Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Access: add support for auto_redirect_to_identity #730

Merged
merged 2 commits into from
Jul 13, 2020
Merged

Access: add support for auto_redirect_to_identity #730

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5ccc341
Access: add support for auto_redirect_to_identity
xens Jul 9, 2020
6ad1598
fix schema ordering and nesting
jacobbednarz Jul 13, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 15 additions & 7 deletions cloudflare/resource_cloudflare_access_application.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,11 @@ func resourceCloudflareAccessApplication() *schema.Resource {
},
},
},
"auto_redirect_to_identity": {
Type: schema.TypeBool,
Optional: true,
Default: false,
},
},
}
}
Expand All @@ -102,9 +107,10 @@ func resourceCloudflareAccessApplicationCreate(d *schema.ResourceData, meta inte
zoneID := d.Get("zone_id").(string)

newAccessApplication := cloudflare.AccessApplication{
Name: d.Get("name").(string),
Domain: d.Get("domain").(string),
SessionDuration: d.Get("session_duration").(string),
Name: d.Get("name").(string),
Domain: d.Get("domain").(string),
SessionDuration: d.Get("session_duration").(string),
AutoRedirectToIdentity: d.Get("auto_redirect_to_identity").(bool),
}

if _, ok := d.GetOk("cors_headers"); ok {
Expand Down Expand Up @@ -141,6 +147,7 @@ func resourceCloudflareAccessApplicationRead(d *schema.ResourceData, meta interf
d.Set("aud", accessApplication.AUD)
d.Set("session_duration", accessApplication.SessionDuration)
d.Set("domain", accessApplication.Domain)
d.Set("auto_redirect_to_identity", accessApplication.AutoRedirectToIdentity)

corsConfig := convertCORSStructToSchema(d, accessApplication.CorsHeaders)
if corsConfigErr := d.Set("cors_headers", corsConfig); corsConfigErr != nil {
Expand All @@ -155,10 +162,11 @@ func resourceCloudflareAccessApplicationUpdate(d *schema.ResourceData, meta inte
zoneID := d.Get("zone_id").(string)

updatedAccessApplication := cloudflare.AccessApplication{
ID: d.Id(),
Name: d.Get("name").(string),
Domain: d.Get("domain").(string),
SessionDuration: d.Get("session_duration").(string),
ID: d.Id(),
Name: d.Get("name").(string),
Domain: d.Get("domain").(string),
SessionDuration: d.Get("session_duration").(string),
AutoRedirectToIdentity: d.Get("auto_redirect_to_identity").(bool),
}

if _, ok := d.GetOk("cors_headers"); ok {
Expand Down
49 changes: 45 additions & 4 deletions cloudflare/resource_cloudflare_access_application_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ func TestAccCloudflareAccessApplicationBasic(t *testing.T) {
resource.TestCheckResourceAttr(name, "domain", fmt.Sprintf("%s.%s", rnd, domain)),
resource.TestCheckResourceAttr(name, "session_duration", "24h"),
resource.TestCheckResourceAttr(name, "cors_headers.#", "0"),
resource.TestCheckResourceAttr(name, "auto_redirect_to_identity", "false"),
),
},
},
Expand Down Expand Up @@ -62,6 +63,32 @@ func TestAccCloudflareAccessApplicationWithCORS(t *testing.T) {
resource.TestCheckResourceAttr(name, "cors_headers.0.allowed_methods.#", "3"),
resource.TestCheckResourceAttr(name, "cors_headers.0.allowed_origins.#", "1"),
resource.TestCheckResourceAttr(name, "cors_headers.0.max_age", "10"),
resource.TestCheckResourceAttr(name, "auto_redirect_to_identity", "false"),
),
},
},
})
}

func TestAccCloudflareAccessApplicationWithAutoRedirectToIdentity(t *testing.T) {
rnd := generateRandomResourceName()
name := fmt.Sprintf("cloudflare_access_application.%s", rnd)

resource.Test(t, resource.TestCase{
PreCheck: func() {
testAccPreCheck(t)
},
Providers: testAccProviders,
CheckDestroy: testAccCheckCloudflareAccessApplicationDestroy,
Steps: []resource.TestStep{
{
Config: testAccCloudflareAccessApplicationConfigWithAutoRedirectToIdentity(rnd, zoneID, domain),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(name, "zone_id", zoneID),
resource.TestCheckResourceAttr(name, "name", rnd),
resource.TestCheckResourceAttr(name, "domain", fmt.Sprintf("%s.%s", rnd, domain)),
resource.TestCheckResourceAttr(name, "session_duration", "24h"),
resource.TestCheckResourceAttr(name, "auto_redirect_to_identity", "true"),
),
},
},
Expand All @@ -71,10 +98,11 @@ func TestAccCloudflareAccessApplicationWithCORS(t *testing.T) {
func testAccCloudflareAccessApplicationConfigBasic(rnd, zoneID, domain string) string {
return fmt.Sprintf(`
resource "cloudflare_access_application" "%[1]s" {
zone_id = "%[2]s"
name = "%[1]s"
domain = "%[1]s.%[3]s"
session_duration = "24h"
zone_id = "%[2]s"
name = "%[1]s"
domain = "%[1]s.%[3]s"
session_duration = "24h"
auto_redirect_to_identity = false
}
`, rnd, zoneID, domain)
}
Expand All @@ -92,6 +120,19 @@ resource "cloudflare_access_application" "%[1]s" {
allow_credentials = true
max_age = 10
}
auto_redirect_to_identity = false
}
`, rnd, zoneID, domain)
}

func testAccCloudflareAccessApplicationConfigWithAutoRedirectToIdentity(rnd, zoneID, domain string) string {
return fmt.Sprintf(`
resource "cloudflare_access_application" "%[1]s" {
zone_id = "%[2]s"
name = "%[1]s"
domain = "%[1]s.%[3]s"
session_duration = "24h"
auto_redirect_to_identity = true
}
`, rnd, zoneID, domain)
}
Expand Down
15 changes: 10 additions & 5 deletions website/docs/r/access_application.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,11 @@ authorisation gateway managed by Cloudflare.

```hcl
resource "cloudflare_access_application" "staging_app" {
zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe"
name = "staging application"
domain = "staging.example.com"
session_duration = "24h"
zone_id = "1d5fdc9e88c8a8c4518b068cd94331fe"
name = "staging application"
domain = "staging.example.com"
session_duration = "24h"
auto_redirect_to_identity = false
}

# With CORS configuration
Expand Down Expand Up @@ -66,7 +67,10 @@ The following arguments are supported:
requests.
* `max_age` - (Optional) Integer representing the maximum time a preflight
request will be cached.

* `auto_redirect_to_identity` - (Optional) Option to skip identity provider
selection if only one is configured in allowed_idps. Defaults to `false`
(disabled).

## Attributes Reference

The following additional attributes are exported:
Expand All @@ -75,6 +79,7 @@ The following additional attributes are exported:
* `aud` - Application Audience (AUD) Tag of the application
* `domain` - Domain of the application
* `session_duration` - Length of session for the application before prompting for a sign in
* `auto_redirect_to_identity` - If the IdP selection page is skipped or not

## Import

Expand Down