Merge pull request #2625 from Michael9127/mike/GATE-4075

GATE-4075: Adds support for teams accounts protocol detection setting
cloudflare · Aug 8, 2023 · 5f50f36 · 5f50f36
2 parents 8df0370 + fd5498b
commit 5f50f36
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 3 deletions.
diff --git a/.changelog/2625.txt b/.changelog/2625.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/cloudflare_teams_account: Adds support for protocol detection feature
+```
diff --git a/docs/resources/teams_account.md b/docs/resources/teams_account.md
@@ -15,8 +15,9 @@ resource defines configuration for secure web gateway.
 
 ```terraform
 resource "cloudflare_teams_account" "example" {
-  account_id          = "f037e56e89293a057740de681ac9abbe"
-  tls_decrypt_enabled = true
+  account_id                 = "f037e56e89293a057740de681ac9abbe"
+  tls_decrypt_enabled        = true
+  protocol_detection_enabled = true
 
   block_page {
     footer_text      = "hello"
@@ -77,6 +78,7 @@ resource "cloudflare_teams_account" "example" {
 - `fips` (Block List, Max: 1) Configure compliance with Federal Information Processing Standards. (see [below for nested schema](#nestedblock--fips))
 - `logging` (Block List, Max: 1) (see [below for nested schema](#nestedblock--logging))
 - `payload_log` (Block List, Max: 1) Configuration for DLP Payload Logging. (see [below for nested schema](#nestedblock--payload_log))
+- `protocol_detection_enabled` (Boolean) Indicator that protocol detection is enabled.
 - `proxy` (Block List, Max: 1) Configuration block for specifying which protocols are proxied. (see [below for nested schema](#nestedblock--proxy))
 - `tls_decrypt_enabled` (Boolean) Indicator that decryption of TLS traffic is enabled.
 - `url_browser_isolation_enabled` (Boolean) Safely browse websites in Browser Isolation through a URL.

diff --git a/examples/resources/cloudflare_teams_account/resource.tf b/examples/resources/cloudflare_teams_account/resource.tf
@@ -1,6 +1,7 @@
 resource "cloudflare_teams_account" "example" {
   account_id          = "f037e56e89293a057740de681ac9abbe"
   tls_decrypt_enabled = true
+  protocol_detection_enabled = true
 
   block_page {
     footer_text      = "hello"

diff --git a/internal/sdkv2provider/resource_cloudflare_teams_accounts.go b/internal/sdkv2provider/resource_cloudflare_teams_accounts.go
@@ -64,6 +64,12 @@ func resourceCloudflareTeamsAccountRead(ctx context.Context, d *schema.ResourceD
 		}
 	}
 
+	if configuration.Settings.ProtocolDetection != nil {
+		if err := d.Set("protocol_detection_enabled", configuration.Settings.ProtocolDetection.Enabled); err != nil {
+			return diag.FromErr(fmt.Errorf("error parsing account protocol detection enablement: %w", err))
+		}
+	}
+
 	if err := d.Set("activity_log_enabled", configuration.Settings.ActivityLog.Enabled); err != nil {
 		return diag.FromErr(fmt.Errorf("error parsing account activity log enablement: %w", err))
 	}
@@ -138,6 +144,12 @@ func resourceCloudflareTeamsAccountUpdate(ctx context.Context, d *schema.Resourc
 		updatedTeamsAccount.Settings.TLSDecrypt = &cloudflare.TeamsTLSDecrypt{Enabled: tlsDecrypt.(bool)}
 	}
 
+	//nolint:staticcheck
+	protocolDetection, ok := d.GetOkExists("protocol_detection_enabled")
+	if ok {
+		updatedTeamsAccount.Settings.ProtocolDetection = &cloudflare.TeamsProtocolDetection{Enabled: protocolDetection.(bool)}
+	}
+
 	//nolint:staticcheck
 	activtyLog, ok := d.GetOkExists("activity_log_enabled")
 	if ok {

diff --git a/internal/sdkv2provider/resource_cloudflare_teams_accounts_test.go b/internal/sdkv2provider/resource_cloudflare_teams_accounts_test.go
@@ -9,7 +9,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 )
 
-func TestAccCloudflareTeamsAccountConfigurationBasic(t *testing.T) {
+func TestAccCloudflareTeamsAccounts_ConfigurationBasic(t *testing.T) {
 	// Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Access
 	// service does not yet support the API tokens and it results in
 	// misleading state error messages.
@@ -31,6 +31,7 @@ func TestAccCloudflareTeamsAccountConfigurationBasic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(name, consts.AccountIDSchemaKey, accountID),
 					resource.TestCheckResourceAttr(name, "tls_decrypt_enabled", "true"),
+					resource.TestCheckResourceAttr(name, "protocol_detection_enabled", "true"),
 					resource.TestCheckResourceAttr(name, "activity_log_enabled", "true"),
 					resource.TestCheckResourceAttr(name, "fips.0.tls", "true"),
 					resource.TestCheckResourceAttr(name, "block_page.0.name", rnd),
@@ -63,6 +64,7 @@ func testAccCloudflareTeamsAccountBasic(rnd, accountID string) string {
 resource "cloudflare_teams_account" "%[1]s" {
   account_id = "%[2]s"
   tls_decrypt_enabled = true
+  protocol_detection_enabled = true
   activity_log_enabled = true
   block_page {
     name = "%[1]s"

diff --git a/internal/sdkv2provider/schema_cloudflare_teams_accounts.go b/internal/sdkv2provider/schema_cloudflare_teams_accounts.go
@@ -44,6 +44,11 @@ func resourceCloudflareTeamsAccountSchema() map[string]*schema.Schema {
 			Optional:    true,
 			Description: "Indicator that decryption of TLS traffic is enabled.",
 		},
+		"protocol_detection_enabled": {
+			Type:        schema.TypeBool,
+			Optional:    true,
+			Description: "Indicator that protocol detection is enabled.",
+		},
 		"activity_log_enabled": {
 			Type:        schema.TypeBool,
 			Optional:    true,