Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

checks if universal_ssl is set in resource configuration to avoid permission issues with strictly scoped API tokens #663

Merged
merged 7 commits into from
Apr 27, 2020
Merged

checks if universal_ssl is set in resource configuration to avoid permission issues with strictly scoped API tokens #663

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
5d666c7
checks if universal_ssl is set in schema before making API calls
Apr 22, 2020
5090eb2
fixing typo
Apr 22, 2020
6343fad
using GetOk
Apr 22, 2020
99550ec
skip updating ussl status when deleting resource and initial_settings…
Apr 22, 2020
75b0332
adds test
Apr 23, 2020
0a5a7cf
skipping ussl attribute
Apr 24, 2020
fb33aa6
Merge branch 'master' of https://github.com/terraform-providers/terra…
Apr 24, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 15 additions & 8 deletions cloudflare/resource_cloudflare_zone_settings_override.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -509,9 +509,11 @@ func resourceCloudflareZoneSettingsOverrideCreate(d *schema.ResourceData, meta i
return err
}

// pulling USSL status and wrapping it into a cloudflare.ZoneSetting that we can set initial_settings
if err = updateZoneSettingsResponseWithUniversalSSLSettings(zoneSettings, d.Id(), client); err != nil {
return err
if _, ok := d.GetOk("settings.0.universal_ssl"); ok {
// pulling USSL status and wrapping it into a cloudflare.ZoneSetting that we can set initial_settings
if err = updateZoneSettingsResponseWithUniversalSSLSettings(zoneSettings, d.Id(), client); err != nil {
return err
}
}

log.Printf("[DEBUG] Read CloudflareZone initial settings: %#v", zoneSettings)
Expand Down Expand Up @@ -587,8 +589,10 @@ func resourceCloudflareZoneSettingsOverrideRead(d *schema.ResourceData, meta int
return err
}

if err = updateZoneSettingsResponseWithUniversalSSLSettings(zoneSettings, d.Id(), client); err != nil {
return err
if _, ok := d.GetOk("settings.0.universal_ssl"); ok {
if err = updateZoneSettingsResponseWithUniversalSSLSettings(zoneSettings, d.Id(), client); err != nil {
return err
}
}

log.Printf("[DEBUG] Read CloudflareZone Settings: %#v", zoneSettings)
Expand Down Expand Up @@ -689,10 +693,13 @@ func updateSingleZoneSettings(zoneSettings []cloudflare.ZoneSetting, client *clo
func updateUniversalSSLSetting(zoneSettings []cloudflare.ZoneSetting, client *cloudflare.API, zoneID string) ([]cloudflare.ZoneSetting, error) {
indexToCut := -1
for i, setting := range zoneSettings {
// Skipping USSL Update if value is empty, especially when we are reverting to the initial state and we did not had the information
if setting.ID == "universal_ssl" {
_, err := client.EditUniversalSSLSetting(zoneID, cloudflare.UniversalSSLSetting{Enabled: boolFromString(setting.Value.(string))})
if err != nil {
return zoneSettings, err
if setting.Value.(string) != "" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any reason why we can't have the if above this as if setting.ID == "universal_ssl && setting.Value.(string) != "" to avoid the extra nesting?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In case universal_ssl is an empty string in initial_settings we would not remove the element from the slice, passing it to client.UpdateZoneSettings where it's unknown. That could happen when the resource is removed and we did not have initial_settings for this

_, err := client.EditUniversalSSLSetting(zoneID, cloudflare.UniversalSSLSetting{Enabled: boolFromString(setting.Value.(string))})
if err != nil {
return zoneSettings, err
}
}
indexToCut = i
}
Expand Down
8 changes: 8 additions & 0 deletions cloudflare/resource_cloudflare_zone_settings_override_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,11 @@ func testAccCheckCloudflareZoneSettingsEmpty(n string) resource.TestCheckFunc {
return fmt.Errorf("No Zone ID is set")
}

// Test if universal_ssl is not read from the API when it's not provided in the configuration
if rs.Primary.Attributes["initial_settings.0.universal_ssl"] != "" {
return fmt.Errorf("initial_settings.0.universal_ssl is not empty when it should be")
}

for k, v := range rs.Primary.Attributes {
if strings.Contains(k, "initial_settings") && k != "initial_settings_read_at" && !strings.Contains(k, "#") {
currentSettingKey := strings.TrimPrefix(k, "initial_")
Expand Down Expand Up @@ -216,6 +221,9 @@ func testAccCheckInitialZoneSettings(zoneID string, initialSettings map[string]i
}

for _, zs := range foundZone.Result {
if zs.ID == "universal_ssl" {
continue
}
if !reflect.DeepEqual(zs.Value, initialSettings[zs.ID]) {
return fmt.Errorf("Final setting for %q: %+v not equal to initial setting: %+v", zs.ID, zs.Value, initialSettings[zs.ID])
}
Expand Down