Skip to content

Commit

Permalink
Merge pull request #3917 from jlu-cloudflare/add-custom-s2s-support
Browse files Browse the repository at this point in the history
add support for custom_s2s posture integration, rule, and documentation
  • Loading branch information
jacobbednarz authored Sep 25, 2024
2 parents 05f6c6a + 34cf69d commit 830db32
Show file tree
Hide file tree
Showing 10 changed files with 38 additions and 7 deletions.
7 changes: 7 additions & 0 deletions .changelog/3917.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
```release-note:enhancement
resource/cloudflare_device_posture_integration: add support for managing `custom_s2s` third party posture provider.
```

```release-note:enhancement
resource/cloudflare_device_posture_rule: add ability to create custom_s2s posture rule
```
2 changes: 1 addition & 1 deletion docs/data-sources/device_posture_rules.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ data "cloudflare_device_posture_rules" "example" {
### Optional

- `name` (String) Name of the Device Posture Rule.
- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`.
- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`, `custom_s2s`.

### Read-Only

Expand Down
2 changes: 1 addition & 1 deletion docs/resources/device_posture_integration.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ resource "cloudflare_device_posture_integration" "example" {

- `account_id` (String) The account identifier to target for the resource.
- `name` (String) Name of the device posture integration.
- `type` (String) The device posture integration type. Available values: `workspace_one`, `uptycs`, `crowdstrike_s2s`, `intune`, `kolide`, `sentinelone_s2s`, `tanium_s2s`.
- `type` (String) The device posture integration type. Available values: `workspace_one`, `uptycs`, `crowdstrike_s2s`, `intune`, `kolide`, `sentinelone_s2s`, `tanium_s2s`, `custom_s2s`.

### Optional

Expand Down
3 changes: 2 additions & 1 deletion docs/resources/device_posture_rule.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ resource "cloudflare_device_posture_rule" "eaxmple" {
### Required

- `account_id` (String) The account identifier to target for the resource.
- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`.
- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`, `custom_s2s`.

### Optional

Expand Down Expand Up @@ -90,6 +90,7 @@ Optional:
- `require_all` (Boolean) True if all drives must be encrypted.
- `risk_level` (String) The risk level from Tanium. Available values: `low`, `medium`, `high`, `critical`.
- `running` (Boolean) Checks if the application should be running.
- `score` (Number) A value between 0-100 assigned to devices set by the 3rd party posture provider for custom device posture integrations.
- `sensor_config` (String) Sensor signal score from Crowdstrike. Value must be between 1 and 100.
- `sha256` (String) The sha256 hash of the file.
- `state` (String) The host’s current online status from Crowdstrike. Available values: `online`, `offline`, `unknown`.
Expand Down
2 changes: 1 addition & 1 deletion docs/resources/zero_trust_device_posture_integration.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ resource "cloudflare_zero_trust_device_posture_integration" "example" {

- `account_id` (String) The account identifier to target for the resource.
- `name` (String) Name of the device posture integration.
- `type` (String) The device posture integration type. Available values: `workspace_one`, `uptycs`, `crowdstrike_s2s`, `intune`, `kolide`, `sentinelone_s2s`, `tanium_s2s`.
- `type` (String) The device posture integration type. Available values: `workspace_one`, `uptycs`, `crowdstrike_s2s`, `intune`, `kolide`, `sentinelone_s2s`, `tanium_s2s`, `custom_s2s`.

### Optional

Expand Down
3 changes: 2 additions & 1 deletion docs/resources/zero_trust_device_posture_rule.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ resource "cloudflare_zero_trust_device_posture_rule" "eaxmple" {
### Required

- `account_id` (String) The account identifier to target for the resource.
- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`.
- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`, `custom_s2s`.

### Optional

Expand Down Expand Up @@ -90,6 +90,7 @@ Optional:
- `require_all` (Boolean) True if all drives must be encrypted.
- `risk_level` (String) The risk level from Tanium. Available values: `low`, `medium`, `high`, `critical`.
- `running` (Boolean) Checks if the application should be running.
- `score` (Number) A value between 0-100 assigned to devices set by the 3rd party posture provider for custom device posture integrations.
- `sensor_config` (String) Sensor signal score from Crowdstrike. Value must be between 1 and 100.
- `sha256` (String) The sha256 hash of the file.
- `state` (String) The host’s current online status from Crowdstrike. Available values: `online`, `offline`, `unknown`.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ const (
kolide = "kolide"
sentinelone = "sentinelone_s2s"
tanium = "tanium_s2s"
customs2s = "custom_s2s"
)

func resourceCloudflareDevicePostureIntegration() *schema.Resource {
Expand Down Expand Up @@ -273,6 +274,18 @@ func setDevicePostureIntegrationConfig(integration *cloudflare.DevicePostureInte
return fmt.Errorf("access_client_secret has to be of type string")
}
integration.Config = config
case customs2s:
if config.ApiUrl, ok = d.Get("config.0.api_url").(string); !ok {
return fmt.Errorf("api_url has to be of type string")
}
if config.AccessClientID, ok = d.Get("config.0.access_client_id").(string); !ok {
return fmt.Errorf("access_client_id has to be of type string")
}
if config.AccessClientSecret, ok = d.Get("config.0.access_client_secret").(string); !ok {
return fmt.Errorf("access_client_secret has to be of type string")
}
integration.Config = config

default:
return fmt.Errorf("unsupported integration type:%s", integration.Type)
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -293,6 +293,9 @@ func setDevicePostureRuleInput(rule *cloudflare.DevicePostureRule, d *schema.Res
if locations, ok := d.GetOk("input.0.locations"); ok {
input.Locations = locations.(cloudflare.CertificateLocations)
}
if score, ok := d.GetOk("input.0.score"); ok {
input.Score = score.(int)
}
rule.Input = input
}
}
Expand Down Expand Up @@ -380,6 +383,7 @@ func convertInputToSchema(input cloudflare.DevicePostureRuleInput) []map[string]
"check_private_key": input.CheckPrivateKey,
"extended_key_usage": input.ExtendedKeyUsage,
"locations": formatLocationsToSchema,
"score": input.Score,
}

return []map[string]interface{}{m}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ func resourceCloudflareDevicePostureIntegrationSchema() map[string]*schema.Schem
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice([]string{ws1, uptycs, crowdstrike, intune, kolide, sentinelone}, false),
Description: fmt.Sprintf("The device posture integration type. %s", renderAvailableDocumentationValuesStringSlice([]string{ws1, uptycs, crowdstrike, intune, kolide, sentinelone, tanium})),
Description: fmt.Sprintf("The device posture integration type. %s", renderAvailableDocumentationValuesStringSlice([]string{ws1, uptycs, crowdstrike, intune, kolide, sentinelone, tanium, customs2s})),
},
"identifier": {
Type: schema.TypeString,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
"github.com/cloudflare/terraform-provider-cloudflare/internal/consts"
)

var devicePostureRuleTypes = []string{"serial_number", "file", "application", "gateway", "warp", "domain_joined", "os_version", "disk_encryption", "firewall", "client_certificate", "client_certificate_v2", "workspace_one", "unique_client_id", "crowdstrike_s2s", "sentinelone", "kolide", "tanium_s2s", "intune", "sentinelone_s2s"}
var devicePostureRuleTypes = []string{"serial_number", "file", "application", "gateway", "warp", "domain_joined", "os_version", "disk_encryption", "firewall", "client_certificate", "client_certificate_v2", "workspace_one", "unique_client_id", "crowdstrike_s2s", "sentinelone", "kolide", "tanium_s2s", "intune", "sentinelone_s2s", "custom_s2s"}

func resourceCloudflareDevicePostureRuleSchema() map[string]*schema.Schema {
return map[string]*schema.Schema{
Expand Down Expand Up @@ -289,6 +289,11 @@ func resourceCloudflareDevicePostureRuleSchema() map[string]*schema.Schema {
Optional: true,
Description: "List of operating system locations to check for a client certificate..",
},
"score": {
Type: schema.TypeInt,
Optional: true,
Description: "A value between 0-100 assigned to devices set by the 3rd party posture provider for custom device posture integrations.",
},
},
},
},
Expand Down

0 comments on commit 830db32

Please sign in to comment.