Add connection rules access policy acc test

cloudflare · Sep 26, 2024 · 6a2dc7f · 6a2dc7f
1 parent 02030c0
commit 6a2dc7f
Showing 1 changed file with 56 additions and 0 deletions.
diff --git a/internal/sdkv2provider/resource_cloudflare_access_policy_test.go b/internal/sdkv2provider/resource_cloudflare_access_policy_test.go
@@ -972,6 +972,62 @@ func testAccessPolicyExternalEvalautionConfig(resourceID, zone, accountID string
   `, resourceID, zone, accountID)
 }
 
+func TestAccCloudflareAccessPolicy_ConnectionRules(t *testing.T) {
+	rnd := generateRandomResourceName()
+	name := "cloudflare_access_policy." + rnd
+	zone := os.Getenv("CLOUDFLARE_DOMAIN")
+	accountID := os.Getenv("CLOUDFLARE_ACCOUNT_ID")
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+			testAccPreCheckAccount(t)
+		},
+		ProviderFactories: providerFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccessPolicyConnectionRulesConfig(rnd, zone, accountID),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(name, "name", rnd),
+					resource.TestCheckResourceAttr(name, consts.AccountIDSchemaKey, accountID),
+					resource.TestCheckResourceAttr(name, "connection_rules.ssh.usernames.0", "ec2-user"),
+					resource.TestCheckResourceAttr(name, "include.0.email.0", "[email protected]"),
+				),
+			},
+		},
+	})
+}
+
+func testAccessPolicyConnectionRulesConfig(resourceID, zone, accountID string) string {
+	return fmt.Sprintf(`
+    resource "cloudflare_zero_trust_access_application" "%[1]s" {
+      name       = "%[1]s"
+	  type 		 = "infrastructure"
+      account_id = "%[3]s"
+      domain     = "%[1]s.%[2]s"
+    }
+
+    resource "cloudflare_access_policy" "%[1]s" {
+      application_id = cloudflare_zero_trust_access_application.%[1]s.id
+      name           = "%[1]s"
+      account_id     = "%[3]s"
+      decision       = "allow"
+      precedence     = "1"
+	  connection_rules = {
+		ssh = {
+		  usernames = [ "ec2-user" ]
+		}
+      }
+      include {
+		[{
+		  email = ["[email protected]"]
+		}]
+      }
+    }
+
+  `, resourceID, zone, accountID)
+}
+
 func TestAccCloudflareAccessPolicy_IsolationRequired(t *testing.T) {
 	rnd := generateRandomResourceName()
 	name := "cloudflare_access_policy." + rnd