Merge pull request #4143 from SaiDadireddy/sdadireddy/fix-access-tage…

…t-descriptions

Fix descriptions for infra target data source and infra app resource

.semgrep.yml

@@ -18,8 +18,11 @@ rules:
         - 'internal/sdkv2provider/resource_cloudflare_fallback_domain_test.go'
     patterns:
       - pattern-regex: '\d+\.\d+\.\d+\.\d+'
+      - pattern-not-regex: '-\d+\.\d+\.\d+\.\d+'
       - pattern-not: '127.0.0.1'
       - pattern-not: '0.0.0.0'
+      - pattern-not: '1.1.1.1'
+      - pattern-not: '1.0.0.1'
       - pattern-not-regex: '10\.\d+\.\d+.\d+'
       - pattern-not-regex: '192\.168\.\d+.\d+'
       - pattern-not-regex: '192\.0\.2\.\d+'    # 192.0.2.0/24 (TEST-NET-1, rfc5737)
@@ -156,6 +159,7 @@ rules:
     patterns:
       - pattern: '"account_id"'
     severity: WARNING
+    fix: "consts.AccountIDSchemaKey"
   - id: use-defined-zone-id-constant-instead-of-strings
     languages:
       - go
@@ -168,4 +172,5 @@ rules:
         - 'templates/'
     patterns:
       - pattern: '"zone_id"'
+    fix: "consts.ZoneIDSchemaKey"
     severity: WARNING

docs/data-sources/infrastructure_access_targets.md

@@ -9,7 +9,20 @@ description: |-
 
 Use this data source to retrieve all Infrastructure Access Targets.
 
-
+## Example Usage
+
+```terraform
+data "cloudflare_infrastructure_access_targets" "example" {
+  account_id        = "f037e56e89293a057740de681ac9abbe"
+  hostname_contains = "example"
+  ipv4              = "198.51.100.1"
+}
+
+# output the list of targets the data source contains
+output "targets" {
+  value = data.cloudflare_infrastructure_access_targets.example.targets
+}
+```
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
@@ -20,12 +33,12 @@ Use this data source to retrieve all Infrastructure Access Targets.
 ### Optional
 
 - `created_after` (String) A date and time after a target was created to filter on.
-- `hostname` (String) The name of the app type.
-- `hostname_contains` (String) The name of the app type.
-- `ipv4` (String) The name of the app type.
-- `ipv6` (String) The name of the app type.
+- `hostname` (String) The hostname of the target.
+- `hostname_contains` (String) Partial match to the hostname of a target
+- `ipv4` (String) The target's IPv4 address.
+- `ipv6` (String) The target's IPv6 address.
 - `modified_after` (String) A date and time after a target was modified to filter on.
-- `virtual_network_id` (String) The name of the app type.
+- `virtual_network_id` (String) The private virtual network identifier for the target.
 
 ### Read-Only
 

docs/resources/access_application.md

@@ -29,9 +29,9 @@ resource "cloudflare_access_application" "staging_app" {
   type                      = "self_hosted"
   session_duration          = "24h"
   auto_redirect_to_identity = false
-  policies                  = [
-      cloudflare_access_policy.example_1.id,
-      cloudflare_access_policy.example_2.id
+  policies = [
+    cloudflare_access_policy.example_1.id,
+    cloudflare_access_policy.example_2.id
   ]
 }
 
@@ -42,9 +42,9 @@ resource "cloudflare_access_application" "staging_app" {
   domain           = "staging.example.com"
   type             = "self_hosted"
   session_duration = "24h"
-  policies         = [
-      cloudflare_access_policy.example_1.id,
-      cloudflare_access_policy.example_2.id
+  policies = [
+    cloudflare_access_policy.example_1.id,
+    cloudflare_access_policy.example_2.id
   ]
   cors_headers {
     allowed_methods   = ["GET", "POST", "OPTIONS"]
@@ -56,15 +56,15 @@ resource "cloudflare_access_application" "staging_app" {
 
 # Infrastructure application configuration
 resource "cloudflare_zero_trust_access_application" "infra-app-example" {
-  account_id = "0da42c8d2132a9ddaf714f9e7c920711"
+  account_id = "f037e56e89293a057740de681ac9abbe"
   name       = "infra-app"
   type       = "infrastructure"
-  
+
   target_criteria {
     port     = 22
     protocol = "SSH"
     target_attributes {
-      name = "hostname"
+      name   = "hostname"
       values = ["tfgo-tests-useast", "tfgo-tests-uswest"]
     }
   }
@@ -109,7 +109,7 @@ resource "cloudflare_zero_trust_access_application" "infra-app-example" {
 - `skip_app_launcher_login_page` (Boolean) Option to skip the App Launcher landing page. Defaults to `false`.
 - `skip_interstitial` (Boolean) Option to skip the authorization interstitial when using the CLI. Defaults to `false`.
 - `tags` (Set of String) The itags associated with the application.
-- `target_criteria` (Block List) A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned. (see [below for nested schema](#nestedblock--target_criteria))
+- `target_criteria` (Block List) The payload for an infrastructure application which defines the port, protocol, and target attributes. Only applicable to Infrastructure Applications, in which case this field is required. (see [below for nested schema](#nestedblock--target_criteria))
 - `type` (String) The application type. Available values: `app_launcher`, `bookmark`, `biso`, `dash_sso`, `saas`, `self_hosted`, `ssh`, `vnc`, `warp`, `infrastructure`. Defaults to `self_hosted`.
 - `zone_id` (String) The zone identifier to target for the resource. Conflicts with `account_id`.
 

docs/resources/access_policy.md

@@ -26,9 +26,9 @@ a particular resource.
 ```terraform
 # Allowing access to `test@example.com` email address only
 resource "cloudflare_access_policy" "test_policy" {
-  account_id     = "f037e56e89293a057740de681ac9abbe"
-  name           = "staging policy"
-  decision       = "allow"
+  account_id = "f037e56e89293a057740de681ac9abbe"
+  name       = "staging policy"
+  decision   = "allow"
 
   include {
     email = ["test@example.com"]
@@ -42,9 +42,9 @@ resource "cloudflare_access_policy" "test_policy" {
 # Allowing `test@example.com` to access but only when coming from a
 # specific IP.
 resource "cloudflare_access_policy" "test_policy" {
-  account_id     = "f037e56e89293a057740de681ac9abbe"
-  name           = "staging policy"
-  decision       = "allow"
+  account_id = "f037e56e89293a057740de681ac9abbe"
+  name       = "staging policy"
+  decision   = "allow"
 
   include {
     email = ["test@example.com"]
@@ -58,10 +58,10 @@ resource "cloudflare_access_policy" "test_policy" {
 # Access policy for an infrastructure application
 resource "cloudflare_access_policy" "infra-app-example-allow" {
   application_id = cloudflare_zero_trust_access_application.infra-app-example.id
-  account_id = "0da42c8d2132a9ddaf714f9e7c920711"
-  name       = "infra-app-example-allow"
-  decision   = "allow"
-  precedence = 1
+  account_id     = "f037e56e89293a057740de681ac9abbe"
+  name           = "infra-app-example-allow"
+  decision       = "allow"
+  precedence     = 1
 
   include {
     email = ["devuser@gmail.com"]
@@ -76,15 +76,15 @@ resource "cloudflare_access_policy" "infra-app-example-allow" {
 
 # Infrastructure application configuration for infra-app-example-allow
 resource "cloudflare_zero_trust_access_application" "infra-app-example" {
-  account_id = "0da42c8d2132a9ddaf714f9e7c920711"
+  account_id = "f037e56e89293a057740de681ac9abbe"
   name       = "infra-app"
   type       = "infrastructure"
-  
+
   target_criteria {
     port     = 22
     protocol = "SSH"
     target_attributes {
-      name = "hostname"
+      name   = "hostname"
       values = ["tfgo-tests-useast", "tfgo-tests-uswest"]
     }
   }
@@ -108,7 +108,7 @@ resource "cloudflare_zero_trust_access_application" "infra-app-example" {
 - `application_id` (String) The ID of the application the policy is associated with. Required when using `precedence`. **Modifying this attribute will force creation of a new resource.**
 - `approval_group` (Block List) (see [below for nested schema](#nestedblock--approval_group))
 - `approval_required` (Boolean)
-- `connection_rules` (Block List, Max: 1) The rules that define how users may connect to the targets secured by your application. (see [below for nested schema](#nestedblock--connection_rules))
+- `connection_rules` (Block List, Max: 1) The rules that define how users may connect to the targets secured by your application. Only applicable to Infrastructure Applications, in which case this field is required. (see [below for nested schema](#nestedblock--connection_rules))
 - `exclude` (Block List) A series of access conditions, see [Access Groups](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/access_group#conditions). (see [below for nested schema](#nestedblock--exclude))
 - `isolation_required` (Boolean) Require this application to be served in an isolated browser for users matching this policy.
 - `precedence` (Number) The unique precedence for policies on a single application. Required when using `application_id`.

docs/resources/healthcheck.md

@@ -16,55 +16,55 @@ without needing a Cloudflare Load Balancer.
 ```terraform
 # HTTPS Healthcheck
 resource "cloudflare_healthcheck" "http_health_check" {
-  zone_id = var.cloudflare_zone_id
-  name = "http-health-check"
+  zone_id     = var.cloudflare_zone_id
+  name        = "http-health-check"
   description = "example http health check"
-  address = "example.com"
-  suspended = false
+  address     = "example.com"
+  suspended   = false
   check_regions = [
     "WEU",
     "EEU"
   ]
-  type = "HTTPS"
-  port = 443
-  method = "GET"
-  path = "/health"
+  type          = "HTTPS"
+  port          = 443
+  method        = "GET"
+  path          = "/health"
   expected_body = "alive"
   expected_codes = [
     "2xx",
     "301"
   ]
   follow_redirects = true
-  allow_insecure = false
+  allow_insecure   = false
   header {
     header = "Host"
     values = ["example.com"]
   }
-  timeout = 10
-  retries = 2
-  interval = 60
-  consecutive_fails = 3
+  timeout               = 10
+  retries               = 2
+  interval              = 60
+  consecutive_fails     = 3
   consecutive_successes = 2
 }
 
 # TCP Healthcheck
 resource "cloudflare_healthcheck" "tcp_health_check" {
-  zone_id = var.cloudflare_zone_id
-  name = "tcp-health-check"
+  zone_id     = var.cloudflare_zone_id
+  name        = "tcp-health-check"
   description = "example tcp health check"
-  address = "example.com"
-  suspended = false
+  address     = "example.com"
+  suspended   = false
   check_regions = [
     "WEU",
     "EEU"
   ]
-  type = "TCP"
-  port = 22
-  method = "connection_established"
-  timeout = 10
-  retries = 2
-  interval = 60
-  consecutive_fails = 3
+  type                  = "TCP"
+  port                  = 22
+  method                = "connection_established"
+  timeout               = 10
+  retries               = 2
+  interval              = 60
+  consecutive_fails     = 3
   consecutive_successes = 2
 }
 ```

docs/resources/infrastructure_access_target.md

@@ -14,28 +14,28 @@ The [Infrastructure Access Target](https://developers.cloudflare.com/cloudflare-
 ```terraform
 resource "cloudflare_infrastructure_access_target" "example" {
   account_id = "f037e56e89293a057740de681ac9abbe"
-	hostname   = "example-target"
-	ip = {
-		ipv4 = {
-            ip_addr = "210.26.29.230"
-            virtual_network_id = "238dccd1-149b-463d-8228-560ab83a54fd"
-        }
-        ipv6 = {
-            ip_addr = "24c0:64e8:f0b4:8dbf:7104:72b0:ef8f:f5e0"
-            virtual_network_id = "238dccd1-149b-463d-8228-560ab83a54fd"
-        }
-	}
+  hostname   = "example-target"
+  ip = {
+    ipv4 = {
+      ip_addr            = "198.51.100.1"
+      virtual_network_id = "238dccd1-149b-463d-8228-560ab83a54fd"
+    }
+    ipv6 = {
+      ip_addr            = "2001:db8::"
+      virtual_network_id = "238dccd1-149b-463d-8228-560ab83a54fd"
+    }
+  }
 }
 
 resource "cloudflare_infrastructure_access_target" "ipv4_only_example" {
   account_id = "f037e56e89293a057740de681ac9abbe"
-	hostname   = "example-ipv4-only"
-	ip = {
-		ipv4 = {
-            ip_addr = "210.26.29.230"
-            virtual_network_id = "238dccd1-149b-463d-8228-560ab83a54fd"
-        }
-	}
+  hostname   = "example-ipv4-only"
+  ip = {
+    ipv4 = {
+      ip_addr            = "198.51.100.1"
+      virtual_network_id = "238dccd1-149b-463d-8228-560ab83a54fd"
+    }
+  }
 }
 ```
 <!-- schema generated by tfplugindocs -->

docs/resources/list.md

@@ -91,7 +91,7 @@ resource "cloudflare_list" "example" {
 
   item {
     value {
-     asn = 989
+      asn = 989
     }
     comment = "two"
   }

docs/resources/list_item.md

@@ -63,7 +63,7 @@ resource "cloudflare_list_item" "example_asn_item" {
   account_id = "f037e56e89293a057740de681ac9abbe"
   list_id    = cloudflare_list.example_asn_list.id
   comment    = "List Item Comment"
-  asn         = 6789
+  asn        = 6789
 }
 
 # Hostname List

docs/resources/observatory_scheduled_test.md

@@ -13,9 +13,9 @@ Provides a Cloudflare Observatory Scheduled Test resource.
 
 ```terraform
 resource "cloudflare_observatory_scheduled_test" "example" {
-  zone_id = "0da42c8d2132a9ddaf714f9e7c920711"
-  url = "example.com"
-  region = "us-central1"
+  zone_id   = "0da42c8d2132a9ddaf714f9e7c920711"
+  url       = "example.com"
+  region    = "us-central1"
   frequency = "WEEKLY"
 }
 ```

docs/resources/ruleset.md

@@ -300,7 +300,7 @@ resource "cloudflare_ruleset" "cache_settings_example" {
             include        = ["habc", "hdef"]
             check_presence = ["habc_t", "hdef_t"]
             exclude_origin = true
-            contains       = {
+            contains = {
               "accept"          = ["image/webp", "image/png"]
               "accept-encoding" = ["br", "zstd"]
               "some-header"     = ["some-value", "some-other-value"]
@@ -320,7 +320,7 @@ resource "cloudflare_ruleset" "cache_settings_example" {
         }
       }
       cache_reserve = {
-        eligible = true
+        eligible          = true
         minimum_file_size = 100000
       }
       origin_error_page_passthru = false

docs/resources/teams_account.md

@@ -46,10 +46,10 @@ resource "cloudflare_teams_account" "example" {
   }
 
   proxy {
-    tcp        = true
-    udp        = true
-    root_ca    = true
-    virtual_ip = false
+    tcp              = true
+    udp              = true
+    root_ca          = true
+    virtual_ip       = false
     disable_for_time = 3600
   }
 

docs/resources/tunnel_virtual_network.md

@@ -20,8 +20,8 @@ private IPs in your origins.
 ```terraform
 resource "cloudflare_tunnel_virtual_network" "example" {
   account_id = "f037e56e89293a057740de681ac9abbe"
-  name = "vnet-for-documentation"
-  comment = "New tunnel virtual network for documentation"
+  name       = "vnet-for-documentation"
+  comment    = "New tunnel virtual network for documentation"
 }
 ```
 <!-- schema generated by tfplugindocs -->

docs/resources/waiting_room.md

@@ -31,7 +31,7 @@ resource "cloudflare_waiting_room" "example" {
     host = "shop2.example.com"
   }
 
-  queueing_status_code  = 200
+  queueing_status_code = 200
 
   enabled_origin_commands = ["revoke"]
 }