@@ -7,13 +7,14 @@ import (
77 "testing"
88
99 cfv1 "github.com/cloudflare/cloudflare-go"
10- cfv2 "github.com/cloudflare/cloudflare-go/v5"
11- "github.com/cloudflare/cloudflare-go/v5/zero_trust"
10+ "github.com/hashicorp/terraform-plugin-testing/helper/resource"
11+ "github.com/hashicorp/terraform-plugin-testing/knownvalue"
12+ "github.com/hashicorp/terraform-plugin-testing/statecheck"
13+ "github.com/hashicorp/terraform-plugin-testing/tfjsonpath"
14+
1215 "github.com/cloudflare/terraform-provider-cloudflare/internal/acctest"
1316 "github.com/cloudflare/terraform-provider-cloudflare/internal/consts"
1417 "github.com/cloudflare/terraform-provider-cloudflare/internal/utils"
15- "github.com/hashicorp/terraform-plugin-testing/helper/resource"
16- "github.com/hashicorp/terraform-plugin-testing/terraform"
1718)
1819
1920func init () {
@@ -48,7 +49,7 @@ func init() {
4849 })
4950}
5051
51- func TestAccCloudflareAccessMutualTLSHostnameSettings_Simple (t * testing.T ) {
52+ func TestAccCloudflareAccessMutualTLSHostnameSettings_Account (t * testing.T ) {
5253 // Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Access
5354 // service does not yet support the API tokens and it results in
5455 // misleading state error messages.
@@ -67,16 +68,15 @@ func TestAccCloudflareAccessMutualTLSHostnameSettings_Simple(t *testing.T) {
6768 acctest .TestAccPreCheck_AccountID (t )
6869 },
6970 ProtoV6ProviderFactories : acctest .TestAccProtoV6ProviderFactories ,
70- CheckDestroy : testAccCheckCloudflareAccessMutualTLSHostnameSettingsDestroy ,
7171 Steps : []resource.TestStep {
7272 {
7373 Config : testAccessMutualTLSHostnameSettingsConfig (rnd , cfv1 .AccountIdentifier (accountID ), domain ),
74- Check : resource . ComposeTestCheckFunc (
75- resource . TestCheckResourceAttr (name , consts .AccountIDSchemaKey , accountID ),
76- resource . TestCheckResourceAttr (name , "settings.0. hostname" , domain ),
77- resource . TestCheckResourceAttr (name , "settings.0. china_network" , " false"
78- resource . TestCheckResourceAttr (name , "settings.0. client_certificate_forwarding" , " true"
79- ) ,
74+ ConfigStateChecks : []statecheck. StateCheck {
75+ statecheck . ExpectKnownValue (name , tfjsonpath . New ( consts .AccountIDSchemaKey ), knownvalue . StringExact ( accountID ) ),
76+ statecheck . ExpectKnownValue (name , tfjsonpath . New ( "settings" ). AtSliceIndex ( 0 ). AtMapKey ( " hostname"), knownvalue . StringExact ( domain ) ),
77+ statecheck . ExpectKnownValue (name , tfjsonpath . New ( "settings" ). AtSliceIndex ( 0 ). AtMapKey ( " china_network"), knownvalue . Bool ( false ) ),
78+ statecheck . ExpectKnownValue (name , tfjsonpath . New ( "settings" ). AtSliceIndex ( 0 ). AtMapKey ( " client_certificate_forwarding"), knownvalue . Bool ( true ) ),
79+ } ,
8080 },
8181 {
8282 // Ensures no diff on last plan
@@ -87,28 +87,251 @@ func TestAccCloudflareAccessMutualTLSHostnameSettings_Simple(t *testing.T) {
8787 })
8888}
8989
90- func testAccCheckCloudflareAccessMutualTLSHostnameSettingsDestroy (s * terraform.State ) error {
91- client := acctest .SharedClient ()
90+ func TestAccCloudflareAccessMutualTLSHostnameSettings_Zone (t * testing.T ) {
91+ // Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Access
92+ // service does not yet support the API tokens and it results in
93+ // misleading state error messages.
94+ if os .Getenv ("CLOUDFLARE_API_TOKEN" ) != "" {
95+ t .Setenv ("CLOUDFLARE_API_TOKEN" , "" )
96+ }
9297
93- for _ , rs := range s . RootModule (). Resources {
94- if rs . Type != "cloudflare_zero_trust_access_mtls_hostname_settings" {
95- continue
96- }
98+ rnd := utils . GenerateRandomResourceName ()
99+ name := fmt . Sprintf ( "cloudflare_zero_trust_access_mtls_hostname_settings.%s" , rnd )
100+ domain := os . Getenv ( "CLOUDFLARE_DOMAIN" )
101+ zoneID := os . Getenv ( "CLOUDFLARE_ZONE_ID" )
97102
98- for _ , rs := range s .RootModule ().Resources {
99- certificates , _ := client .ZeroTrust .Access .Certificates .Get (context .Background (), rs .Primary .Attributes ["id" ], zero_trust.AccessCertificateGetParams {
100- AccountID : cfv2 .F (rs .Primary .Attributes [consts .AccountIDSchemaKey ]),
101- })
103+ resource .Test (t , resource.TestCase {
104+ PreCheck : func () {
105+ acctest .TestAccPreCheck (t )
106+ acctest .TestAccPreCheck_ZoneID (t )
107+ },
108+ ProtoV6ProviderFactories : acctest .TestAccProtoV6ProviderFactories ,
109+ Steps : []resource.TestStep {
110+ {
111+ Config : testAccessMutualTLSHostnameSettingsConfig (rnd , cfv1 .ZoneIdentifier (zoneID ), domain ),
112+ ConfigStateChecks : []statecheck.StateCheck {
113+ statecheck .ExpectKnownValue (name , tfjsonpath .New (consts .ZoneIDSchemaKey ), knownvalue .StringExact (zoneID )),
114+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("hostname" ), knownvalue .StringExact (domain )),
115+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("china_network" ), knownvalue .Bool (false )),
116+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("client_certificate_forwarding" ), knownvalue .Bool (true )),
117+ },
118+ },
119+ },
120+ })
121+ }
102122
103- if certificates != nil {
104- return fmt .Errorf ("access_mtls_hostname_settings still exists" )
105- }
106- }
123+ func TestAccCloudflareAccessMutualTLSHostnameSettings_MultipleHostnames (t * testing.T ) {
124+ // Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Access
125+ // service does not yet support the API tokens and it results in
126+ // misleading state error messages.
127+ if os .Getenv ("CLOUDFLARE_API_TOKEN" ) != "" {
128+ t .Setenv ("CLOUDFLARE_API_TOKEN" , "" )
107129 }
108130
109- return nil
131+ rnd := utils .GenerateRandomResourceName ()
132+ name := fmt .Sprintf ("cloudflare_zero_trust_access_mtls_hostname_settings.%s" , rnd )
133+ domain := os .Getenv ("CLOUDFLARE_DOMAIN" )
134+ accountID := os .Getenv ("CLOUDFLARE_ACCOUNT_ID" )
135+ secondHostname := fmt .Sprintf ("test.%s" , domain )
136+
137+ resource .Test (t , resource.TestCase {
138+ PreCheck : func () {
139+ acctest .TestAccPreCheck (t )
140+ acctest .TestAccPreCheck_AccountID (t )
141+ },
142+ ProtoV6ProviderFactories : acctest .TestAccProtoV6ProviderFactories ,
143+ Steps : []resource.TestStep {
144+ {
145+ Config : testAccessMutualTLSHostnameSettingsMultipleConfig (rnd , cfv1 .AccountIdentifier (accountID ), domain , secondHostname ),
146+ ConfigStateChecks : []statecheck.StateCheck {
147+ statecheck .ExpectKnownValue (name , tfjsonpath .New (consts .AccountIDSchemaKey ), knownvalue .StringExact (accountID )),
148+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("hostname" ), knownvalue .StringExact (domain )),
149+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("china_network" ), knownvalue .Bool (false )),
150+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("client_certificate_forwarding" ), knownvalue .Bool (true )),
151+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (1 ).AtMapKey ("hostname" ), knownvalue .StringExact (secondHostname )),
152+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (1 ).AtMapKey ("china_network" ), knownvalue .Bool (true )),
153+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (1 ).AtMapKey ("client_certificate_forwarding" ), knownvalue .Bool (false )),
154+ },
155+ },
156+ },
157+ })
158+ }
159+
160+ func TestAccCloudflareAccessMutualTLSHostnameSettings_Update (t * testing.T ) {
161+ // Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Access
162+ // service does not yet support the API tokens and it results in
163+ // misleading state error messages.
164+ if os .Getenv ("CLOUDFLARE_API_TOKEN" ) != "" {
165+ t .Setenv ("CLOUDFLARE_API_TOKEN" , "" )
166+ }
167+
168+ rnd := utils .GenerateRandomResourceName ()
169+ name := fmt .Sprintf ("cloudflare_zero_trust_access_mtls_hostname_settings.%s" , rnd )
170+ domain := os .Getenv ("CLOUDFLARE_DOMAIN" )
171+ accountID := os .Getenv ("CLOUDFLARE_ACCOUNT_ID" )
172+
173+ resource .Test (t , resource.TestCase {
174+ PreCheck : func () {
175+ acctest .TestAccPreCheck (t )
176+ acctest .TestAccPreCheck_AccountID (t )
177+ },
178+ ProtoV6ProviderFactories : acctest .TestAccProtoV6ProviderFactories ,
179+ Steps : []resource.TestStep {
180+ {
181+ Config : testAccessMutualTLSHostnameSettingsConfig (rnd , cfv1 .AccountIdentifier (accountID ), domain ),
182+ ConfigStateChecks : []statecheck.StateCheck {
183+ statecheck .ExpectKnownValue (name , tfjsonpath .New (consts .AccountIDSchemaKey ), knownvalue .StringExact (accountID )),
184+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("hostname" ), knownvalue .StringExact (domain )),
185+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("china_network" ), knownvalue .Bool (false )),
186+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("client_certificate_forwarding" ), knownvalue .Bool (true )),
187+ },
188+ },
189+ {
190+ Config : testAccessMutualTLSHostnameSettingsUpdatedConfig (rnd , cfv1 .AccountIdentifier (accountID ), domain ),
191+ ConfigStateChecks : []statecheck.StateCheck {
192+ statecheck .ExpectKnownValue (name , tfjsonpath .New (consts .AccountIDSchemaKey ), knownvalue .StringExact (accountID )),
193+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("hostname" ), knownvalue .StringExact (domain )),
194+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("china_network" ), knownvalue .Bool (true )),
195+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("client_certificate_forwarding" ), knownvalue .Bool (false )),
196+ },
197+ },
198+ },
199+ })
200+ }
201+
202+ func TestAccCloudflareAccessMutualTLSHostnameSettings_BooleanCombinations (t * testing.T ) {
203+ // Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Access
204+ // service does not yet support the API tokens and it results in
205+ // misleading state error messages.
206+ if os .Getenv ("CLOUDFLARE_API_TOKEN" ) != "" {
207+ t .Setenv ("CLOUDFLARE_API_TOKEN" , "" )
208+ }
209+
210+ rnd := utils .GenerateRandomResourceName ()
211+ name := fmt .Sprintf ("cloudflare_zero_trust_access_mtls_hostname_settings.%s" , rnd )
212+ domain := os .Getenv ("CLOUDFLARE_DOMAIN" )
213+ accountID := os .Getenv ("CLOUDFLARE_ACCOUNT_ID" )
214+
215+ resource .Test (t , resource.TestCase {
216+ PreCheck : func () {
217+ acctest .TestAccPreCheck (t )
218+ acctest .TestAccPreCheck_AccountID (t )
219+ },
220+ ProtoV6ProviderFactories : acctest .TestAccProtoV6ProviderFactories ,
221+ Steps : []resource.TestStep {
222+ {
223+ // Test all false values
224+ Config : testAccessMutualTLSHostnameSettingsBooleanConfig (rnd , cfv1 .AccountIdentifier (accountID ), domain , false , false ),
225+ ConfigStateChecks : []statecheck.StateCheck {
226+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("china_network" ), knownvalue .Bool (false )),
227+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("client_certificate_forwarding" ), knownvalue .Bool (false )),
228+ },
229+ },
230+ {
231+ // Test all true values
232+ Config : testAccessMutualTLSHostnameSettingsBooleanConfig (rnd , cfv1 .AccountIdentifier (accountID ), domain , true , true ),
233+ ConfigStateChecks : []statecheck.StateCheck {
234+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("china_network" ), knownvalue .Bool (true )),
235+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("client_certificate_forwarding" ), knownvalue .Bool (true )),
236+ },
237+ },
238+ {
239+ // Test mixed values
240+ Config : testAccessMutualTLSHostnameSettingsBooleanConfig (rnd , cfv1 .AccountIdentifier (accountID ), domain , true , false ),
241+ ConfigStateChecks : []statecheck.StateCheck {
242+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("china_network" ), knownvalue .Bool (true )),
243+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("client_certificate_forwarding" ), knownvalue .Bool (false )),
244+ },
245+ },
246+ },
247+ })
248+ }
249+
250+ func TestAccCloudflareAccessMutualTLSHostnameSettings_Import (t * testing.T ) {
251+ // Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Access
252+ // service does not yet support the API tokens and it results in
253+ // misleading state error messages.
254+ if os .Getenv ("CLOUDFLARE_API_TOKEN" ) != "" {
255+ t .Setenv ("CLOUDFLARE_API_TOKEN" , "" )
256+ }
257+
258+ rnd := utils .GenerateRandomResourceName ()
259+ name := fmt .Sprintf ("cloudflare_zero_trust_access_mtls_hostname_settings.%s" , rnd )
260+ domain := os .Getenv ("CLOUDFLARE_DOMAIN" )
261+ accountID := os .Getenv ("CLOUDFLARE_ACCOUNT_ID" )
262+
263+ resource .Test (t , resource.TestCase {
264+ PreCheck : func () {
265+ acctest .TestAccPreCheck (t )
266+ acctest .TestAccPreCheck_AccountID (t )
267+ },
268+ ProtoV6ProviderFactories : acctest .TestAccProtoV6ProviderFactories ,
269+ Steps : []resource.TestStep {
270+ {
271+ Config : testAccessMutualTLSHostnameSettingsConfig (rnd , cfv1 .AccountIdentifier (accountID ), domain ),
272+ ConfigStateChecks : []statecheck.StateCheck {
273+ statecheck .ExpectKnownValue (name , tfjsonpath .New (consts .AccountIDSchemaKey ), knownvalue .StringExact (accountID )),
274+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("hostname" ), knownvalue .StringExact (domain )),
275+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("china_network" ), knownvalue .Bool (false )),
276+ statecheck .ExpectKnownValue (name , tfjsonpath .New ("settings" ).AtSliceIndex (0 ).AtMapKey ("client_certificate_forwarding" ), knownvalue .Bool (true )),
277+ },
278+ },
279+ {
280+ ResourceName : name ,
281+ ImportState : true ,
282+ ImportStateVerify : true ,
283+ ImportStateId : accountID ,
284+ },
285+ },
286+ })
110287}
111288
112289func testAccessMutualTLSHostnameSettingsConfig (rnd string , identifier * cfv1.ResourceContainer , domain string ) string {
113290 return acctest .LoadTestCase ("accessmutualtlshostnamesettingsconfig.tf" , rnd , identifier .Type , identifier .Identifier , domain )
114291}
292+
293+ func testAccessMutualTLSHostnameSettingsMultipleConfig (rnd string , identifier * cfv1.ResourceContainer , domain , secondHostname string ) string {
294+ return fmt .Sprintf (`
295+ resource "cloudflare_zero_trust_access_mtls_hostname_settings" "%[1]s" {
296+ %[2]s_id = "%[3]s"
297+ settings = [
298+ {
299+ hostname = "%[4]s"
300+ client_certificate_forwarding = true
301+ china_network = false
302+ },
303+ {
304+ hostname = "%[5]s"
305+ client_certificate_forwarding = false
306+ china_network = true
307+ }
308+ ]
309+ }
310+ ` , rnd , identifier .Type , identifier .Identifier , domain , secondHostname )
311+ }
312+
313+ func testAccessMutualTLSHostnameSettingsUpdatedConfig (rnd string , identifier * cfv1.ResourceContainer , domain string ) string {
314+ return fmt .Sprintf (`
315+ resource "cloudflare_zero_trust_access_mtls_hostname_settings" "%[1]s" {
316+ %[2]s_id = "%[3]s"
317+ settings = [{
318+ hostname = "%[4]s"
319+ client_certificate_forwarding = false
320+ china_network = true
321+ }]
322+ }
323+ ` , rnd , identifier .Type , identifier .Identifier , domain )
324+ }
325+
326+ func testAccessMutualTLSHostnameSettingsBooleanConfig (rnd string , identifier * cfv1.ResourceContainer , domain string , chinaNetwork , clientCertForwarding bool ) string {
327+ return fmt .Sprintf (`
328+ resource "cloudflare_zero_trust_access_mtls_hostname_settings" "%[1]s" {
329+ %[2]s_id = "%[3]s"
330+ settings = [{
331+ hostname = "%[4]s"
332+ client_certificate_forwarding = %[5]t
333+ china_network = %[6]t
334+ }]
335+ }
336+ ` , rnd , identifier .Type , identifier .Identifier , domain , clientCertForwarding , chinaNetwork )
337+ }
0 commit comments