mirror of
https://github.com/cloudflare/terraform-provider-cloudflare.git
synced 2026-01-16 23:00:33 +00:00
9cc9eeeb56
* chore(workers): integrate generated changes for Workers resources The following resources are modified by these generated changes: - workers_cron_trigger - workers_custom_domain - workers_deployment - workers_for_platforms_dispatch_namespace - workers_kv - workers_kv_namespace - workers_route - workers_script * chore(load_balancing): integrate generated changes for Load Balancing resources The following resources are modified by these generated changes: - healthcheck - load_balancer - load_balancer_monitor - load_balancer_pool * chore(iam): integrate generated changes for IAM resources The following resources are modified by these generated changes: - account - account_member - account_token - api_token - token_validation_config (added) - token_validation_rules (added) * chore(zero_trust, cfone): integrate generated changes for ZT and CFONE resources The following resources are modified by these generated changes: - cloudforce_one_request - cloudforce_one_request_asset - cloudforce_one_request_message - cloudforce_one_request_priority - zero_trust_access_custom_page - zero_trust_access_group - zero_trust_access_identity_provider - zero_trust_access_infrastructure_target - zero_trust_access_key_configuration - zero_trust_access_mtls_certificate - zero_trust_access_policy - zero_trust_access_service_token - zero_trust_access_short_lived_certificate - zero_trust_access_tag - zero_trust_device_custom_profile - zero_trust_device_custom_profile_local_domain_fallback - zero_trust_device_default_profile - zero_trust_device_default_profile_local_domain_fallback - zero_trust_device_managed_networks - zero_trust_device_posture_integration - zero_trust_device_posture_rule - zero_trust_dex_test - zero_trust_dlp_custom_entry - zero_trust_dlp_custom_profile - zero_trust_dlp_entry - zero_trust_dlp_integration_entry - zero_trust_dlp_predefined_entry - zero_trust_dlp_predefined_profile - zero_trust_dns_location - zero_trust_gateway_certificate - zero_trust_gateway_policy - zero_trust_gateway_proxy_endpoint - zero_trust_gateway_settings - zero_trust_list - zero_trust_network_hostname_route - zero_trust_risk_scoring_integration - zero_trust_tunnel_cloudflared - zero_trust_tunnel_cloudflared_config - zero_trust_tunnel_cloudflared_route - zero_trust_tunnel_cloudflared_virtual_network - zero_trust_tunnel_warp_connector - zero_trust_access_ai_controls_mcp_portal (added) - zero_trust_access_ai_controls_mcp_server (added) * chore(d1): integrate generated changes for D1 resources * chore(byoip): integrate generated changes for BYOIP resources * chore(logpush): integrate generated changes for Logpush resources * chore(pages): integrate generated changes for Pages resources * chore(worker): integrate generated changes for Worker resources * chore(stainless): integrate changes from unpinned codegen version * feat: add new resources and data sources * chore: include new sections for pr template (#6395) * feat(magic_transit_connector): support self-serve license key (#6398) Co-authored-by: yihuaf <yihuaf@cloudflare.com> * ci(test): integrate migrator v2 (#6396) * ci: build migrator v2 in ci * chore: uptake migrator v2 for dns_record * chore(certificate_pack): docs show safe rotation instructions (#6388) * chore(test): increase legacy migrator test coverage (#6401) * fix(zero_trust_dex_test): correct configurability for 'targeted' attribute to fix drift * chore(test): acceptance tests for token validation resources (#6417) This adds acceptance test for token validation resources: ``` $ TF_ACC=1 go test ./internal/services/token_validation_* -run "^TestAccCloudflareTokenValidationConfig|TestAccCloudflareTokenValidationRules" -v -count 1 === RUN TestAccCloudflareTokenValidationConfig --- PASS: TestAccCloudflareTokenValidationConfig (42.65s) PASS ok github.com/cloudflare/terraform-provider-cloudflare/internal/services/token_validation_config 46.029s === RUN TestAccCloudflareTokenValidationRules --- PASS: TestAccCloudflareTokenValidationRules (21.90s) PASS ok github.com/cloudflare/terraform-provider-cloudflare/internal/services/token_validation_rules 23.824s ``` * chore(zones): data source tests (#6414) * chore(test): add schema and token validation acceptance tests to CI (#6421) This change adds the token validation and schema validation acceptance tests to CI runner. Acceptance test zone `terraform.cfapi.net` seems to already be entitled to utilize both services. It also ensures that the schema validation tests can be executed in parallel without interferring with each other: ``` $ TF_ACC=1 go test ./internal/services/token_validation_* ./internal/services/schema_validation_* -run "^TestAccCloudflareTokenValidationConfig|TestAccCloudflareTokenValidationRules|TestAccCloudflarePerOperationSetting|TestAccCloudflareSchemaValidationSchemas|TestAccCloudflareSchemaValidationZoneSettings" -v -count 1 === RUN TestAccCloudflareTokenValidationConfig --- PASS: TestAccCloudflareTokenValidationConfig (36.15s) PASS ok github.com/cloudflare/terraform-provider-cloudflare/internal/services/token_validation_config 37.827s === RUN TestAccCloudflareTokenValidationRules --- PASS: TestAccCloudflareTokenValidationRules (26.03s) PASS ok github.com/cloudflare/terraform-provider-cloudflare/internal/services/token_validation_rules 28.480s === RUN TestAccCloudflarePerOperationSetting --- PASS: TestAccCloudflarePerOperationSetting (15.87s) PASS ok github.com/cloudflare/terraform-provider-cloudflare/internal/services/schema_validation_operation_settings 21.278s === RUN TestAccCloudflareSchemaValidationSchemas --- PASS: TestAccCloudflareSchemaValidationSchemas (13.31s) PASS ok github.com/cloudflare/terraform-provider-cloudflare/internal/services/schema_validation_schemas 16.719s === RUN TestAccCloudflareSchemaValidationZoneSettings --- PASS: TestAccCloudflareSchemaValidationZoneSettings (18.18s) PASS ok github.com/cloudflare/terraform-provider-cloudflare/internal/services/schema_validation_settings 22.567s ``` * Add mcp portals acctests (#6411) * Add mcp portals acceptance tests * Fix mcp portals acceptance tests * Fix mcp portals acceptance tests * chore(zero_trust_access_service_token): add migration test for zero_trust_access_service_token (#6416) Co-authored-by: cortlyons <cortlyons@cloudflare.com> * chore(ci): skip flaky test in CI * chore(sso_connector): add acceptance tests (#6427) * Add acceptance tests for sso connector resource * Removing test staging option * Create ZT IDP before attempting SSO connector operations --------- Co-authored-by: scabell <scabell@cloudflare.com> * chore(email_routing): improved email routing sweepers (#6429) * chore(dns_record): improve dns sweepers (#6430) * chore(workers_kv_namespace): v4 to v5 migration tests for workers_kv_namespace (#6424) * chore(zero_trust_gateway_policy): v4 to v5 migration for zero_trust_gateway_policy (#6413) * chore(zero_trust_list): v4 to v5 migration tests for zero trust list records (#6400) * chore(account_member): add migration test (#6425) * Add migration test for account_member * chore(logpull_retention): add migration test for (#6426) * add migration tests for logpull_retention * chore(cloudflare_zero_trust_dlp_custom_profile): migration test and ignore order as set (#6428) * fix(workers_script_subdomain): add note to cloudflare_workers_script_subdomain about redundancy with cloudflare_worker (#6383) People using cloudflare_worker should not use cloudflare_workers_script_subdomain since cloudflare_worker already includes subdomain settings. * chore(logpush_job): add import tests for resource (#6402) * DS-15398: Add import tests for cloudflare_logpush_jobs resource This adds import tests for `cloudflare_logpush_jobs` resource, per https://wiki.cfdata.org/display/API/Terraform+Acceptance+Tests * DS-15398: Change LogpushJobModel optional,no_refresh to computed_optional,decode_null_to_zero (except OwnershipChallenge) This changes `LogpushJobModel` `optional,no_refresh` to `computed_optional,decode_null_to_zero` (except `OwnershipChallenge`). - Changed `apijson` to `apijsoncustom` in `model.go` and `resource.go`. This is based on similar fixes done for https://github.com/cloudflare/terraform-provider-cloudflare/pull/5909 * chore(logpull_retention): update acceptance test (#6277) This updates `logpull_retention` test: 1. Add import test. 2. Switch to Plan and State Checks from legacy Checks. Test passes locally: ``` go test ./internal/services/logpull_retention -run "^TestAccLogpullRetention" -v -count 1 === RUN TestAccLogpullRetention_Basic --- PASS: TestAccLogpullRetention_Basic (10.48s) PASS ok github.com/cloudflare/terraform-provider-cloudflare/internal/services/logpull_retention 10.487s ``` * chore(zone_dnssec): v4 to v5 migration tests for zone_dnssec (#6432) TF_ACC=1 TF_MIGRATE_BINARY_PATH=~/cf-repos/terraform-devstack/tf-migrate/tf-migrate go test -v -run "TestMigrate" ./internal/services/zone_dnssec === RUN TestMigrateZoneDNSSECBasic --- PASS: TestMigrateZoneDNSSECBasic (15.62s) === RUN TestMigrateZoneDNSSECWithModifiedOn --- PASS: TestMigrateZoneDNSSECWithModifiedOn (20.48s) === RUN TestMigrateZoneDNSSECStatusActive --- PASS: TestMigrateZoneDNSSECStatusActive (14.33s) PASS ok github.com/cloudflare/terraform-provider-cloudflare/internal/services/zone_dnssec 51.780s * chore(workers_kv): v4 to v5 migration tests for workers_kv (#6435) * chore(r2_bucket): v4 to v5 migration tests for cloudflare_r2_bucket (#6437) * chore(notification_policy_webhook): add migration test for notification-policy-webhook (#6443) * chore(zero_trust_tunnel_cloudflared_route): v4 to v5 migration tests for zero_trust_tunnel_cloudflared_route (#6409) * chore(docs): document configurations and examples (#6449) * feat(zero_trust_access_application): add proxy_endpoint for ZT Access Application (#6453) Adds a new app type for the session duration compatible app types for the zero type access application resource. The newly supported type is proxy_endpoint. * chore(universal_ssl_setting): add acceptance tests for universal_ssl_setting - Add TestAccCloudflareUniversalSSLSetting_Basic with create, update, and import steps - Validates resource adoption with enabled = true - Validates update to enabled = false - Validates terraform import functionality with ImportStateVerify - Add testdata template for universal SSL setting configuration * feat(zero_trust_dlp_predefined_profile): Switch DLP Predefined Profile endpoints, introduce enabled_entries attribute The new endpoints contain a new field `enabled_entries` which will be the preferred way to manage entries within a predefined profile. The existing `entries` field will be supported but now be computed optional * feat(zero_trust_tunnel_cloudflared): v4 to v5 migration tests (#6461) * provider migration test for zero-trust-device-posture-rule Co-authored-by: cortlyons <cortlyons@cloudflare.com> * Deprecate API Shield Schema Validation resources (#6446) This change reflects the deprecation of the API Shield schema validation APIs to terraform. The deprecation notice for each of them mentions the replacements. * fix(pages_project): unintended resource state drift (#6377) * fix(cloudflare_worker+cloudflare_worker_version): import for the resources (#6357) * fix: cloudflare_worker resource can be cleanly imported - Add plan modifiers for created_on and updated_on to prevent these properties from incorrectly appearing in the diff - Fill in all default values to prevent user-configurable properties from being marked as unknown - These were causing an unnecessary update to be performed on import * fix: cloudflare_worker_version resource can be cleanly imported - Allow in-place updates to write provider-only attributes (module content_file) to state - This allows the resource to be imported without recreation * fix(workers_script): allow config.run_worker_first to accept list input - This property can either be a boolean or list of strings, the API accepts both - Update resource to accept list of strings in addition to boolean values * feat(worker_version): boolean support for run_worker_first (#6407) * chore: add support for boolean run_worker_first * chore: adding upgrade test --------- Co-authored-by: Chris Thorwarth <cthorwarth@cloudflare.com> * feat(worker_version): add content_base64 support * fix(pages_domain): resource tests (#6338) * chore(api): update composite API spec --------- Co-authored-by: stainless-app[bot] <142633134+stainless-app[bot]@users.noreply.github.com> Co-authored-by: Chris Thorwarth <cthorwarth@cloudflare.com> * fix(workers_kv): updating workers metadata attribute to be read from endpoint (#6386) Co-authored-by: Chris Thorwarth <cthorwarth@cloudflare.com> * feat(workers_script_subdomains): add import support (#6375) Co-authored-by: Chris Thorwarth <cthorwarth@cloudflare.com> * fix(workers_kv): multipart request (#6367) * chore(api): update composite API spec * fix: multipart request in cloudflare_workers_kv --------- Co-authored-by: stainless-app[bot] <142633134+stainless-app[bot]@users.noreply.github.com> Co-authored-by: Chris Thorwarth <cthorwarth@cloudflare.com> * fix(zero_trust_tunnel_cloudflared_config): remove warp_routing from cloudflared_config (#6471) Co-authored-by: João "Pisco" Fernandes <joaocarlos@cloudflare.com> * chore(workers_script): add workers scripts sweeper (#6351) * chore(api): update composite API spec * chore: adding sweeper * chore: adding sweeper for workers --------- Co-authored-by: stainless-app[bot] <142633134+stainless-app[bot]@users.noreply.github.com> Co-authored-by: Chris Thorwarth <cthorwarth@cloudflare.com> * fix(dns_record): inconsistent apply error (#6452) * chore(dns_record): rename testdata * chore(dns_record): update test data refs * fix(dns_record): method to compare two dns records are equal * fix(dns_record): inconsistent apply * fix(account_token)!: token policy order and nested resources (#6440) * removing computed fields to fix policy order * using jsonencode for resources * feat(api_token+account_tokens): state upgrader and schema bump (#6472) * feat(api_token): api token migrator - state upgrader for api tokens - migration test - bumps schema version to 1 * feat(account_token): account token migrator - state upgrader for account tokens - migration test - bumps schema version to 1 * chore(zt_access): add sweepers for policy and service token (#6465) * fix(zero_trust_device_custom_profile): resolve drift issues (#6364) Adds UseStateForUnknown plan modifier for some computed attributes Co-authored-by: Tyler Stanish <tstanish@cloudflare.com> * fix: allow r2_bucket_event_notification to be applied twice without failing (#6419) * chore(zone_settings): acceptance test to repro issue #6363 (#6445) * fix(zero_trust_device_custom_profile_local_domain_fallback): drift issues (#6365) When domains are not specified in alphabetical order, the plan shows changes after refreshing from the API. This is because the API returns them in alphabetical order. To resolve, this change switches the zero_trust_device_custom_profile_local_domain_fallback attribute from a list to set. Co-authored-by: Tyler Stanish <tstanish@cloudflare.com> * TUN-9846: Fix cloudflare_zero_trust_tunnel_warp_connector_token datasource * chore(workers_script): fix resource names in tests * chore(workers_script): fix resource name in TestAccCloudflareWorkerScript_ModuleWithDurableObject * fix(queue_consumer): id population (#6181) * resolves #5652 * Unifying queue consumer script and script_name in terraform state * Populate queue consumer info in queue resource * Modify mtls resource and mtls, org, and app tests * feat(api): api update * fixing bad merge * Marking consumer_id as computed because it is generated from the create consumer response * Adding tests for queue_consumer * Refactoring tests to have test configs in files * Adding more tests for different config cases * Updating queue consumer tests --------- Co-authored-by: Alex Holland <aholland@cloudflare.com> Co-authored-by: stainless-app[bot] <142633134+stainless-app[bot]@users.noreply.github.com> * feat: chore(build): point Terraform to released Go v6.3.0 * chore(build): point Terraform to released Go v6.3.0 * feat(docs): make docs explicit when a resource does not have import support * chore(docs): generate docs and examples * chore(queue_consumer): testdata refactor * chore(ci): clean up leftover files in resources (#6474) * chore(zero_trust_connectivity_directory_service): cleanup leftovers * chore(zero_trust_access_policy): cleanup duplicate test main * chore(ci): fixes for parity tests and build failures (#6475) * chore(api_token): skip migration tests if tf_acc is not set * chore(list): fix schema parity tests * chore(email_routing_catch_all): fix build error * fix(zero_trust_gateway_policy): schema parity tests * chore(ci): drop migration tests from CI (#6476) * chore(ci): fix tests ran on release PR (#6478) * chore(ci): modify sweepers (#6479) * chore(organizations): sweeper * chore(zero_trust_tunnel_cloudflared): comment out sweeper, infinite loop? * chore(zero_trust_tunnel_cloudflared_virtual_network): dont swallow error * release: 5.13.0 --------- Co-authored-by: Musa Jundi <musa@cloudflare.com> Co-authored-by: Vaishak Dinesh <vaishakpdinesh@gmail.com> Co-authored-by: Eric Fang <github@accounts.unkies.org> Co-authored-by: yihuaf <yihuaf@cloudflare.com> Co-authored-by: Tamás Józsa <tamas@cloudflare.com> Co-authored-by: Andrew Mitchell <32021055+mitch292@users.noreply.github.com> Co-authored-by: Jan <1324490+janrueth@users.noreply.github.com> Co-authored-by: Gabriel Massadas <5445926+G4brym@users.noreply.github.com> Co-authored-by: Edward Cort Lyons <Lyons.Cort@gmail.com> Co-authored-by: cortlyons <cortlyons@cloudflare.com> Co-authored-by: Samuel <6132869+SamuelDev@users.noreply.github.com> Co-authored-by: scabell <scabell@cloudflare.com> Co-authored-by: Rotem Atzaba <rotem@cloudflare.com> Co-authored-by: Sarah Sicard <18204584+ssicard@users.noreply.github.com> Co-authored-by: Max Peterson <64494795+maxwellpeterson@users.noreply.github.com> Co-authored-by: Sohei Okamoto <sohei@cloudflare.com> Co-authored-by: Alex Holland <aholland@cloudflare.com> Co-authored-by: ang-cloudflare <ang@cloudflare.com> Co-authored-by: stainless-app[bot] <142633134+stainless-app[bot]@users.noreply.github.com> Co-authored-by: Cina Saffary <cina@cloudflare.com> Co-authored-by: Max Peterson <mpeterson@cloudflare.com> Co-authored-by: christhorwarth <chris.thorwarth@gmail.com> Co-authored-by: Chris Thorwarth <cthorwarth@cloudflare.com> Co-authored-by: João "Pisco" Fernandes <joaocarlos@cloudflare.com> Co-authored-by: Steve Conrad <sconrad@cloudflare.com> Co-authored-by: Tyler Stanish <tystanish@gmail.com> Co-authored-by: Tyler Stanish <tstanish@cloudflare.com> Co-authored-by: Carol Xu <37486071+Carolx715@users.noreply.github.com> Co-authored-by: Vaishak Dinesh <vaishak@cloudflare.com> Co-authored-by: jkoe-cf <152918105+jkoe-cf@users.noreply.github.com>
781 lines
20 KiB
Go
781 lines
20 KiB
Go
package main
|
|
|
|
import (
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/hcl/v2/hclwrite"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestAccessApplicationPoliciesTransformation(t *testing.T) {
|
|
tests := []TestCase{
|
|
{
|
|
Name: "transform policies from list of strings to list of objects",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
|
|
policies = [
|
|
cloudflare_zero_trust_access_policy.allow.id,
|
|
cloudflare_zero_trust_access_policy.deny.id
|
|
]
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
|
|
policies = [{ id = cloudflare_zero_trust_access_policy.allow.id }, { id = cloudflare_zero_trust_access_policy.deny.id }]
|
|
type = "self_hosted"
|
|
}`},
|
|
},
|
|
{
|
|
Name: "transform policies with literal IDs",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
|
|
policies = ["policy-id-1", "policy-id-2"]
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
|
|
policies = [{ id = "policy-id-1" }, { id = "policy-id-2" }]
|
|
type = "self_hosted"
|
|
}`},
|
|
},
|
|
{
|
|
Name: "mixed references and literals",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
|
|
policies = [
|
|
cloudflare_zero_trust_access_policy.allow.id,
|
|
"literal-policy-id",
|
|
cloudflare_zero_trust_access_policy.deny.id
|
|
]
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
|
|
policies = [{ id = cloudflare_zero_trust_access_policy.allow.id }, { id = "literal-policy-id" }, { id = cloudflare_zero_trust_access_policy.deny.id }]
|
|
type = "self_hosted"
|
|
}`},
|
|
},
|
|
{
|
|
Name: "handle old resource name references",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
|
|
policies = [
|
|
cloudflare_access_policy.old_style.id
|
|
]
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
|
|
policies = [{ id = cloudflare_zero_trust_access_policy.old_style.id }]
|
|
type = "self_hosted"
|
|
}`},
|
|
},
|
|
{
|
|
Name: "no policies attribute but add default type",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
type = "self_hosted"
|
|
}`},
|
|
},
|
|
}
|
|
|
|
RunTransformationTests(t, tests, transformFileDefault)
|
|
}
|
|
|
|
func TestAccessApplicationDomainTypeRemoval(t *testing.T) {
|
|
tests := []TestCase{
|
|
{
|
|
Name: "remove domain_type attribute",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
domain_type = "public"
|
|
type = "self_hosted"
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
type = "self_hosted"
|
|
}`},
|
|
},
|
|
{
|
|
Name: "remove domain_type with other attributes preserved",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
domain_type = "public"
|
|
type = "self_hosted"
|
|
session_duration = "24h"
|
|
|
|
cors_headers {
|
|
allow_all_origins = true
|
|
}
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
type = "self_hosted"
|
|
session_duration = "24h"
|
|
|
|
cors_headers {
|
|
allow_all_origins = true
|
|
}
|
|
}`},
|
|
},
|
|
{
|
|
Name: "no domain_type to remove",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
type = "self_hosted"
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
type = "self_hosted"
|
|
}`},
|
|
},
|
|
}
|
|
|
|
RunTransformationTests(t, tests, transformFileDefault)
|
|
}
|
|
|
|
func TestAccessApplicationDestinationsBlocksToAttribute(t *testing.T) {
|
|
tests := []TestCase{
|
|
{
|
|
Name: "convert single destinations block to list attribute",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
destinations {
|
|
uri = "https://example.com"
|
|
}
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
destinations = [
|
|
{
|
|
uri = "https://example.com"
|
|
}
|
|
]
|
|
}`},
|
|
},
|
|
{
|
|
Name: "convert multiple destinations blocks to list attribute",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
destinations {
|
|
uri = "https://example.com"
|
|
}
|
|
|
|
destinations {
|
|
uri = "tcp://db.example.com:5432"
|
|
}
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
destinations = [
|
|
{
|
|
uri = "https://example.com"
|
|
},
|
|
{
|
|
uri = "tcp://db.example.com:5432"
|
|
}
|
|
]
|
|
}`},
|
|
},
|
|
{
|
|
Name: "destinations block with multiple attributes",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
destinations {
|
|
uri = "https://app.example.com"
|
|
description = "Main application"
|
|
}
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
destinations = [
|
|
{
|
|
description = "Main application"
|
|
uri = "https://app.example.com"
|
|
}
|
|
]
|
|
}`},
|
|
},
|
|
{
|
|
Name: "no destinations blocks - no change",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "self_hosted"
|
|
domain = "test.example.com"
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "self_hosted"
|
|
domain = "test.example.com"
|
|
}`},
|
|
},
|
|
{
|
|
Name: "destinations blocks with variable references",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
destinations {
|
|
uri = var.app_uri
|
|
}
|
|
|
|
destinations {
|
|
uri = local.db_connection
|
|
}
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
destinations = [
|
|
{
|
|
uri = var.app_uri
|
|
},
|
|
{
|
|
uri = local.db_connection
|
|
}
|
|
]
|
|
}`},
|
|
},
|
|
}
|
|
|
|
RunTransformationTests(t, tests, transformFileDefault)
|
|
}
|
|
|
|
func TestAccessApplicationCombinedMigrations(t *testing.T) {
|
|
tests := []TestCase{
|
|
{
|
|
Name: "combined domain_type removal and destinations conversion",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
domain_type = "public"
|
|
|
|
destinations {
|
|
uri = "https://example.com"
|
|
}
|
|
|
|
policies = ["policy-id-1", "policy-id-2"]
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
policies = [{ id = "policy-id-1" }, { id = "policy-id-2" }]
|
|
destinations = [
|
|
{
|
|
uri = "https://example.com"
|
|
}
|
|
]
|
|
}`},
|
|
},
|
|
{
|
|
Name: "all transformations together with allowed_idps",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
domain_type = "public"
|
|
allowed_idps = toset(["idp-1", "idp-2"])
|
|
|
|
destinations {
|
|
uri = "https://example.com"
|
|
}
|
|
|
|
destinations {
|
|
uri = "tcp://db.example.com:5432"
|
|
}
|
|
|
|
policies = [
|
|
cloudflare_zero_trust_access_policy.allow.id,
|
|
"literal-policy-id"
|
|
]
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
allowed_idps = ["idp-1", "idp-2"]
|
|
|
|
policies = [{ id = cloudflare_zero_trust_access_policy.allow.id }, { id = "literal-policy-id" }]
|
|
destinations = [
|
|
{
|
|
uri = "https://example.com"
|
|
},
|
|
{
|
|
uri = "tcp://db.example.com:5432"
|
|
}
|
|
]
|
|
}`},
|
|
},
|
|
}
|
|
|
|
RunTransformationTests(t, tests, transformFileDefault)
|
|
}
|
|
|
|
|
|
func TestAccessApplicationSkipAppLauncherLoginPageRemoval(t *testing.T) {
|
|
tests := []TestCase{
|
|
{
|
|
Name: "remove skip_app_launcher_login_page when type is not app_launcher",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
type = "self_hosted"
|
|
skip_app_launcher_login_page = false
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
type = "self_hosted"
|
|
}`},
|
|
},
|
|
{
|
|
Name: "preserve skip_app_launcher_login_page when type is app_launcher",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "app_launcher"
|
|
skip_app_launcher_login_page = true
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "app_launcher"
|
|
skip_app_launcher_login_page = true
|
|
}`},
|
|
},
|
|
{
|
|
Name: "remove skip_app_launcher_login_page when type is warp",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
skip_app_launcher_login_page = false
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
}`},
|
|
},
|
|
{
|
|
Name: "remove skip_app_launcher_login_page when no type attribute and add default type",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
skip_app_launcher_login_page = false
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
type = "self_hosted"
|
|
}`},
|
|
},
|
|
{
|
|
Name: "no skip_app_launcher_login_page to remove",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "self_hosted"
|
|
domain = "test.example.com"
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "self_hosted"
|
|
domain = "test.example.com"
|
|
}`},
|
|
},
|
|
}
|
|
|
|
RunTransformationTests(t, tests, transformFileDefault)
|
|
}
|
|
|
|
func TestAccessApplicationSetToListTransformation(t *testing.T) {
|
|
tests := []TestCase{
|
|
{
|
|
Name: "transform toset to list for allowed_idps",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
allowed_idps = toset(["idp-1", "idp-2", "idp-3"])
|
|
type = "self_hosted"
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
allowed_idps = ["idp-1", "idp-2", "idp-3"]
|
|
type = "self_hosted"
|
|
}`},
|
|
},
|
|
{
|
|
Name: "handle already list format for allowed_idps",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
allowed_idps = ["idp-1", "idp-2"]
|
|
type = "self_hosted"
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
allowed_idps = ["idp-1", "idp-2"]
|
|
type = "self_hosted"
|
|
}`},
|
|
},
|
|
{
|
|
Name: "transform toset for custom_pages",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
custom_pages = toset(["page1", "page2"])
|
|
type = "self_hosted"
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
custom_pages = ["page1", "page2"]
|
|
type = "self_hosted"
|
|
}`},
|
|
},
|
|
}
|
|
|
|
RunTransformationTests(t, tests, transformFileDefault)
|
|
}
|
|
|
|
func TestAccessApplicationPoliciesEdgeCases(t *testing.T) {
|
|
tests := []TestCase{
|
|
{
|
|
Name: "empty policies array",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
policies = []
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
policies = []
|
|
type = "self_hosted"
|
|
}`},
|
|
},
|
|
{
|
|
Name: "complex policy references with expressions",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
policies = concat(
|
|
[cloudflare_zero_trust_access_policy.main.id],
|
|
var.additional_policies
|
|
)
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
policies = concat([cloudflare_zero_trust_access_policy.main.id], var.additional_policies)
|
|
type = "self_hosted"
|
|
}`},
|
|
},
|
|
{
|
|
Name: "policies with for expression",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
policies = [for p in var.policy_ids : p]
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
domain = "test.example.com"
|
|
policies = [
|
|
for p in
|
|
var.policy_ids
|
|
: p
|
|
]
|
|
type = "self_hosted"
|
|
}`},
|
|
},
|
|
}
|
|
|
|
RunTransformationTests(t, tests, transformFileDefault)
|
|
}
|
|
|
|
func TestAccessApplicationDestinationsEdgeCases(t *testing.T) {
|
|
tests := []TestCase{
|
|
{
|
|
Name: "destinations with expressions",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
destinations {
|
|
uri = format("https://%s.example.com", var.subdomain)
|
|
}
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
destinations = [
|
|
{
|
|
uri = format("https://%s.example.com", var.subdomain)
|
|
}
|
|
]
|
|
}`},
|
|
},
|
|
{
|
|
Name: "destinations with conditional expression",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
destinations {
|
|
uri = var.use_ssl ? "https://app.example.com" : "http://app.example.com"
|
|
}
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
destinations = [
|
|
{
|
|
uri = var.use_ssl ? "https://app.example.com" : "http://app.example.com"
|
|
}
|
|
]
|
|
}`},
|
|
},
|
|
{
|
|
Name: "destinations block without uri",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
destinations {
|
|
description = "Test destination"
|
|
}
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
destinations = [
|
|
{
|
|
description = "Test destination"
|
|
}
|
|
]
|
|
}`},
|
|
},
|
|
{
|
|
Name: "empty destinations block",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
destinations {
|
|
}
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
destinations = [
|
|
{}
|
|
]
|
|
}`},
|
|
},
|
|
{
|
|
Name: "multiple destinations with mixed content",
|
|
Config: `resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
destinations {
|
|
uri = "https://app1.example.com"
|
|
description = "Primary app"
|
|
}
|
|
|
|
destinations {
|
|
}
|
|
|
|
destinations {
|
|
uri = "tcp://db.example.com:3306"
|
|
}
|
|
}`,
|
|
Expected: []string{`resource "cloudflare_zero_trust_access_application" "test" {
|
|
account_id = "abc123"
|
|
name = "Test App"
|
|
type = "warp"
|
|
|
|
destinations = [
|
|
{
|
|
description = "Primary app"
|
|
uri = "https://app1.example.com"
|
|
},
|
|
{},
|
|
{
|
|
uri = "tcp://db.example.com:3306"
|
|
}
|
|
]
|
|
}`},
|
|
},
|
|
}
|
|
|
|
RunTransformationTests(t, tests, transformFileDefault)
|
|
}
|
|
|
|
func TestCreatePoliciesAttribute(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
policies []PolicyReference
|
|
expected string
|
|
}{
|
|
{
|
|
name: "no policies",
|
|
policies: []PolicyReference{},
|
|
expected: "",
|
|
},
|
|
{
|
|
name: "single policy",
|
|
policies: []PolicyReference{
|
|
{ResourceName: "cloudflare_zero_trust_access_policy.test1", Precedence: 1},
|
|
},
|
|
expected: `policies = [
|
|
{
|
|
id = cloudflare_zero_trust_access_policy.test1.id
|
|
precedence = 1
|
|
}
|
|
]`,
|
|
},
|
|
{
|
|
name: "multiple policies",
|
|
policies: []PolicyReference{
|
|
{ResourceName: "cloudflare_zero_trust_access_policy.test1", Precedence: 1},
|
|
{ResourceName: "cloudflare_zero_trust_access_policy.test2", Precedence: 2},
|
|
{ResourceName: "cloudflare_zero_trust_access_policy.test3", Precedence: 3},
|
|
},
|
|
expected: `policies = [
|
|
{
|
|
id = cloudflare_zero_trust_access_policy.test1.id
|
|
precedence = 1
|
|
},
|
|
{
|
|
id = cloudflare_zero_trust_access_policy.test2.id
|
|
precedence = 2
|
|
},
|
|
{
|
|
id = cloudflare_zero_trust_access_policy.test3.id
|
|
precedence = 3
|
|
}
|
|
]`,
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
file := hclwrite.NewEmptyFile()
|
|
body := file.Body()
|
|
|
|
createPoliciesAttribute(body, tt.policies)
|
|
|
|
result := string(file.Bytes())
|
|
if tt.expected == "" {
|
|
assert.Equal(t, "", strings.TrimSpace(result))
|
|
} else {
|
|
// Check that the expected content is in the result
|
|
assert.Contains(t, result, tt.expected)
|
|
if len(tt.policies) > 0 {
|
|
assert.Contains(t, result, "# Policies auto-migrated from v4 access_policy resources")
|
|
}
|
|
}
|
|
})
|
|
}
|
|
}
|