Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: updated gateway rule action audit ssh and rule properties #2303

Merged
merged 5 commits into from
Mar 30, 2023
Merged

feat: updated gateway rule action audit ssh and rule properties #2303

merged 5 commits into from
Mar 30, 2023

Conversation

rexscaria
Copy link
Contributor

@rexscaria rexscaria commented Mar 20, 2023
edited by jacobbednarz
Loading

No breaking changes. Just updating some new api properties.

Closes #2316

@rexscaria rexscaria requested a review from jacobbednarz as a code owner March 20, 2023 14:45
@github-actions
Copy link
Contributor

github-actions bot commented Mar 20, 2023
edited
Loading

changelog detected ✅

@rexscaria rexscaria force-pushed the rex/gateway-audit-ssh-changes branch from 0fa2742 to 7b8ddc5 Compare March 20, 2023 14:49
jacobbednarz
jacobbednarz requested changes Mar 20, 2023
View reviewed changes
Copy link
Member

@jacobbednarz jacobbednarz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i added some comments inline but do sing out if you have any questions/issues.

once you're ready, you'll also want to run make docs to generate the automatic registry documentation.

.changelog/2303.txt Outdated Show resolved Hide resolved
internal/sdkv2provider/schema_cloudflare_teams_rules.go Show resolved Hide resolved
@rexscaria rexscaria force-pushed the rex/gateway-audit-ssh-changes branch 2 times, most recently from 40c75ec to c296cc1 Compare March 21, 2023 15:58
@rexscaria
Copy link
Contributor Author

@jacobbednarz All suggestions are applied and doc generated. Thanks

@jacobbednarz
Copy link
Member

i think we may need to do some work here as the test suite is failing for non-tenants.

=== RUN   TestAccCloudflareTeamsRuleBasic
    resource_cloudflare_teams_rules_test.go:26: Step 1/1 error: Error running apply: exit status 1

        Error: error creating Teams rule for account "f037e56e89293a057740de681ac9abbe": Bypass settings cannot be set for non-tenant accounts (2020)

          with cloudflare_teams_rule.piflgoxaaq,
          on terraform_plugin_test.tf line 2, in resource "cloudflare_teams_rule" "piflgoxaaq":
           2: resource "cloudflare_teams_rule" "piflgoxaaq" {

--- FAIL: TestAccCloudflareTeamsRuleBasic (6.25s)
FAIL
FAIL	github.com/cloudflare/terraform-provider-cloudflare/internal/sdkv2provider	7.484s

which means a large portion of the user base will be broken if we merge and release this. we'll need the fields to be conditionally sent only if they are specified in the config.

@rexscaria
Copy link
Contributor Author

rexscaria commented Mar 22, 2023 via email

@rexscaria rexscaria force-pushed the rex/gateway-audit-ssh-changes branch from bc0921b to 497c595 Compare March 22, 2023 15:27
@rexscaria
Copy link
Contributor Author

i think we may need to do some work here as the test suite is failing for non-tenants.

=== RUN   TestAccCloudflareTeamsRuleBasic
    resource_cloudflare_teams_rules_test.go:26: Step 1/1 error: Error running apply: exit status 1

        Error: error creating Teams rule for account "f037e56e89293a057740de681ac9abbe": Bypass settings cannot be set for non-tenant accounts (2020)

          with cloudflare_teams_rule.piflgoxaaq,
          on terraform_plugin_test.tf line 2, in resource "cloudflare_teams_rule" "piflgoxaaq":
           2: resource "cloudflare_teams_rule" "piflgoxaaq" {

--- FAIL: TestAccCloudflareTeamsRuleBasic (6.25s)
FAIL
FAIL	github.com/cloudflare/terraform-provider-cloudflare/internal/sdkv2provider	7.484s

which means a large portion of the user base will be broken if we merge and release this. we'll need the fields to be conditionally sent only if they are specified in the config.

How exactly did you run this test? I feel like I am missing some account credentials when i run this

@jacobbednarz
Copy link
Member

you can run make testacc which initiates the acceptance test suite. you will need additional environment variables that the acceptance test will prompt you for (like CLOUDFLARE_ZONE_ID, etc).

my usual invocation looks like this (minus some env vars) - TEST="./internal/sdkv2provider" TESTARGS='-run "^TestAccCloudflareTeamsRuleBasic"' make testacc

@jacobbednarz
Copy link
Member

i think the part of the issue is that even though the values are being sent as false but the service is not expecting it to be defined at all.

request

{
  "name": "gdruuwmzcg",
  "description": "desc",
  "precedence": 12302004,
  "enabled": false,
  "action": "block",
  "filters": [
    "dns"
  ],
  "traffic": "any(dns.domains[*] == \"example.com\")",
  "identity": "",
  "device_posture": "",
  "version": 0,
  "rule_settings": {
    "override_ips": null,
    "block_reason": "cuz",
    "override_host": "",
    "biso_admin_controls": null,
    "l4override": null,
    "add_headers": {},
    "check_session": null,
    "block_page_enabled": false,
    "insecure_disable_dnssec_validation": false,
    "egress": {
      "ipv6": "2001:db8::/32",
      "ipv4": "203.0.113.1",
      "ipv4_fallback": ""
    },
    "payload_log": {
      "enabled": true
    },
    "audit_ssh": null,
    "ip_categories": false,
    "allow_child_bypass": false,
    "bypass_parent_rule": false,
    "untrusted_cert": {
      "action": "error"
    }
  }
}

response

{
  "result": null,
  "success": false,
  "errors": [
    {
      "code": 2020,
      "message": "Bypass settings cannot be set for non-tenant accounts"
    }
  ],
  "messages": []
}

@jacobbednarz jacobbednarz mentioned this pull request Mar 22, 2023
Closed
2 tasks
@rexscaria rexscaria force-pushed the rex/gateway-audit-ssh-changes branch 2 times, most recently from f4ad684 to 0c66c23 Compare March 24, 2023 17:27
@jacobbednarz
Copy link
Member

with the latest cloudflare-go changes shimmed in, this looks much better, thanks! once that lands, i'll update this branch and we can get it merged in.

@jacobbednarz jacobbednarz added the workflow/pending-upstream-library Indicates an issue or PR requires changes from an upstream library. label Mar 27, 2023
@rexscaria rexscaria force-pushed the rex/gateway-audit-ssh-changes branch from 8c68bd7 to 655028b Compare March 27, 2023 16:32
@rexscaria
Copy link
Contributor Author

Thanks Jacob.

@jacobbednarz
Copy link
Member

acceptance tests all passing

TF_ACC=1 go test ./internal/sdkv2provider -v -run "^TestAccCloudflareTeamsRuleBasic" -timeout 120m -parallel 1
=== RUN   TestAccCloudflareTeamsRuleBasic
--- PASS: TestAccCloudflareTeamsRuleBasic (13.14s)
PASS
ok  	github.com/cloudflare/terraform-provider-cloudflare/internal/sdkv2provider	14.168s

@jacobbednarz jacobbednarz merged commit 5083cd6 into cloudflare:master Mar 30, 2023
@github-actions github-actions bot added this to the v4.3.0 milestone Mar 30, 2023
github-actions bot pushed a commit that referenced this pull request Mar 30, 2023
Update CHANGELOG.md for #2303
5fbb3e0
@github-actions
Copy link
Contributor

github-actions bot commented Apr 4, 2023

This functionality has been released in v4.3.0 of the Terraform Cloudflare Provider.

Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 4, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jacobbednarz jacobbednarz jacobbednarz requested changes

Assignees
No one assigned
Labels
workflow/pending-upstream-library Indicates an issue or PR requires changes from an upstream library.
Projects
None yet
Milestone
v4.3.0
Development

Successfully merging this pull request may close these issues.

cloudflare_teams_rule the behaviour change since the version 4.2.0
2 participants
@rexscaria @jacobbednarz