig(d.Get("block_page")) + bodyScanningConfig := inflateBodyScanningConfig(d.Get("body_scanning")) fipsConfig := inflateFIPSConfig(d.Get("fips")) antivirusConfig := inflateAntivirusConfig(d.Get("antivirus")) loggingConfig := inflateLoggingSettings(d.Get("logging")) @@ -148,9 +155,10 @@ func resourceCloudflareTeamsAccountUpdate(ctx context.Context, d *schema.Resourc sshSessionLogSettings := inflateSSHSessionLogSettings(d.Get("ssh_session_log")) updatedTeamsAccount := cloudflare.TeamsConfiguration{ Settings: cloudflare.TeamsAccountSettings{ - Antivirus: antivirusConfig, - BlockPage: blockPageConfig, - FIPS: fipsConfig, + Antivirus: antivirusConfig, + BlockPage: blockPageConfig, + FIPS: fipsConfig, + BodyScanning: bodyScanningConfig, }, } @@ -275,6 +283,24 @@ func inflateBlockPageConfig(blockPage interface{}) *cloudflare.TeamsBlockPage { } } +func flattenBodyScanningConfig(bodyScanningConfig *cloudflare.TeamsBodyScanning) []interface{} { + return []interface{}{map[string]interface{}{ + "inspection_mode": bodyScanningConfig.InspectionMode, + }} +} + +func inflateBodyScanningConfig(bodyScanning interface{}) *cloudflare.TeamsBodyScanning { + bodyScanningList := bodyScanning.([]interface{}) + if len(bodyScanningList) != 1 { + return nil + } + + bodyScanningMap := bodyScanningList[0].(map[string]interface{}) + return &cloudflare.TeamsBodyScanning{ + InspectionMode: bodyScanningMap["inspection_mode"].(string), + } +} + func flattenAntivirusConfig(antivirusConfig *cloudflare.TeamsAntivirus) []interface{} { return []interface{}{map[string]interface{}{ "enabled_download_phase": antivirusConfig.EnabledDownloadPhase, diff --git a/internal/sdkv2provider/resource_cloudflare_teams_accounts_test.go b/internal/sdkv2provider/resource_cloudflare_teams_accounts_test.go index 402f84d0201..4b353673421 100644 --- a/internal/sdkv2provider/resource_cloudflare_teams_accounts_test.go +++ b/internal/sdkv2provider/resource_cloudflare_teams_accounts_test.go @@ -42,6 +42,7 @@ func TestAccCloudflareTeamsAccounts_ConfigurationBasic(t *testing.T) { resource.TestCheckResourceAttr(name, "block_page.0.mailto_address", "test@cloudflare.com"), resource.TestCheckResourceAttr(name, "block_page.0.background_color", "#000000"), resource.TestCheckResourceAttr(name, "block_page.0.logo_path", "https://example.com"), + resource.TestCheckResourceAttr(name, "body_scanning.0.inspection_mode", "deep"), resource.TestCheckResourceAttr(name, "logging.0.redact_pii", "true"), resource.TestCheckResourceAttr(name, "logging.0.settings_by_rule_type.0.dns.0.log_all", "false"), resource.TestCheckResourceAttr(name, "logging.0.settings_by_rule_type.0.dns.0.log_blocks", "true"), @@ -80,6 +81,9 @@ resource "cloudflare_teams_account" "%[1]s" { mailto_subject = "hello" mailto_address = "test@cloudflare.com" } + body_scanning { + inspection_mode = "deep" + } fips { tls = true } diff --git a/internal/sdkv2provider/schema_cloudflare_teams_accounts.go b/internal/sdkv2provider/schema_cloudflare_teams_accounts.go index c6b230331ab..57ae4c63f38 100644 --- a/internal/sdkv2provider/schema_cloudflare_teams_accounts.go +++ b/internal/sdkv2provider/schema_cloudflare_teams_accounts.go @@ -3,6 +3,7 @@ package sdkv2provider import ( "github.com/cloudflare/terraform-provider-cloudflare/internal/consts" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" ) func resourceCloudflareTeamsAccountSchema() map[string]*schema.Schema { @@ -21,6 +22,15 @@ func resourceCloudflareTeamsAccountSchema() map[string]*schema.Schema { Schema: blockPageSchema, }, }, + "body_scanning": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Description: "Configuration for body scanning.", + Elem: &schema.Resource{ + Schema: bodyScanningSchema, + }, + }, "fips": { Type: schema.TypeList, MaxItems: 1, @@ -155,6 +165,15 @@ var blockPageSchema = map[string]*schema.Schema{ }, } +var bodyScanningSchema = map[string]*schema.Schema{ + "inspection_mode": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice([]string{"deep", "shallow"}, false), + Description: "Body scanning inspection mode.", + }, +} + var antivirusSchema = map[string]*schema.Schema{ "enabled_download_phase": { Type: schema.TypeBool,