cloudflare · jacobbednarz · Oct 16, 2023 · Oct 9, 2023 · Oct 11, 2023 · Oct 12, 2023
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/cloudflare_teams_accounts: Add support for setting ssh encryption key in ZT settings
+```
@@ -106,6 +106,18 @@ func resourceCloudflareTeamsAccountRead(ctx context.Context, d *schema.ResourceD
 		return diag.FromErr(fmt.Errorf("error parsing teams account device settings: %w", err))
 	}
 
+	sshSessionLogSettings, _, err := client.GetAuditSSHSettings(ctx, cloudflare.AccountIdentifier(accountID), cloudflare.GetAuditSSHSettingsParams{})
+	if err == nil {
+		if err := d.Set("ssh_session_log", flattenSSHSessionLogSettings(&sshSessionLogSettings)); err != nil {
+			return diag.FromErr(fmt.Errorf("error parsing payload log settings: %w", err))
+		}
+	} else {
+		var notFoundError *cloudflare.NotFoundError
+		if !errors.As(err, &notFoundError) {
+			return diag.FromErr(fmt.Errorf("error finding SSH session account settings %q: %w", d.Id(), err))
+		}
+	}
+
 	payloadLogSettings, err := client.GetDLPPayloadLogSettings(ctx, cloudflare.AccountIdentifier(accountID), cloudflare.GetDLPPayloadLogSettingsParams{})
 	if err == nil {
 		if err := d.Set("payload_log", flattenPayloadLogSettings(&payloadLogSettings)); err != nil {
@@ -130,6 +142,7 @@ func resourceCloudflareTeamsAccountUpdate(ctx context.Context, d *schema.Resourc
 	loggingConfig := inflateLoggingSettings(d.Get("logging"))
 	deviceConfig := inflateDeviceSettings(d.Get("proxy"))
 	payloadLogSettings := inflatePayloadLogSettings(d.Get("payload_log"))
+	sshSessionLogSettings := inflateSSHSessionLogSettings(d.Get("ssh_session_log"))
 	updatedTeamsAccount := cloudflare.TeamsConfiguration{
 		Settings: cloudflare.TeamsAccountSettings{
 			Antivirus: antivirusConfig,
@@ -180,6 +193,12 @@ func resourceCloudflareTeamsAccountUpdate(ctx context.Context, d *schema.Resourc
 		}
 	}
 
+	if sshSessionLogSettings != nil {
+		if _, err := client.UpdateAuditSSHSettings(ctx, cloudflare.AccountIdentifier(accountID), cloudflare.UpdateAuditSSHSettingsParams{PublicKey: sshSessionLogSettings.PublicKey}); err != nil {
+			return diag.FromErr(fmt.Errorf("error updating SSH session account settings %q: %w", accountID, err))
+		}
+	}
+
 	if payloadLogSettings != nil {
 		if _, err := client.UpdateDLPPayloadLogSettings(ctx, cloudflare.AccountIdentifier(accountID), *payloadLogSettings); err != nil {
 			return diag.FromErr(fmt.Errorf("error updating DLP Account configuration for account %q: %w", accountID, err))
@@ -379,6 +398,24 @@ func inflateDeviceSettings(device interface{}) *cloudflare.TeamsDeviceSettings {
 		RootCertificateInstallationEnabled: deviceSettings["root_ca"].(bool),
 	}
 }
+func flattenSSHSessionLogSettings(logSettings *cloudflare.AuditSSHSettings) []interface{} {
+	return []interface{}{map[string]interface{}{
+		"public_key": logSettings.PublicKey,
+	}}
+}
+
+func inflateSSHSessionLogSettings(payloadLog interface{}) *cloudflare.AuditSSHSettings {
+	payloadLogList := payloadLog.([]interface{})
+	if len(payloadLogList) != 1 {
+		return nil
+	}
+
+	payloadLogMap := payloadLogList[0].(map[string]interface{})
+	publicKey := payloadLogMap["public_key"].(string)
+	return &cloudflare.AuditSSHSettings{
+		PublicKey: publicKey,
+	}
+}
 
 func flattenPayloadLogSettings(payloadLogSettings *cloudflare.DLPPayloadLogSettings) []interface{} {
 	return []interface{}{map[string]interface{}{

@@ -53,6 +53,7 @@ func TestAccCloudflareTeamsAccounts_ConfigurationBasic(t *testing.T) {
 					resource.TestCheckResourceAttr(name, "proxy.0.udp", "false"),
 					resource.TestCheckResourceAttr(name, "proxy.0.root_ca", "true"),
 					resource.TestCheckResourceAttr(name, "payload_log.0.public_key", "EmpOvSXw8BfbrGCi0fhGiD/3yXk2SiV1Nzg2lru3oj0="),
+					resource.TestCheckResourceAttr(name, "ssh_session_log.0.public_key", "testvSXw8BfbrGCi0fhGiD/3yXk2SiV1Nzg2lru3oj0="),
 				),
 			},
 		},
@@ -106,6 +107,9 @@ resource "cloudflare_teams_account" "%[1]s" {
       }
     }
   }
+  ssh_session_log {
+	public_key = "testvSXw8BfbrGCi0fhGiD/3yXk2SiV1Nzg2lru3oj0="
+  }
   payload_log {
 	public_key = "EmpOvSXw8BfbrGCi0fhGiD/3yXk2SiV1Nzg2lru3oj0="
   }

@@ -76,6 +76,15 @@ func resourceCloudflareTeamsAccountSchema() map[string]*schema.Schema {
 			},
 			Description: "Configuration block for specifying which protocols are proxied.",
 		},
+		"ssh_session_log": {
+			Type:     schema.TypeList,
+			MaxItems: 1,
+			Optional: true,
+			Elem: &schema.Resource{
+				Schema: sshSessionLogSchema,
+			},
+			Description: "Configuration for SSH Session Logging.",
+		},
 		"payload_log": {
 			Type:     schema.TypeList,
 			MaxItems: 1,
@@ -232,6 +241,14 @@ var loggingEnabledSchema = map[string]*schema.Schema{
 	},
 }
 
+var sshSessionLogSchema = map[string]*schema.Schema{
+	"public_key": {
+		Type:        schema.TypeString,
+		Required:    true,
+		Description: "Public key used to encrypt ssh session.",
+	},
+}
+
 var payloadLogSchema = map[string]*schema.Schema{
 	"public_key": {
 		Type:        schema.TypeString,