Support for SaaS Access Application

[ouranos]

Current Terraform and Cloudflare provider version

Terraform v1.0.7
on darwin_amd64
+ provider registry.terraform.io/cloudflare/cloudflare v3.1.0

Description

We'd like to manage our SaaS application through Terraform.

However, the cloudflare_access_application resource currently doesn't support the saas type.
The API seems to support it.

I tried to patch the provider to accept this type but it's more complicated as we need to be able to configure the saas_app block and the domain required field would be the value returned after creating the app (eg: <organization>.cloudflareaccess.com/cdn-cgi/access/sso/saml/<uid>).
This doesn't seem to be documented in the API so I'm not sure if it's actually supported.

Use cases

Support for SaaS applications.

Potential Terraform configuration

resource "cloudflare_access_application" "saas_app" {
  account_id = var.cloudflare_account_id
  name       = "My Great Saas App"
  type       = "saas"
  domain     = "???"

  saas_app {
      consumer_service_url = "https://saas-app.example/sso/saml/consume",
      sp_entity_id  = "saas-app.example"
      name_id_format =  "email"
  }

  ...
}  

References

No response

[ouranos]

I did some more testing today and this JSON payload correctly created a SaaS application:

{
    "name": "Test SaaS",
    "type": "saas",
    "allowed_idps": [
        "..."
    ],
    "saas_app": {
        "sp_entity_id": "test",
        "consumer_service_url": "https://test.example.org/sso/saml",
        "name_id_format": "email"
    },
    "auto_redirect_to_identity": true,
    "session_duration": "24h"
}

The domain field is not required for a SaaS application.

Not sure if it's not officially supported or if the documentation is lagging behind.

[ouranos]

I've tried to patch the provider but the SDK doesn't seem to support it either.

[jacobbednarz]

Please see my comments on your cloudflare-go PR. This isn't yet publicly supported so this will be pending that release and won't be merged here before that.

[ouranos]

This has now been added in v0.41.0 of the SDK with cloudflare/cloudflare-go#900

I'll rebase my local branch and make it work with the new SDK and submit it for review after testing it in our environment.

[github-actions]

This functionality has been released in v3.20.0 of the Terraform Cloudflare Provider.

Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!