Merge pull request #4077 from SaiDadireddy/sdadireddy/infrastructure-…

…access Add terraform resource and data source for Infrastructure Access Target
cloudflare · Sep 26, 2024 · a7fd46e · a7fd46e
2 parents 830db32 + 94a8bef
commit a7fd46e
Show file tree

Hide file tree

Showing 10 changed files with 970 additions and 0 deletions.
diff --git a/.changelog/4077.txt b/.changelog/4077.txt
@@ -0,0 +1,7 @@
+```release-note:new-datasource
+cloudflare_infrastructure_access_targets
+```
+
+```release-note:new-resource
+cloudflare_infrastructure_access_target
+```
diff --git a/docs/data-sources/infrastructure_access_targets.md b/docs/data-sources/infrastructure_access_targets.md
@@ -0,0 +1,74 @@
+---
+page_title: "cloudflare_infrastructure_access_targets Data Source - Cloudflare"
+subcategory: ""
+description: |-
+  Use this data source to retrieve all Infrastructure Access Targets.
+---
+
+# cloudflare_infrastructure_access_targets (Data Source)
+
+Use this data source to retrieve all Infrastructure Access Targets.
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `account_id` (String) The account identifier to target for the resource.
+
+### Optional
+
+- `created_after` (String) A date and time after a target was created to filter on.
+- `hostname` (String) The name of the app type.
+- `hostname_contains` (String) The name of the app type.
+- `ipv4` (String) The name of the app type.
+- `ipv6` (String) The name of the app type.
+- `modified_after` (String) A date and time after a target was modified to filter on.
+- `virtual_network_id` (String) The name of the app type.
+
+### Read-Only
+
+- `targets` (Attributes List) (see [below for nested schema](#nestedatt--targets))
+
+<a id="nestedatt--targets"></a>
+### Nested Schema for `targets`
+
+Required:
+
+- `ip` (Attributes) The IPv4/IPv6 address that identifies where to reach a target. (see [below for nested schema](#nestedatt--targets--ip))
+
+Read-Only:
+
+- `account_id` (String) The account identifier to target for the resource.
+- `created_at` (String) The date and time at which the target was created.
+- `hostname` (String) A non-unique field that refers to a target.
+- `id` (String) The identifier of this resource. This is target's unique identifier.
+- `modified_at` (String) The date and time at which the target was last modified.
+
+<a id="nestedatt--targets--ip"></a>
+### Nested Schema for `targets.ip`
+
+Optional:
+
+- `ipv4` (Attributes) The target's IPv4 address. (see [below for nested schema](#nestedatt--targets--ip--ipv4))
+- `ipv6` (Attributes) The target's IPv6 address. (see [below for nested schema](#nestedatt--targets--ip--ipv6))
+
+<a id="nestedatt--targets--ip--ipv4"></a>
+### Nested Schema for `targets.ip.ipv4`
+
+Required:
+
+- `ip_addr` (String) The IP address of the target.
+- `virtual_network_id` (String) The private virtual network identifier for the target.
+
+
+<a id="nestedatt--targets--ip--ipv6"></a>
+### Nested Schema for `targets.ip.ipv6`
+
+Required:
+
+- `ip_addr` (String) The IP address of the target.
+- `virtual_network_id` (String) The private virtual network identifier for the target.
+
+
diff --git a/docs/resources/infrastructure_access_target.md b/docs/resources/infrastructure_access_target.md
@@ -0,0 +1,53 @@
+---
+page_title: "cloudflare_infrastructure_access_target Resource - Cloudflare"
+subcategory: ""
+description: |-
+  The Infrastructure Access Target https://developers.cloudflare.com/cloudflare-one/insights/risk-score/ resource allows you to configure Cloudflare Risk Behaviors for an account.
+---
+
+# cloudflare_infrastructure_access_target (Resource)
+
+The [Infrastructure Access Target](https://developers.cloudflare.com/cloudflare-one/insights/risk-score/) resource allows you to configure Cloudflare Risk Behaviors for an account.
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `account_id` (String) The account identifier to target for the resource.
+- `hostname` (String) A non-unique field that refers to a target.
+- `ip` (Attributes) The IPv4/IPv6 address that identifies where to reach a target. (see [below for nested schema](#nestedatt--ip))
+
+### Read-Only
+
+- `created_at` (String) The date and time at which the target was created.
+- `id` (String) The identifier of this resource.
+- `modified_at` (String) The date and time at which the target was last modified.
+
+<a id="nestedatt--ip"></a>
+### Nested Schema for `ip`
+
+Optional:
+
+- `ipv4` (Attributes) The target's IPv4 address. (see [below for nested schema](#nestedatt--ip--ipv4))
+- `ipv6` (Attributes) The target's IPv6 address. (see [below for nested schema](#nestedatt--ip--ipv6))
+
+<a id="nestedatt--ip--ipv4"></a>
+### Nested Schema for `ip.ipv4`
+
+Required:
+
+- `ip_addr` (String) The IP address of the target.
+- `virtual_network_id` (String) The private virtual network identifier for the target.
+
+
+<a id="nestedatt--ip--ipv6"></a>
+### Nested Schema for `ip.ipv6`
+
+Required:
+
+- `ip_addr` (String) The IP address of the target.
+- `virtual_network_id` (String) The private virtual network identifier for the target.
+
+
diff --git a/internal/framework/provider/provider.go b/internal/framework/provider/provider.go
@@ -26,6 +26,7 @@ import (
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/gateway_app_types"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/gateway_categories"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/hyperdrive_config"
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/infrastructure_access_target"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/list_item"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/origin_ca_certificate"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/service/r2_bucket"
@@ -381,6 +382,7 @@ func (p *CloudflareProvider) Resources(ctx context.Context) []func() resource.Re
 		workers_for_platforms_dispatch_namespace_deprecated.NewResource,
 		workers_for_platforms_dispatch_namespace.NewResource,
 		zero_trust_risk_score_integration.NewResource,
+		infrastructure_access_target.NewResource,
 	}
 }
 
@@ -393,6 +395,7 @@ func (p *CloudflareProvider) DataSources(ctx context.Context) []func() datasourc
 		gateway_categories.NewDataSource,
 		gateway_app_types.NewDataSource,
 		dcv_delegation.NewDataSource,
+		infrastructure_access_target.NewDataSource,
 	}
 }
 

diff --git a/internal/framework/service/infrastructure_access_target/data_source.go b/internal/framework/service/infrastructure_access_target/data_source.go
@@ -0,0 +1,90 @@
+package infrastructure_access_target
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/cloudflare/cloudflare-go"
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/framework/muxclient"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+var _ datasource.DataSource = &InfrastructureAccessTargetDataSource{}
+
+func NewDataSource() datasource.DataSource {
+	return &InfrastructureAccessTargetDataSource{}
+}
+
+type InfrastructureAccessTargetDataSource struct {
+	client *muxclient.Client
+}
+
+func (d *InfrastructureAccessTargetDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_infrastructure_access_targets"
+}
+
+func (d *InfrastructureAccessTargetDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*muxclient.Client)
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected resource configure type",
+			fmt.Sprintf("Expected *muxclient.Client, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+		return
+	}
+
+	d.client = client
+}
+
+func (d *InfrastructureAccessTargetDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var data *InfrastructureAccessTargetsModel
+
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	accountId := data.AccountID.ValueString()
+	if accountId == "" {
+		resp.Diagnostics.AddError("failed to update infrastructure access target", "account id cannot be an empty string")
+		return
+	}
+	params := cloudflare.InfrastructureAccessTargetListParams{
+		Hostname:         data.Hostname.ValueString(),
+		HostnameContains: data.HostnameContains.ValueString(),
+		IPV4:             data.IPV4.ValueString(),
+		IPV6:             data.IPV6.ValueString(),
+		CreatedAfter:     data.CreatedAfter.ValueString(),
+		ModifedAfter:     data.ModifiedAfter.ValueString(),
+		VirtualNetworkId: data.VirtualNetworkId.ValueString(),
+	}
+
+	allTargets, _, err := d.client.V1.ListInfrastructureAccessTargets(ctx, cloudflare.AccountIdentifier(accountId), params)
+	if err != nil {
+		resp.Diagnostics.AddError("failed to fetch Infrastructure Access Targets: %w", err.Error())
+		return
+	}
+	if len(allTargets) == 0 {
+		resp.Diagnostics.AddError("failed to fetch Infrastructure Access Targets", "no Infrastructure Access Targets matching given query parameters")
+	}
+
+	var targets []InfrastructureAccessTargetModel
+	for _, target := range allTargets {
+		targets = append(targets, InfrastructureAccessTargetModel{
+			AccountID:  types.StringValue(accountId),
+			Hostname:   types.StringValue(target.Hostname),
+			ID:         types.StringValue(target.ID),
+			IP:         convertIPInfoToBaseTypeObject(target.IP),
+			CreatedAt:  types.StringValue(target.CreatedAt),
+			ModifiedAt: types.StringValue(target.ModifiedAt),
+		})
+	}
+
+	data.Targets = targets
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
diff --git a/internal/framework/service/infrastructure_access_target/data_source_test.go b/internal/framework/service/infrastructure_access_target/data_source_test.go
@@ -0,0 +1,54 @@
+package infrastructure_access_target_test
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/acctest"
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/utils"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+func TestAccCloudflareInfrastructureAccessTarget_DataSource(t *testing.T) {
+	rnd1 := utils.GenerateRandomResourceName()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { acctest.TestAccPreCheck(t) },
+		ProtoV6ProviderFactories: acctest.TestAccProtoV6ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testCloudflareInfrastructureTargetsMatchNoIpv6(rnd1),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.cloudflare_infrastructure_access_targets."+rnd1, "targets.#", "1"),
+					resource.TestCheckNoResourceAttr("data.cloudflare_infrastructure_access_targets."+rnd1, "ip.ipv6"),
+
+					resource.TestCheckResourceAttr("cloudflare_infrastructure_access_target."+rnd1, "hostname", rnd1),
+					resource.TestCheckResourceAttr("cloudflare_infrastructure_access_target."+rnd1, "ip.ipv4.ip_addr", "250.26.29.250"),
+					resource.TestCheckResourceAttr("cloudflare_infrastructure_access_target."+rnd1, "ip.ipv4.virtual_network_id", "b9c90134-52de-4903-81e8-004a3a06b435"),
+				),
+			},
+		},
+	})
+}
+
+func testCloudflareInfrastructureTargetsMatchNoIpv6(hostname string) string {
+	accountID := os.Getenv("CLOUDFLARE_ACCOUNT_ID")
+	return fmt.Sprintf(`
+resource "cloudflare_infrastructure_access_target" "%[2]s" {
+	account_id = "%[1]s"
+	hostname   = "%[2]s"
+	ip = {
+		ipv4 = {
+           ip_addr = "250.26.29.250",
+           virtual_network_id = "b9c90134-52de-4903-81e8-004a3a06b435"
+        }
+	}
+}
+
+data "cloudflare_infrastructure_access_targets" "%[2]s" {
+	depends_on =  [cloudflare_infrastructure_access_target.%[2]s]
+	account_id = "%[1]s"
+}
+`, accountID, hostname)
+}
diff --git a/internal/framework/service/infrastructure_access_target/model.go b/internal/framework/service/infrastructure_access_target/model.go
@@ -0,0 +1,36 @@
+package infrastructure_access_target
+
+import (
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+type InfrastructureAccessTargetModel struct {
+	AccountID  types.String `tfsdk:"account_id"`
+	Hostname   types.String `tfsdk:"hostname"`
+	ID         types.String `tfsdk:"id"`
+	IP         types.Object `tfsdk:"ip"`
+	CreatedAt  types.String `tfsdk:"created_at"`
+	ModifiedAt types.String `tfsdk:"modified_at"`
+}
+
+type InfrastructureAccessTargetIPInfoModel struct {
+	IPV4 types.Object `tfsdk:"ipv4"`
+	IPV6 types.Object `tfsdk:"ipv6"`
+}
+
+type InfrastructureAccessTargetIPDetailsModel struct {
+	IPAddr           types.String `tfsdk:"ip_addr"`
+	VirtualNetworkId types.String `tfsdk:"virtual_network_id"`
+}
+
+type InfrastructureAccessTargetsModel struct {
+	AccountID        types.String                      `tfsdk:"account_id"`
+	Hostname         types.String                      `tfsdk:"hostname"`
+	HostnameContains types.String                      `tfsdk:"hostname_contains"`
+	IPV4             types.String                      `tfsdk:"ipv4"`
+	IPV6             types.String                      `tfsdk:"ipv6"`
+	VirtualNetworkId types.String                      `tfsdk:"virtual_network_id"`
+	CreatedAfter     types.String                      `tfsdk:"created_after"`
+	ModifiedAfter    types.String                      `tfsdk:"modified_after"`
+	Targets          []InfrastructureAccessTargetModel `tfsdk:"targets"`
+}