Skip to content

Commit

Permalink
Merge pull request #517 from cucxabong/import-account-access-rules
Browse files Browse the repository at this point in the history 
Support import 'cloudflare_access_rule' account & zone scope
  • Loading branch information
@sergeylanzman
sergeylanzman authored May 30, 2020
2 parents 859692b + 6d92614 commit 25a6b60
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 25 deletions.
6 changes: 4 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1095,13 +1095,15 @@ Example using a Cloudflare API Key and corresponding email:
```
export CLOUDFLARE_API_KEY=[CLOUDFLARE_API_KEY]
export CLOUDFLARE_EMAIL=[CLOUDFLARE_EMAIL]
export CLOUDFLARE_ACCOUNT_ID=[CLOUDFLARE_ACCOUNT_ID]
./terraformer import cloudflare --resources=firewall,dns
```

or using a Cloudflare API Token:

```
export CLOUDFLARE_API_TOKEN=[CLOUDFLARE_API_TOKEN]
export CLOUDFLARE_ACCOUNT_ID=[CLOUDFLARE_ACCOUNT_ID]
./terraformer import cloudflare --resources=firewall,dns
```

Expand Down Expand Up @@ -1329,15 +1331,15 @@ Example:
# Using Service Accounts
export GOOGLE_CREDENTIALS=/path/to/client_secret.json
export IMPERSONATED_USER_EMAIL="[email protected]"
# Using Application Default Credentials
gcloud auth application-default login \
--client-id-file=client_secret.json \
--scopes \
https://www.googleapis.com/auth/gmail.labels,\
https://www.googleapis.com/auth/gmail.settings.basic
./terraformer import gmailfilter -r=filter,label
./terraformer import gmailfilter -r=filter,label
```

List of supported GmailFilter resources:
Expand Down
6 changes: 4 additions & 2 deletions providers/cloudflare/cloudflare_service.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ func (s *CloudflareService) initializeAPI() (*cf.API, error) {
apiKey := os.Getenv("CLOUDFLARE_API_KEY")
apiEmail := os.Getenv("CLOUDFLARE_EMAIL")
apiToken := os.Getenv("CLOUDFLARE_API_TOKEN")
accountID := os.Getenv("CLOUDFLARE_ACCOUNT_ID")

if apiToken == "" && (apiEmail == "" || apiKey == "") {
err := errors.New("Either CLOUDFLARE_API_TOKEN or CLOUDFLARE_API_KEY/CLOUDFLARE_EMAIL environment variables must be set")
Expand All @@ -39,7 +40,8 @@ func (s *CloudflareService) initializeAPI() (*cf.API, error) {
}

if apiToken != "" {
return cf.NewWithAPIToken(apiToken)
return cf.NewWithAPIToken(apiToken, cf.UsingAccount(accountID))
}
return cf.New(apiKey, apiEmail)

return cf.New(apiKey, apiEmail, cf.UsingAccount(accountID))
}
104 changes: 83 additions & 21 deletions providers/cloudflare/firewall.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,13 @@
// See the License for the specific language governing permissions and
// limitations under the License.

//cloudflare_access_rule
//cloudflare_rate_limit

package cloudflare

import (
"fmt"
"log"

"github.com/GoogleCloudPlatform/terraformer/terraformutils"
cf "github.com/cloudflare/cloudflare-go"
"strings"
)

type FirewallGenerator struct {
Expand All @@ -36,7 +32,6 @@ func (*FirewallGenerator) createZoneLockdownsResources(api *cf.API, zoneID, zone
for {
zonelockdowns, err := api.ListZoneLockdowns(zoneID, page)
if err != nil {
log.Println(err)
return resources, err
}
for _, zonelockdown := range zonelockdowns.Result {
Expand Down Expand Up @@ -64,37 +59,96 @@ func (*FirewallGenerator) createZoneLockdownsResources(api *cf.API, zoneID, zone
return resources, nil
}

func (*FirewallGenerator) createAccessRuleResources(api *cf.API, zoneID, zoneName string) ([]terraformutils.Resource, error) {
func (g *FirewallGenerator) createAccountAccessRuleResources(api *cf.API) ([]terraformutils.Resource, error) {
resources := []terraformutils.Resource{}
accessRules, err := api.ListZoneAccessRules(zoneID, cf.AccessRule{}, 1)
rules, err := api.ListAccountAccessRules(api.AccountID, cf.AccessRule{}, 1)
if err != nil {
log.Println(err)
return resources, err
}

for _, r := range accessRules.Result {
resources = append(resources, terraformutils.NewResource(
r.ID,
fmt.Sprintf("%s_%s", zoneName, r.ID),
totalPages := rules.TotalPages
for _, rule := range rules.Result {
resources = append(resources, terraformutils.NewSimpleResource(
rule.ID,
rule.ID,
"cloudflare_access_rule",
"cloudflare",
map[string]string{
"zone_id": zoneID,
"zone": zoneName,
},
[]string{},
map[string]interface{}{},
))
}

for page := 2; page <= totalPages; page++ {
rules, err := api.ListAccountAccessRules(api.AccountID, cf.AccessRule{}, page)
if err != nil {
return resources, err
}
for _, rule := range rules.Result {
resources = append(resources, terraformutils.NewSimpleResource(
rule.ID,
rule.ID,
"cloudflare_access_rule",
"cloudflare",
[]string{},
))
}
}

return resources, nil
}

func (*FirewallGenerator) createZoneAccessRuleResources(api *cf.API, zoneID, zoneName string) ([]terraformutils.Resource, error) {
resources := []terraformutils.Resource{}
rules, err := api.ListZoneAccessRules(zoneID, cf.AccessRule{}, 1)
if err != nil {
return resources, err
}

totalPages := rules.TotalPages
for _, r := range rules.Result {
if strings.Compare(r.Scope.Type, "organization") != 0 {
resources = append(resources, terraformutils.NewResource(
r.ID,
fmt.Sprintf("%s_%s", zoneName, r.ID),
"cloudflare_access_rule",
"cloudflare",
map[string]string{
"zone_id": zoneID,
},
[]string{},
map[string]interface{}{},
))
}
}

for page := 2; page <= totalPages; page++ {
rules, err := api.ListZoneAccessRules(zoneID, cf.AccessRule{}, page)
if err != nil {
return resources, err
}
for _, r := range rules.Result {
if strings.Compare(r.Scope.Type, "organization") != 0 {
resources = append(resources, terraformutils.NewResource(
r.ID,
fmt.Sprintf("%s_%s", zoneName, r.ID),
"cloudflare_access_rule",
"cloudflare",
map[string]string{
"zone_id": zoneID,
},
[]string{},
map[string]interface{}{},
))
}
}
}

return resources, nil
}

func (*FirewallGenerator) createFilterResources(api *cf.API, zoneID, zoneName string) ([]terraformutils.Resource, error) {
resources := []terraformutils.Resource{}
filters, err := api.Filters(zoneID, cf.PaginationOptions{})
if err != nil {
log.Println(err)
return resources, err
}

Expand All @@ -120,7 +174,6 @@ func (*FirewallGenerator) createFirewallRuleResources(api *cf.API, zoneID, zoneN

fwrules, err := api.FirewallRules(zoneID, cf.PaginationOptions{})
if err != nil {
log.Println(err)
return resources, err
}
for _, rule := range fwrules {
Expand All @@ -146,6 +199,15 @@ func (g *FirewallGenerator) InitResources() error {
return err
}

if len(api.AccountID) > 0 {
resources, err := g.createAccountAccessRuleResources(api)
if err != nil {
return err
}
g.Resources = append(g.Resources, resources...)

}

zones, err := api.ListZones()
if err != nil {
return err
Expand All @@ -154,7 +216,7 @@ func (g *FirewallGenerator) InitResources() error {
funcs := []func(*cf.API, string, string) ([]terraformutils.Resource, error){
g.createFirewallRuleResources,
g.createFilterResources,
g.createAccessRuleResources,
g.createZoneAccessRuleResources,
g.createZoneLockdownsResources,
}

Expand Down

0 comments on commit 25a6b60

Please sign in to comment.