Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AUTH-6588 Support Access apps destinations field #4661

Merged
merged 2 commits into from
Dec 4, 2024

Conversation

veggiedefender
Copy link

@veggiedefender veggiedefender commented Nov 25, 2024

Adds support for the Access app destinations field, but still keeps the deprecated self_hosted_domains field around for backwards compatibility. Since cloudflare-go now only supports the new field, everything is implemented in terms of destinations under the hood.

return oldValue == newValue
},
},
"destinations": {
Copy link
Author

@veggiedefender veggiedefender Nov 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be named destination (singular instead of plural) instead? It'll be used like this:

destinations {
  uri = "example.com"
}
destinations {
  uri = "foo.example.com"
}
destinations {
  type = "private"
  uri = "10.116.0.4"
}

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I saw the Attributes as Blocks page but it's kind of confusing to me.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

destinations makes sense. in v5, this makes a lot more sense as a collection of objects - https://github.com/cloudflare/terraform-provider-cloudflare/blob/next/internal/services/zero_trust_access_application/schema.go#L225-L244

Copy link
Contributor

This project handles dependency version bumps (including upstream changes from cloudflare-go) independently of the standard PR process using automation. This allows the dependency upgrades to land without causing merge conflicts in multiple branches and handled in a consistent way. The exception to this is security related dependency upgrades but they should be co-ordinated with the maintainer team privately.

Please remove the changes to the go.mod or go.sum files from this PR in order to proceed with review and merging.

Copy link
Contributor

changelog detected ✅

@veggiedefender veggiedefender force-pushed the jesse/destinations branch 3 times, most recently from 69985d4 to a1e55e5 Compare November 25, 2024 18:42
},
"destinations": {
Type: schema.TypeList,
Optional: true,
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be Computed as well? It's unclear what that actually does 🧐

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like it probably shouldn't be computed then, thanks!

go.mod Outdated
@@ -4,7 +4,7 @@ go 1.23.3

require (
github.com/agext/levenshtein v1.2.3 // indirect
github.com/cloudflare/cloudflare-go v0.110.0
github.com/cloudflare/cloudflare-go v0.110.1-0.20241125012349-7c091bc8c0dd
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should remove this and just shim it in locally.

@@ -110,4 +110,10 @@ const (

// Schema description for all ID fields.
IDSchemaDescription = "The identifier of this resource."

// Schema key for access app destination.
DestinationsSchemaKey = "destinations"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we only use this in one place -- perhaps it's fine just as a string?

@jacobbednarz
Copy link
Member

we've got some failing tests but they are also happening on master too so i suspect something else is off there.

TF_ACC=1 go test ./internal/sdkv2provider -v -run "^TestAccCloudflareAccessApplication_WithSCIMConfigOAuthBearerToken" -count 1 -timeout 120m -parallel 1
=== RUN   TestAccCloudflareAccessApplication_WithSCIMConfigOAuthBearerToken
    resource_cloudflare_access_application_test.go:281: Step 1/1 error: After applying this test step, the non-refresh plan was not empty.
        stdout:
        
        
        Terraform used the selected providers to generate the following execution
        plan. Resource actions are indicated with the following symbols:
          ~ update in-place
        
        Terraform will perform the following actions:
        
          # cloudflare_zero_trust_access_identity_provider.ixngfmfbhl will be updated in-place
          ~ resource "cloudflare_zero_trust_access_identity_provider" "ixngfmfbhl" {
                id         = "9acedaaf-2ccf-4188-8ddd-a6e95eb97327"
                name       = "ixngfmfbhl"
                # (2 unchanged attributes hidden)
        
              ~ scim_config {
                  - identity_update_behavior = "reauth" -> null
                    # (5 unchanged attributes hidden)
                }
        
                # (1 unchanged block hidden)
            }
        
        Plan: 0 to add, 1 to change, 0 to destroy.
--- FAIL: TestAccCloudflareAccessApplication_WithSCIMConfigOAuthBearerToken (3.66s)
FAIL
FAIL	github.com/cloudflare/terraform-provider-cloudflare/internal/sdkv2provider	4.850s
FAIL
make: *** [testacc] Error 1

…or nil)

in order for the association to be destroyed. Setting this to false keeps the
association in a disabled state instead of destroying the resource.

Documentation on this API endpoint can be found here:

https://developers.cloudflare.com/api/operations/per-hostname-authenticated-origin-pull-enable-or-disable-a-hostname-for-client-authentication

Referencing issue raised on provider:

cloudflare#4648
@veggiedefender
Copy link
Author

cherry-picked the commit from #4649 so that this compiles

@jacobbednarz
Copy link
Member

acceptance tests all passing

TF_ACC=1 go test ./internal/sdkv2provider -v -run "^TestAccCloudflareAccessApplication_" -count 1 -timeout 120m -parallel 1
=== RUN   TestAccCloudflareAccessApplication_BasicZone
--- PASS: TestAccCloudflareAccessApplication_BasicZone (7.86s)
=== RUN   TestAccCloudflareAccessApplication_BasicAccount
--- PASS: TestAccCloudflareAccessApplication_BasicAccount (2.73s)
=== RUN   TestAccCloudflareAccessApplication_WithSCIMConfigHttpBasic
--- PASS: TestAccCloudflareAccessApplication_WithSCIMConfigHttpBasic (4.42s)
=== RUN   TestAccCloudflareAccessApplication_UpdateSCIMConfig
--- PASS: TestAccCloudflareAccessApplication_UpdateSCIMConfig (9.59s)
=== RUN   TestAccCloudflareAccessApplication_WithSCIMConfigInvalidMappingSchema
--- PASS: TestAccCloudflareAccessApplication_WithSCIMConfigInvalidMappingSchema (1.36s)
=== RUN   TestAccCloudflareAccessApplication_WithSCIMConfigHttpBasicMissingRequired
--- PASS: TestAccCloudflareAccessApplication_WithSCIMConfigHttpBasicMissingRequired (1.39s)
=== RUN   TestAccCloudflareAccessApplication_WithSCIMConfigOAuthBearerToken
--- PASS: TestAccCloudflareAccessApplication_WithSCIMConfigOAuthBearerToken (6.38s)
=== RUN   TestAccCloudflareAccessApplication_WithSCIMConfigOAuth2
--- PASS: TestAccCloudflareAccessApplication_WithSCIMConfigOAuth2 (4.28s)
=== RUN   TestAccCloudflareAccessApplication_WithSCIMConfigOAuth2MissingRequired
--- PASS: TestAccCloudflareAccessApplication_WithSCIMConfigOAuth2MissingRequired (1.42s)
=== RUN   TestAccCloudflareAccessApplication_WithSCIMConfigAuthenticationInvalid
--- PASS: TestAccCloudflareAccessApplication_WithSCIMConfigAuthenticationInvalid (1.35s)
=== RUN   TestAccCloudflareAccessApplication_WithCORS
--- PASS: TestAccCloudflareAccessApplication_WithCORS (2.82s)
=== RUN   TestAccCloudflareAccessApplication_WithSAMLSaas
--- PASS: TestAccCloudflareAccessApplication_WithSAMLSaas (7.89s)
=== RUN   TestAccCloudflareAccessApplication_WithSAMLSaas_Import
=== PAUSE TestAccCloudflareAccessApplication_WithSAMLSaas_Import
=== RUN   TestAccCloudflareAccessApplication_WithOIDCSaas
--- PASS: TestAccCloudflareAccessApplication_WithOIDCSaas (2.87s)
=== RUN   TestAccCloudflareAccessApplication_WithOIDCSaas_Import
=== PAUSE TestAccCloudflareAccessApplication_WithOIDCSaas_Import
=== RUN   TestAccCloudflareAccessApplication_WithAutoRedirectToIdentity
--- PASS: TestAccCloudflareAccessApplication_WithAutoRedirectToIdentity (4.15s)
=== RUN   TestAccCloudflareAccessApplication_WithEnableBindingCookie
--- PASS: TestAccCloudflareAccessApplication_WithEnableBindingCookie (2.75s)
=== RUN   TestAccCloudflareAccessApplication_WithCustomDenyFields
--- PASS: TestAccCloudflareAccessApplication_WithCustomDenyFields (2.87s)
=== RUN   TestAccCloudflareAccessApplication_WithADefinedIdps
--- PASS: TestAccCloudflareAccessApplication_WithADefinedIdps (3.94s)
=== RUN   TestAccCloudflareAccessApplication_WithMultipleIdpsReordered
--- PASS: TestAccCloudflareAccessApplication_WithMultipleIdpsReordered (8.33s)
=== RUN   TestAccCloudflareAccessApplication_WithHttpOnlyCookieAttribute
--- PASS: TestAccCloudflareAccessApplication_WithHttpOnlyCookieAttribute (2.85s)
=== RUN   TestAccCloudflareAccessApplication_WithHTTPOnlyCookieAttributeSetToFalse
--- PASS: TestAccCloudflareAccessApplication_WithHTTPOnlyCookieAttributeSetToFalse (3.43s)
=== RUN   TestAccCloudflareAccessApplication_WithSameSiteCookieAttribute
--- PASS: TestAccCloudflareAccessApplication_WithSameSiteCookieAttribute (2.82s)
=== RUN   TestAccCloudflareAccessApplication_WithLogoURL
--- PASS: TestAccCloudflareAccessApplication_WithLogoURL (2.83s)
=== RUN   TestAccCloudflareAccessApplication_WithSkipInterstitial
--- PASS: TestAccCloudflareAccessApplication_WithSkipInterstitial (3.43s)
=== RUN   TestAccCloudflareAccessApplication_WithAppLauncherVisible
--- PASS: TestAccCloudflareAccessApplication_WithAppLauncherVisible (2.74s)
=== RUN   TestAccCloudflareAccessApplication_WithTargetContexts
--- PASS: TestAccCloudflareAccessApplication_WithTargetContexts (7.59s)
=== RUN   TestAccCloudflareAccessApplication_WithDestinations
--- PASS: TestAccCloudflareAccessApplication_WithDestinations (7.01s)
=== RUN   TestAccCloudflareAccessApplication_WithSelfHostedDomains
--- PASS: TestAccCloudflareAccessApplication_WithSelfHostedDomains (4.86s)
=== RUN   TestAccCloudflareAccessApplication_WithDefinedTags
--- PASS: TestAccCloudflareAccessApplication_WithDefinedTags (4.01s)
=== RUN   TestAccCloudflareAccessApplication_WithReusablePolicies
--- PASS: TestAccCloudflareAccessApplication_WithReusablePolicies (5.00s)
=== RUN   TestAccCloudflareAccessApplication_WithAppLauncherCustomization
--- PASS: TestAccCloudflareAccessApplication_WithAppLauncherCustomization (2.65s)
=== RUN   TestAccCloudflareAccessApplication_AuthTypeForcesNewResource
--- PASS: TestAccCloudflareAccessApplication_AuthTypeForcesNewResource (10.63s)
=== CONT  TestAccCloudflareAccessApplication_WithSAMLSaas_Import
--- PASS: TestAccCloudflareAccessApplication_WithSAMLSaas_Import (3.78s)
=== CONT  TestAccCloudflareAccessApplication_WithOIDCSaas_Import
--- PASS: TestAccCloudflareAccessApplication_WithOIDCSaas_Import (3.70s)
PASS
ok  	github.com/cloudflare/terraform-provider-cloudflare/internal/sdkv2provider	144.993s

@jacobbednarz jacobbednarz merged commit 6576989 into cloudflare:master Dec 4, 2024
7 checks passed
@github-actions github-actions bot added this to the v4.48.0 milestone Dec 4, 2024
Copy link
Contributor

This functionality has been released in v4.48.0 of the Terraform Cloudflare Provider.

Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 11, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants