-
Notifications
You must be signed in to change notification settings - Fork 632
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
checks if universal_ssl is set in resource configuration to avoid permission issues with strictly scoped API tokens #663
Conversation
That should be it. |
_, err := client.EditUniversalSSLSetting(zoneID, cloudflare.UniversalSSLSetting{Enabled: boolFromString(setting.Value.(string))}) | ||
if err != nil { | ||
return zoneSettings, err | ||
if setting.Value.(string) != "" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any reason why we can't have the if
above this as if setting.ID == "universal_ssl && setting.Value.(string) != ""
to avoid the extra nesting?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In case universal_ssl is an empty string in initial_settings we would not remove the element from the slice, passing it to client.UpdateZoneSettings
where it's unknown. That could happen when the resource is removed and we did not have initial_settings for this
As this identified a regression, we should add a test case to ensure that the scenario encountered is covered going forward. |
I've added to |
This has introduced a new failure in the CI suite.
|
Can you share how you executed them? This is me running the tests for zone settings override:
|
This is coming from our CI suite which piggy backs off |
I have them exported and can see the test making API calls. I can't reproduce right now but will investigate. I'm actually wondering because this part of the existing test wasn't touched. |
Okay, that one happens when the initial setting of the zone the test is running against has universal SSL enabled. |
This should fix the test. We won't pull from the Universal SSL API when we did not have an initial setting. Furthermore we don't know to which initial setting to revert when the resource is deleted. That's actually the scenario that is covered in the Full test. If the universal_ssl setting was set to |
…form-provider-cloudflare into cehrig/universal-ssl-backwards-compatibility-with-scoped-api-tokens
Thanks, we're all good on the integration tests ⭐ |
…or-waf-specifics rulesets: add more WAF coverage
@jacobbednarz we came across backwards compatibility issues with strictly scoped API tokens, causing Reads to fail when the token has no permissions reading from the Universal SSL API.
I'm checking if unviersal_ssl is set in the current configuration and skipping API calls if that's not the case