From 5f8bf4321d0b78f5f78b45bcd8557f7558a11970 Mon Sep 17 00:00:00 2001 From: Noan Le Renard Date: Thu, 2 Jun 2022 15:10:58 +0100 Subject: [PATCH 1/7] Add support for PKCE flag in IDP config --- .changelog/1652.txt | 3 +++ .../provider/resource_cloudflare_access_identity_provider.go | 2 ++ .../provider/schema_cloudflare_access_identity_provider.go | 4 ++++ 3 files changed, 9 insertions(+) create mode 100644 .changelog/1652.txt diff --git a/.changelog/1652.txt b/.changelog/1652.txt new file mode 100644 index 0000000000..44d6e7b604 --- /dev/null +++ b/.changelog/1652.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/cloudflare_access_identity_provider: Add support for PKCE when creating IDPS. +``` \ No newline at end of file diff --git a/internal/provider/resource_cloudflare_access_identity_provider.go b/internal/provider/resource_cloudflare_access_identity_provider.go index b08b665486..7ee9c543fe 100644 --- a/internal/provider/resource_cloudflare_access_identity_provider.go +++ b/internal/provider/resource_cloudflare_access_identity_provider.go @@ -207,6 +207,7 @@ func convertSchemaToStruct(d *schema.ResourceData) (cloudflare.AccessIdentityPro IDPConfig.SsoTargetURL = d.Get("config.0.sso_target_url").(string) IDPConfig.SupportGroups = d.Get("config.0.support_groups").(bool) IDPConfig.TokenURL = d.Get("config.0.token_url").(string) + IDPConfig.PKCEenabled = d.Get("config.0.pkce_enabled").(bool) } return IDPConfig, nil @@ -243,6 +244,7 @@ func convertStructToSchema(d *schema.ResourceData, options cloudflare.AccessIden "sso_target_url": options.SsoTargetURL, "support_groups": options.SupportGroups, "token_url": options.TokenURL, + "pkce_enabled": options.PKCEenabled, } return []interface{}{m} diff --git a/internal/provider/schema_cloudflare_access_identity_provider.go b/internal/provider/schema_cloudflare_access_identity_provider.go index 09f6321b3f..e29cd4aaef 100644 --- a/internal/provider/schema_cloudflare_access_identity_provider.go +++ b/internal/provider/schema_cloudflare_access_identity_provider.go @@ -132,6 +132,10 @@ func resourceCloudflareAccessIdentityProviderSchema() map[string]*schema.Schema Type: schema.TypeString, Optional: true, }, + "pkce_enabled": { + Type: schema.TypeBool, + Optional: true, + }, }, }, }, From f92f8e2fc246ca90a980d4ed66a1f9c443007d95 Mon Sep 17 00:00:00 2001 From: Noan Le Renard Date: Thu, 2 Jun 2022 15:17:00 +0100 Subject: [PATCH 2/7] Updated markdown --- docs/resources/cloudflare_access_identity_provider.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/resources/cloudflare_access_identity_provider.md b/docs/resources/cloudflare_access_identity_provider.md index 8bb7b89e9d..c10c1d6a7d 100644 --- a/docs/resources/cloudflare_access_identity_provider.md +++ b/docs/resources/cloudflare_access_identity_provider.md @@ -72,7 +72,8 @@ The following arguments are supported: - `type` - (Required) The provider type to use. Must be one of: `"centrify"`, `"facebook"`, `"google-apps"`, `"oidc"`, `"github"`, `"google"`, `"saml"`, `"linkedin"`, `"azureAD"`, `"okta"`, `"onetimepin"`, `"onelogin"`, `"yandex"`. -- `config` - (Optional) Provider configuration from the [developer documentation][access_identity_provider_guide]. +* `config` - (Optional) Provider configuration from the [developer documentation][access_identity_provider_guide]. +* `pkce_enabled` - (Optional) Enable Proof Key for Code Exchange (PKCE). Only use this if your identity provider supports PKCE for confidential clients. ## Attributes Reference From 36f787b3423c07bd5b6e3893480c85856cbba454 Mon Sep 17 00:00:00 2001 From: Noan Le Renard Date: Thu, 2 Jun 2022 15:59:34 +0100 Subject: [PATCH 3/7] fix for cloudflare-go compability --- .../provider/resource_cloudflare_access_identity_provider.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/provider/resource_cloudflare_access_identity_provider.go b/internal/provider/resource_cloudflare_access_identity_provider.go index 7ee9c543fe..1204de27b3 100644 --- a/internal/provider/resource_cloudflare_access_identity_provider.go +++ b/internal/provider/resource_cloudflare_access_identity_provider.go @@ -207,7 +207,7 @@ func convertSchemaToStruct(d *schema.ResourceData) (cloudflare.AccessIdentityPro IDPConfig.SsoTargetURL = d.Get("config.0.sso_target_url").(string) IDPConfig.SupportGroups = d.Get("config.0.support_groups").(bool) IDPConfig.TokenURL = d.Get("config.0.token_url").(string) - IDPConfig.PKCEenabled = d.Get("config.0.pkce_enabled").(bool) + IDPConfig.PKCEEnabled = d.Get("config.0.pkce_enabled").(bool) } return IDPConfig, nil @@ -244,7 +244,7 @@ func convertStructToSchema(d *schema.ResourceData, options cloudflare.AccessIden "sso_target_url": options.SsoTargetURL, "support_groups": options.SupportGroups, "token_url": options.TokenURL, - "pkce_enabled": options.PKCEenabled, + "pkce_enabled": options.PKCEEnabled, } return []interface{}{m} From e0197d1e6782514e47a5d2e3512f1b53ca8a4ffd Mon Sep 17 00:00:00 2001 From: Noan Le Renard <43644096+Noanan@users.noreply.github.com> Date: Thu, 9 Jun 2022 16:15:13 +0100 Subject: [PATCH 4/7] Update internal/provider/resource_cloudflare_access_identity_provider.go Co-authored-by: Jacob Bednarz --- .../provider/resource_cloudflare_access_identity_provider.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/provider/resource_cloudflare_access_identity_provider.go b/internal/provider/resource_cloudflare_access_identity_provider.go index 1204de27b3..291c90de98 100644 --- a/internal/provider/resource_cloudflare_access_identity_provider.go +++ b/internal/provider/resource_cloudflare_access_identity_provider.go @@ -207,7 +207,7 @@ func convertSchemaToStruct(d *schema.ResourceData) (cloudflare.AccessIdentityPro IDPConfig.SsoTargetURL = d.Get("config.0.sso_target_url").(string) IDPConfig.SupportGroups = d.Get("config.0.support_groups").(bool) IDPConfig.TokenURL = d.Get("config.0.token_url").(string) - IDPConfig.PKCEEnabled = d.Get("config.0.pkce_enabled").(bool) + IDPConfig.PKCEEnabled = cloudflare.BoolPtr(d.Get("config.0.pkce_enabled").(bool)) } return IDPConfig, nil From ca920b720f78ea977a828c449f1349c047aad878 Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Tue, 14 Jun 2022 09:04:18 +1000 Subject: [PATCH 5/7] fix changelog number --- .changelog/{1652.txt => 1667.txt} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .changelog/{1652.txt => 1667.txt} (100%) diff --git a/.changelog/1652.txt b/.changelog/1667.txt similarity index 100% rename from .changelog/1652.txt rename to .changelog/1667.txt From 5fc42d18433e6cf824c17d9050b6f2f21041966c Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Tue, 14 Jun 2022 09:06:15 +1000 Subject: [PATCH 6/7] fix documentation generation --- docs/resources/cloudflare_access_identity_provider.md | 4 ++-- templates/resources/cloudflare_access_identity_provider.md | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/resources/cloudflare_access_identity_provider.md b/docs/resources/cloudflare_access_identity_provider.md index c10c1d6a7d..9f43aec864 100644 --- a/docs/resources/cloudflare_access_identity_provider.md +++ b/docs/resources/cloudflare_access_identity_provider.md @@ -72,8 +72,8 @@ The following arguments are supported: - `type` - (Required) The provider type to use. Must be one of: `"centrify"`, `"facebook"`, `"google-apps"`, `"oidc"`, `"github"`, `"google"`, `"saml"`, `"linkedin"`, `"azureAD"`, `"okta"`, `"onetimepin"`, `"onelogin"`, `"yandex"`. -* `config` - (Optional) Provider configuration from the [developer documentation][access_identity_provider_guide]. -* `pkce_enabled` - (Optional) Enable Proof Key for Code Exchange (PKCE). Only use this if your identity provider supports PKCE for confidential clients. +- `config` - (Optional) Provider configuration from the [developer documentation][access_identity_provider_guide]. +- `pkce_enabled` - (Optional) Enable Proof Key for Code Exchange (PKCE). Only use this if your identity provider supports PKCE for confidential clients. ## Attributes Reference diff --git a/templates/resources/cloudflare_access_identity_provider.md b/templates/resources/cloudflare_access_identity_provider.md index 8bb7b89e9d..9f43aec864 100644 --- a/templates/resources/cloudflare_access_identity_provider.md +++ b/templates/resources/cloudflare_access_identity_provider.md @@ -73,6 +73,7 @@ The following arguments are supported: `"facebook"`, `"google-apps"`, `"oidc"`, `"github"`, `"google"`, `"saml"`, `"linkedin"`, `"azureAD"`, `"okta"`, `"onetimepin"`, `"onelogin"`, `"yandex"`. - `config` - (Optional) Provider configuration from the [developer documentation][access_identity_provider_guide]. +- `pkce_enabled` - (Optional) Enable Proof Key for Code Exchange (PKCE). Only use this if your identity provider supports PKCE for confidential clients. ## Attributes Reference From 100700fce9a2b9bb6618231eb443a43f02166948 Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Tue, 14 Jun 2022 09:15:42 +1000 Subject: [PATCH 7/7] don't quote string values in rendered outputs --- docs/resources/access_application.md | 4 ++-- docs/resources/access_identity_provider.md | 2 +- docs/resources/access_policy.md | 2 +- docs/resources/access_rule.md | 4 ++-- docs/resources/api_token.md | 2 +- docs/resources/argo.md | 4 ++-- docs/resources/healthcheck.md | 6 ++--- docs/resources/ipsec_tunnel.md | 2 +- docs/resources/logpush_job.md | 4 ++-- docs/resources/ruleset.md | 26 +++++++++++----------- docs/resources/waiting_room.md | 2 +- docs/resources/waiting_room_event.md | 2 +- internal/provider/utils.go | 2 +- 13 files changed, 31 insertions(+), 31 deletions(-) diff --git a/docs/resources/access_application.md b/docs/resources/access_application.md index c50183b820..fe8bb8b211 100644 --- a/docs/resources/access_application.md +++ b/docs/resources/access_application.md @@ -40,11 +40,11 @@ zone needs to use the `zone_id` argument. - `enable_binding_cookie` (Boolean) Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. - `http_only_cookie_attribute` (Boolean) Option to add the `HttpOnly` cookie flag to access tokens. Defaults to `true`. - `logo_url` (String) Image URL for the logo shown in the app launcher dashboard. -- `same_site_cookie_attribute` (String) Defines the same-site cookie setting for access tokens. Available values: `"none"`, `"lax"`, `"strict"`. +- `same_site_cookie_attribute` (String) Defines the same-site cookie setting for access tokens. Available values: `none`, `lax`, `strict`. - `service_auth_401_redirect` (Boolean) Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`. - `session_duration` (String) How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`. Defaults to `24h`. - `skip_interstitial` (Boolean) Option to skip the authorization interstitial when using the CLI. Defaults to `false`. -- `type` (String) The application type. Available values: `"self_hosted"`, `"ssh"`, `"vnc"`, `"file"`. Defaults to `self_hosted`. +- `type` (String) The application type. Available values: `self_hosted`, `ssh`, `vnc`, `file`. Defaults to `self_hosted`. - `zone_id` (String) The zone identifier to target for the resource. Conflicts with `account_id`. ### Read-Only diff --git a/docs/resources/access_identity_provider.md b/docs/resources/access_identity_provider.md index b8b6cea606..eedd11015d 100644 --- a/docs/resources/access_identity_provider.md +++ b/docs/resources/access_identity_provider.md @@ -22,7 +22,7 @@ zone needs to use the `zone_id` argument. ### Required - `name` (String) Friendly name of the Access Identity Provider configuration. -- `type` (String) The provider type to use. Available values: `"centrify"`, `"facebook"`, `"google-apps"`, `"oidc"`, `"github"`, `"google"`, `"saml"`, `"linkedin"`, `"azureAD"`, `"okta"`, `"onetimepin"`, `"onelogin"`, `"yandex"`. +- `type` (String) The provider type to use. Available values: `centrify`, `facebook`, `google-apps`, `oidc`, `github`, `google`, `saml`, `linkedin`, `azureAD`, `okta`, `onetimepin`, `onelogin`, `yandex`. ### Optional diff --git a/docs/resources/access_policy.md b/docs/resources/access_policy.md index a410d8d9c1..38221a83f0 100644 --- a/docs/resources/access_policy.md +++ b/docs/resources/access_policy.md @@ -22,7 +22,7 @@ zone needs to use the `zone_id` argument. ### Required - `application_id` (String) The ID of the application the policy is associated with. -- `decision` (String) Defines the action Access will take if the policy matches the user. Available values: `"allow"`, `"deny"`, `"non_identity"`, `"bypass"`. +- `decision` (String) Defines the action Access will take if the policy matches the user. Available values: `allow`, `deny`, `non_identity`, `bypass`. - `include` (Block List, Min: 1) A series of access conditions, see [Access Groups](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/access_group#conditions). (see [below for nested schema](#nestedblock--include)) - `name` (String) Friendly name of the Access Policy. - `precedence` (Number) The unique precedence for policies on a single application. diff --git a/docs/resources/access_rule.md b/docs/resources/access_rule.md index cb58c231f4..f1d2daca3f 100644 --- a/docs/resources/access_rule.md +++ b/docs/resources/access_rule.md @@ -59,7 +59,7 @@ resource "cloudflare_access_rule" "office_network" { ### Required - `configuration` (Block List, Min: 1, Max: 1) Rule configuration to apply to a matched request. (see [below for nested schema](#nestedblock--configuration)) -- `mode` (String) The action to apply to a matched request. Available values: `"block"`, `"challenge"`, `"whitelist"`, `"js_challenge"`, `"managed_challenge"`. +- `mode` (String) The action to apply to a matched request. Available values: `block`, `challenge`, `whitelist`, `js_challenge`, `managed_challenge`. ### Optional @@ -75,7 +75,7 @@ resource "cloudflare_access_rule" "office_network" { Required: -- `target` (String) The request property to target. Available values: `"ip"`, `"ip6"`, `"ip_range"`, `"asn"`, `"country"`. +- `target` (String) The request property to target. Available values: `ip`, `ip6`, `ip_range`, `asn`, `country`. - `value` (String) The value to target. Depends on target's type. ## Import diff --git a/docs/resources/api_token.md b/docs/resources/api_token.md index 54b35c56bc..3b789f71ad 100644 --- a/docs/resources/api_token.md +++ b/docs/resources/api_token.md @@ -163,7 +163,7 @@ Required: Optional: -- `effect` (String) Effect of the policy. Available values: `"allow"`, `"deny"`. Defaults to `allow`. +- `effect` (String) Effect of the policy. Available values: `allow`, `deny`. Defaults to `allow`. diff --git a/docs/resources/argo.md b/docs/resources/argo.md index 58f04dfceb..8a23f107c8 100644 --- a/docs/resources/argo.md +++ b/docs/resources/argo.md @@ -27,8 +27,8 @@ resource "cloudflare_argo" "example" { ### Optional -- `smart_routing` (String) Whether smart routing is enabled. Available values: `"on"`, `"off"`. -- `tiered_caching` (String) Whether tiered caching is enabled. Available values: `"on"`, `"off"`. +- `smart_routing` (String) Whether smart routing is enabled. Available values: `on`, `off`. +- `tiered_caching` (String) Whether tiered caching is enabled. Available values: `on`, `off`. ### Read-Only diff --git a/docs/resources/healthcheck.md b/docs/resources/healthcheck.md index 4796e71a19..2ef27dcf45 100644 --- a/docs/resources/healthcheck.md +++ b/docs/resources/healthcheck.md @@ -73,13 +73,13 @@ resource "cloudflare_healthcheck" "tcp_health_check" { - `address` (String) The hostname or IP address of the origin server to run health checks on. - `name` (String) A short name to identify the health check. Only alphanumeric characters, hyphens, and underscores are allowed. -- `type` (String) The protocol to use for the health check. Available values: `"TCP"`, `"HTTP"`, `"HTTPS"`. +- `type` (String) The protocol to use for the health check. Available values: `TCP`, `HTTP`, `HTTPS`. - `zone_id` (String) The zone identifier to target for the resource. ### Optional - `allow_insecure` (Boolean) Do not validate the certificate when the health check uses HTTPS. Defaults to `false`. -- `check_regions` (List of String) A list of regions from which to run health checks. If not set, Cloudflare will pick a default region. Available values: `"WNAM"`, `"ENAM"`, `"WEU"`, `"EEU"`, `"NSAM"`, `"SSAM"`, `"OC"`, `"ME"`, `"NAF"`, `"SAF"`, `"IN"`, `"SEAS"`, `"NEAS"`, `"ALL_REGIONS"`. +- `check_regions` (List of String) A list of regions from which to run health checks. If not set, Cloudflare will pick a default region. Available values: `WNAM`, `ENAM`, `WEU`, `EEU`, `NSAM`, `SSAM`, `OC`, `ME`, `NAF`, `SAF`, `IN`, `SEAS`, `NEAS`, `ALL_REGIONS`. - `consecutive_fails` (Number) The number of consecutive fails required from a health check before changing the health to unhealthy. Defaults to `1`. - `consecutive_successes` (Number) The number of consecutive successes required from a health check before changing the health to healthy. Defaults to `1`. - `description` (String) A human-readable description of the health check. @@ -88,7 +88,7 @@ resource "cloudflare_healthcheck" "tcp_health_check" { - `follow_redirects` (Boolean) Follow redirects if the origin returns a 3xx status code. Defaults to `false`. - `header` (Block Set) The HTTP request headers to send in the health check. It is recommended you set a Host header by default. The User-Agent header cannot be overridden. (see [below for nested schema](#nestedblock--header)) - `interval` (Number) The interval between each health check. Shorter intervals may give quicker notifications if the origin status changes, but will increase the load on the origin as we check from multiple locations. Defaults to `60`. -- `method` (String) The HTTP method to use for the health check. Available values: `"connection_established"`, `"GET"`, `"HEAD"`. +- `method` (String) The HTTP method to use for the health check. Available values: `connection_established`, `GET`, `HEAD`. - `notification_email_addresses` (List of String, Deprecated) A list of email addresses we want to send the notifications to. Deprecated, use cloudflare_notification_policy instead. - `notification_suspended` (Boolean, Deprecated) Whether the notifications are suspended or not. Useful for maintenance periods. Defaults to `false`. - `path` (String) The endpoint path to health check against. Defaults to `/`. diff --git a/docs/resources/ipsec_tunnel.md b/docs/resources/ipsec_tunnel.md index 8ed08e8cad..61466d1d86 100644 --- a/docs/resources/ipsec_tunnel.md +++ b/docs/resources/ipsec_tunnel.md @@ -42,7 +42,7 @@ resource "cloudflare_ipsec_tunnel" "example" { - `fqdn_id` (String) `remote_id` in the form of a fqdn. This value is generated by cloudflare. - `health_check_enabled` (Boolean) Specifies if ICMP tunnel health checks are enabled. Default: `true`. - `health_check_target` (String) The IP address of the customer endpoint that will receive tunnel health checks. Default: ``. -- `health_check_type` (String) Specifies the ICMP echo type for the health check (`request` or `reply`). Available values: `"request"`, `"reply"` Default: `reply`. +- `health_check_type` (String) Specifies the ICMP echo type for the health check (`request` or `reply`). Available values: `request`, `reply` Default: `reply`. - `hex_id` (String) `remote_id` as a hex string. This value is generated by cloudflare. - `psk` (String, Sensitive) Pre shared key to be used with the IPsec tunnel. If left unset, it will be autogenerated. - `remote_id` (String) ID to be used while setting up the IPsec tunnel. This value is generated by cloudflare. diff --git a/docs/resources/logpush_job.md b/docs/resources/logpush_job.md index 61b0d0acea..0bb36fd348 100644 --- a/docs/resources/logpush_job.md +++ b/docs/resources/logpush_job.md @@ -109,7 +109,7 @@ resource "cloudflare_logpush_job" "example_job" { ### Required -- `dataset` (String) Uniquely identifies a resource (such as an s3 bucket) where data will be pushed. Additional configuration parameters supported by the destination may be included. See [Logpush destination documentation](https://developers.cloudflare.com/logs/reference/logpush-api-configuration#destination). Available values: `"firewall_events"`, `"http_requests"`, `"spectrum_events"`, `"nel_reports"`, `"audit_logs"`, `"gateway_dns"`, `"gateway_http"`, `"gateway_network"`, `"dns_logs"`, `"network_analytics_logs"`. +- `dataset` (String) Uniquely identifies a resource (such as an s3 bucket) where data will be pushed. Additional configuration parameters supported by the destination may be included. See [Logpush destination documentation](https://developers.cloudflare.com/logs/reference/logpush-api-configuration#destination). Available values: `firewall_events`, `http_requests`, `spectrum_events`, `nel_reports`, `audit_logs`, `gateway_dns`, `gateway_http`, `gateway_network`, `dns_logs`, `network_analytics_logs`. - `destination_conf` (String) Uniquely identifies a resource (such as an s3 bucket) where data will be pushed. Additional configuration parameters supported by the destination may be included. See [Logpush destination documentation](https://developers.cloudflare.com/logs/reference/logpush-api-configuration#destination). ### Optional @@ -117,7 +117,7 @@ resource "cloudflare_logpush_job" "example_job" { - `account_id` (String) The account identifier to target for the resource. - `enabled` (Boolean) Whether to enable the job. - `filter` (String) Use filters to select the events to include and/or remove from your logs. For more information, refer to [Filters](https://developers.cloudflare.com/logs/reference/logpush-api-configuration/filters/). -- `frequency` (String) A higher frequency will result in logs being pushed on faster with smaller files. `low` frequency will push logs less often with larger files. Available values: `"high"`, `"low"`. Defaults to `high`. +- `frequency` (String) A higher frequency will result in logs being pushed on faster with smaller files. `low` frequency will push logs less often with larger files. Available values: `high`, `low`. Defaults to `high`. - `logpull_options` (String) Configuration string for the Logshare API. It specifies things like requested fields and timestamp formats. See [Logpull options documentation](https://developers.cloudflare.com/logs/logpush/logpush-configuration-api/understanding-logpush-api/#options). - `name` (String) The name of the logpush job to create. Must match the regular expression `^[a-zA-Z0-9\-\.]*$`. - `ownership_challenge` (String) Ownership challenge token to prove destination ownership, required when destination is Amazon S3, Google Cloud Storage, Microsoft Azure or Sumo Logic. See [Developer documentation](https://developers.cloudflare.com/logs/logpush/logpush-configuration-api/understanding-logpush-api/#usage). diff --git a/docs/resources/ruleset.md b/docs/resources/ruleset.md index 50afbc4858..d41427012d 100644 --- a/docs/resources/ruleset.md +++ b/docs/resources/ruleset.md @@ -36,9 +36,9 @@ have inconsistent operations and inadvertently disable rulesets. ### Required -- `kind` (String) Type of Ruleset to create. Available values: `"custom"`, `"managed"`, `"root"`, `"schema"`, `"zone"`. +- `kind` (String) Type of Ruleset to create. Available values: `custom`, `managed`, `root`, `schema`, `zone`. - `name` (String) Name of the ruleset. -- `phase` (String) Point in the request/response lifecycle where the ruleset will be created. Available values: `"ddos_l4"`, `"ddos_l7"`, `"http_log_custom_fields"`, `"http_request_firewall_custom"`, `"http_request_firewall_managed"`, `"http_request_late_transform"`, `"http_request_main"`, `"http_request_sanitize"`, `"http_request_transform"`, `"http_request_origin"`, `"http_response_firewall_managed"`, `"http_response_headers_transform"`, `"magic_transit"`, `"http_ratelimit"`, `"http_request_sbfm"`. +- `phase` (String) Point in the request/response lifecycle where the ruleset will be created. Available values: `ddos_l4`, `ddos_l7`, `http_log_custom_fields`, `http_request_firewall_custom`, `http_request_firewall_managed`, `http_request_late_transform`, `http_request_main`, `http_request_sanitize`, `http_request_transform`, `http_request_origin`, `http_response_firewall_managed`, `http_response_headers_transform`, `magic_transit`, `http_ratelimit`, `http_request_sbfm`. ### Optional @@ -61,7 +61,7 @@ Required: Optional: -- `action` (String) Action to perform in the ruleset rule. Available values: `"block"`, `"challenge"`, `"ddos_dynamic"`, `"execute"`, `"force_connection_close"`, `"js_challenge"`, `"managed_challenge"`, `"log"`, `"log_custom_field"`, `"rewrite"`, `"score"`, `"skip"`, `"route"`. +- `action` (String) Action to perform in the ruleset rule. Available values: `block`, `challenge`, `ddos_dynamic`, `execute`, `force_connection_close`, `js_challenge`, `managed_challenge`, `log`, `log_custom_field`, `rewrite`, `score`, `skip`, `route`. - `action_parameters` (Block List, Max: 1) List of parameters that configure the behavior of the ruleset rule action. (see [below for nested schema](#nestedblock--rules--action_parameters)) - `description` (String) Brief summary of the ruleset rule and its intended use. - `enabled` (Boolean) Whether the rule is active. @@ -88,8 +88,8 @@ Optional: - `matched_data` (Block List, Max: 1) List of properties to configure WAF payload logging. (see [below for nested schema](#nestedblock--rules--action_parameters--matched_data)) - `origin` (Block List, Max: 1) List of properties to change request origin. (see [below for nested schema](#nestedblock--rules--action_parameters--origin)) - `overrides` (Block List, Max: 1) List of override configurations to apply to the ruleset. (see [below for nested schema](#nestedblock--rules--action_parameters--overrides)) -- `phases` (Set of String) Point in the request/response lifecycle where the ruleset will be created. Available values: `"ddos_l4"`, `"ddos_l7"`, `"http_log_custom_fields"`, `"http_request_firewall_custom"`, `"http_request_firewall_managed"`, `"http_request_late_transform"`, `"http_request_main"`, `"http_request_sanitize"`, `"http_request_transform"`, `"http_request_origin"`, `"http_response_firewall_managed"`, `"http_response_headers_transform"`, `"magic_transit"`, `"http_ratelimit"`, `"http_request_sbfm"`. -- `products` (Set of String) Products to target with the actions. Available values: `"bic"`, `"hot"`, `"ratelimit"`, `"securityLevel"`, `"uablock"`, `"waf"`, `"zonelockdown"`. +- `phases` (Set of String) Point in the request/response lifecycle where the ruleset will be created. Available values: `ddos_l4`, `ddos_l7`, `http_log_custom_fields`, `http_request_firewall_custom`, `http_request_firewall_managed`, `http_request_late_transform`, `http_request_main`, `http_request_sanitize`, `http_request_transform`, `http_request_origin`, `http_response_firewall_managed`, `http_response_headers_transform`, `magic_transit`, `http_ratelimit`, `http_request_sbfm`. +- `products` (Set of String) Products to target with the actions. Available values: `bic`, `hot`, `ratelimit`, `securityLevel`, `uablock`, `waf`, `zonelockdown`. - `request_fields` (Set of String) List of request headers to include as part of custom fields logging, in lowercase. - `response` (Block List) List of parameters that configure the response given to end users. (see [below for nested schema](#nestedblock--rules--action_parameters--response)) - `response_fields` (Set of String) List of response headers to include as part of custom fields logging, in lowercase. @@ -106,7 +106,7 @@ Optional: - `expression` (String) Use a value dynamically determined by the Firewall Rules expression language based on Wireshark display filters. Refer to the [Firewall Rules language](https://developers.cloudflare.com/firewall/cf-firewall-language) documentation for all available fields, operators, and functions. Conflicts with `"value"`. - `name` (String) Name of the HTTP request header to target. -- `operation` (String) Action to perform on the HTTP request header. Available values: `"remove"`, `"set"`. +- `operation` (String) Action to perform on the HTTP request header. Available values: `remove`, `set`. - `value` (String) Static value to provide as the HTTP request header value. Conflicts with `"expression"`. @@ -132,21 +132,21 @@ Optional: Optional: -- `action` (String) Action to perform in the rule-level override. Available values: `"block"`, `"challenge"`, `"ddos_dynamic"`, `"execute"`, `"force_connection_close"`, `"js_challenge"`, `"managed_challenge"`, `"log"`, `"log_custom_field"`, `"rewrite"`, `"score"`, `"skip"`, `"route"`. +- `action` (String) Action to perform in the rule-level override. Available values: `block`, `challenge`, `ddos_dynamic`, `execute`, `force_connection_close`, `js_challenge`, `managed_challenge`, `log`, `log_custom_field`, `rewrite`, `score`, `skip`, `route`. - `categories` (Block List) List of tag-based overrides. (see [below for nested schema](#nestedblock--rules--action_parameters--overrides--categories)) - `enabled` (Boolean, Deprecated) Defines if the current ruleset-level override enables or disables the ruleset. - `rules` (Block List) List of rule-based overrides. (see [below for nested schema](#nestedblock--rules--action_parameters--overrides--rules)) -- `status` (String) Defines if the current ruleset-level override enables or disables the ruleset. Available values: `"enabled"`, `"disabled"`. Defaults to `""`. +- `status` (String) Defines if the current ruleset-level override enables or disables the ruleset. Available values: `enabled`, `disabled`. Defaults to `""`. ### Nested Schema for `rules.action_parameters.overrides.status` Optional: -- `action` (String) Action to perform in the tag-level override. Available values: `"block"`, `"challenge"`, `"ddos_dynamic"`, `"execute"`, `"force_connection_close"`, `"js_challenge"`, `"managed_challenge"`, `"log"`, `"log_custom_field"`, `"rewrite"`, `"score"`, `"skip"`, `"route"`. +- `action` (String) Action to perform in the tag-level override. Available values: `block`, `challenge`, `ddos_dynamic`, `execute`, `force_connection_close`, `js_challenge`, `managed_challenge`, `log`, `log_custom_field`, `rewrite`, `score`, `skip`, `route`. - `category` (String) Tag name to apply the ruleset rule override to. - `enabled` (Boolean, Deprecated) Defines if the current tag-level override enables or disables the ruleset rules with the specified tag. -- `status` (String) Defines if the current tag-level override enables or disables the ruleset rules with the specified tag. Available values: `"enabled"`, `"disabled"`. Defaults to `""`. +- `status` (String) Defines if the current tag-level override enables or disables the ruleset rules with the specified tag. Available values: `enabled`, `disabled`. Defaults to `""`. @@ -154,12 +154,12 @@ Optional: Optional: -- `action` (String) Action to perform in the rule-level override. Available values: `"block"`, `"challenge"`, `"ddos_dynamic"`, `"execute"`, `"force_connection_close"`, `"js_challenge"`, `"managed_challenge"`, `"log"`, `"log_custom_field"`, `"rewrite"`, `"score"`, `"skip"`, `"route"`. +- `action` (String) Action to perform in the rule-level override. Available values: `block`, `challenge`, `ddos_dynamic`, `execute`, `force_connection_close`, `js_challenge`, `managed_challenge`, `log`, `log_custom_field`, `rewrite`, `score`, `skip`, `route`. - `enabled` (Boolean, Deprecated) Defines if the current rule-level override enables or disables the rule. - `id` (String) Rule ID to apply the override to. - `score_threshold` (Number) Anomaly score threshold to apply in the ruleset rule override. Only applicable to modsecurity-based rulesets. - `sensitivity_level` (String) Sensitivity level for a ruleset rule override. -- `status` (String) Defines if the current rule-level override enables or disables the rule. Available values: `"enabled"`, `"disabled"`. Defaults to `""`. +- `status` (String) Defines if the current rule-level override enables or disables the rule. Available values: `enabled`, `disabled`. Defaults to `""`. @@ -217,7 +217,7 @@ Optional: Optional: - `enabled` (Boolean, Deprecated) Override the default logging behavior when a rule is matched. -- `status` (String) Override the default logging behavior when a rule is matched. Available values: `"enabled"`, `"disabled"`. Defaults to `""`. +- `status` (String) Override the default logging behavior when a rule is matched. Available values: `enabled`, `disabled`. Defaults to `""`. diff --git a/docs/resources/waiting_room.md b/docs/resources/waiting_room.md index bbf6c125d2..a70e124f0d 100644 --- a/docs/resources/waiting_room.md +++ b/docs/resources/waiting_room.md @@ -36,7 +36,7 @@ resource "cloudflare_waiting_room" "example" { ### Optional - `custom_page_html` (String) This is a templated html file that will be rendered at the edge. -- `default_template_language` (String) The language to use for the default waiting room page. Available values: `"de-DE"`, `"es-ES"`, `"en-US"`, `"fr-FR"`, `"id-ID"`, `"it-IT"`, `"ja-JP"`, `"ko-KR"`, `"nl-NL"`, `"pl-PL"`, `"pt-BR"`, `"tr-TR"`, `"zh-CN"`, `"zh-TW"`. Defaults to `en-US`. +- `default_template_language` (String) The language to use for the default waiting room page. Available values: `de-DE`, `es-ES`, `en-US`, `fr-FR`, `id-ID`, `it-IT`, `ja-JP`, `ko-KR`, `nl-NL`, `pl-PL`, `pt-BR`, `tr-TR`, `zh-CN`, `zh-TW`. Defaults to `en-US`. - `description` (String) A description to add more details about the waiting room. - `disable_session_renewal` (Boolean) Disables automatic renewal of session cookies. - `json_response_enabled` (Boolean) If true, requests to the waiting room with the header `Accept: application/json` will receive a JSON response object. diff --git a/docs/resources/waiting_room_event.md b/docs/resources/waiting_room_event.md index 07bd45dc08..25336c1f26 100644 --- a/docs/resources/waiting_room_event.md +++ b/docs/resources/waiting_room_event.md @@ -39,7 +39,7 @@ resource "cloudflare_waiting_room_event" "example" { - `disable_session_renewal` (Boolean) Disables automatic renewal of session cookies. - `new_users_per_minute` (Number) The number of new users that will be let into the route every minute. - `prequeue_start_time` (String) ISO 8601 timestamp that marks when to begin queueing all users before the event starts. Must occur at least 5 minutes before `event_start_time`. -- `queueing_method` (String) The queueing method used by the waiting room. Available values: `"fifo"`, `"random"`, `"passthrough"`, `"reject"`. +- `queueing_method` (String) The queueing method used by the waiting room. Available values: `fifo`, `random`, `passthrough`, `reject`. - `session_duration` (Number) Lifetime of a cookie (in minutes) set by Cloudflare for users who get access to the origin. - `shuffle_at_event_start` (Boolean) Users in the prequeue will be shuffled randomly at the `event_start_time`. Requires that `prequeue_start_time` is not null. Defaults to `false`. - `suspended` (Boolean) If suspended, the event is ignored and traffic will be handled based on the waiting room configuration. diff --git a/internal/provider/utils.go b/internal/provider/utils.go index 3e26502cfd..740fe27cb1 100644 --- a/internal/provider/utils.go +++ b/internal/provider/utils.go @@ -245,7 +245,7 @@ func renderAvailableDocumentationValuesStringSlice(s []string) string { if s != nil && len(s) > 0 { values := make([]string, len(s)) for i, c := range s { - values[i] = fmt.Sprintf("`\"%s\"`", c) + values[i] = fmt.Sprintf("`%s`", c) } output = fmt.Sprintf("Available values: %s", strings.Join(values, ", ")) }