From d964ad4b072e92e177675547470a4f5faec61336 Mon Sep 17 00:00:00 2001 From: Justin Lu Date: Sat, 7 Sep 2024 12:33:26 -0700 Subject: [PATCH 1/2] add support for custom_s2s posture integration, rule, and documentation --- .changelog/3912.txt | 7 +++++++ docs/data-sources/device_posture_rules.md | 2 +- docs/resources/device_posture_integration.md | 2 +- docs/resources/device_posture_rule.md | 3 ++- .../zero_trust_device_posture_integration.md | 2 +- docs/resources/zero_trust_device_posture_rule.md | 3 ++- ...esource_cloudflare_device_posture_integration.go | 13 +++++++++++++ .../resource_cloudflare_device_posture_rule.go | 4 ++++ .../schema_cloudflare_device_posture_integration.go | 2 +- .../schema_cloudflare_device_posture_rule.go | 7 ++++++- 10 files changed, 38 insertions(+), 7 deletions(-) create mode 100644 .changelog/3912.txt diff --git a/.changelog/3912.txt b/.changelog/3912.txt new file mode 100644 index 0000000000..d7e249367f --- /dev/null +++ b/.changelog/3912.txt @@ -0,0 +1,7 @@ +```release-note:enhancement +resource/cloudflare_device_posture_integration: add support for managing `custom_s2s` third party posture provider. +``` + +```release-note:enhancement +resource/cloudflare_device_posture_rule: add ability to create custom_s2s posture rule +``` \ No newline at end of file diff --git a/docs/data-sources/device_posture_rules.md b/docs/data-sources/device_posture_rules.md index 963ef3ba3b..bce0c1c251 100644 --- a/docs/data-sources/device_posture_rules.md +++ b/docs/data-sources/device_posture_rules.md @@ -28,7 +28,7 @@ data "cloudflare_device_posture_rules" "example" { ### Optional - `name` (String) Name of the Device Posture Rule. -- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`. +- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`, `custom_s2s`. ### Read-Only diff --git a/docs/resources/device_posture_integration.md b/docs/resources/device_posture_integration.md index b1848b3844..e736293396 100644 --- a/docs/resources/device_posture_integration.md +++ b/docs/resources/device_posture_integration.md @@ -36,7 +36,7 @@ resource "cloudflare_device_posture_integration" "example" { - `account_id` (String) The account identifier to target for the resource. - `name` (String) Name of the device posture integration. -- `type` (String) The device posture integration type. Available values: `workspace_one`, `uptycs`, `crowdstrike_s2s`, `intune`, `kolide`, `sentinelone_s2s`, `tanium_s2s`. +- `type` (String) The device posture integration type. Available values: `workspace_one`, `uptycs`, `crowdstrike_s2s`, `intune`, `kolide`, `sentinelone_s2s`, `tanium_s2s`, `custom_s2s`. ### Optional diff --git a/docs/resources/device_posture_rule.md b/docs/resources/device_posture_rule.md index a1a0edcc34..399b926f06 100644 --- a/docs/resources/device_posture_rule.md +++ b/docs/resources/device_posture_rule.md @@ -40,7 +40,7 @@ resource "cloudflare_device_posture_rule" "eaxmple" { ### Required - `account_id` (String) The account identifier to target for the resource. -- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`. +- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`, `custom_s2s`. ### Optional @@ -90,6 +90,7 @@ Optional: - `require_all` (Boolean) True if all drives must be encrypted. - `risk_level` (String) The risk level from Tanium. Available values: `low`, `medium`, `high`, `critical`. - `running` (Boolean) Checks if the application should be running. +- `score` (Number) A value between 0-100 assigned to devices set by the 3rd party posture provider for custom device posture integrations. - `sensor_config` (String) Sensor signal score from Crowdstrike. Value must be between 1 and 100. - `sha256` (String) The sha256 hash of the file. - `state` (String) The host’s current online status from Crowdstrike. Available values: `online`, `offline`, `unknown`. diff --git a/docs/resources/zero_trust_device_posture_integration.md b/docs/resources/zero_trust_device_posture_integration.md index e930109d5a..be05e4ae98 100644 --- a/docs/resources/zero_trust_device_posture_integration.md +++ b/docs/resources/zero_trust_device_posture_integration.md @@ -36,7 +36,7 @@ resource "cloudflare_zero_trust_device_posture_integration" "example" { - `account_id` (String) The account identifier to target for the resource. - `name` (String) Name of the device posture integration. -- `type` (String) The device posture integration type. Available values: `workspace_one`, `uptycs`, `crowdstrike_s2s`, `intune`, `kolide`, `sentinelone_s2s`, `tanium_s2s`. +- `type` (String) The device posture integration type. Available values: `workspace_one`, `uptycs`, `crowdstrike_s2s`, `intune`, `kolide`, `sentinelone_s2s`, `tanium_s2s`, `custom_s2s`. ### Optional diff --git a/docs/resources/zero_trust_device_posture_rule.md b/docs/resources/zero_trust_device_posture_rule.md index 03ed9341ae..1fc34b0dbb 100644 --- a/docs/resources/zero_trust_device_posture_rule.md +++ b/docs/resources/zero_trust_device_posture_rule.md @@ -40,7 +40,7 @@ resource "cloudflare_zero_trust_device_posture_rule" "eaxmple" { ### Required - `account_id` (String) The account identifier to target for the resource. -- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`. +- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`, `custom_s2s`. ### Optional @@ -90,6 +90,7 @@ Optional: - `require_all` (Boolean) True if all drives must be encrypted. - `risk_level` (String) The risk level from Tanium. Available values: `low`, `medium`, `high`, `critical`. - `running` (Boolean) Checks if the application should be running. +- `score` (Number) A value between 0-100 assigned to devices set by the 3rd party posture provider for custom device posture integrations. - `sensor_config` (String) Sensor signal score from Crowdstrike. Value must be between 1 and 100. - `sha256` (String) The sha256 hash of the file. - `state` (String) The host’s current online status from Crowdstrike. Available values: `online`, `offline`, `unknown`. diff --git a/internal/sdkv2provider/resource_cloudflare_device_posture_integration.go b/internal/sdkv2provider/resource_cloudflare_device_posture_integration.go index 49bd0eb047..dd3ecbed44 100644 --- a/internal/sdkv2provider/resource_cloudflare_device_posture_integration.go +++ b/internal/sdkv2provider/resource_cloudflare_device_posture_integration.go @@ -22,6 +22,7 @@ const ( kolide = "kolide" sentinelone = "sentinelone_s2s" tanium = "tanium_s2s" + customs2s = "custom_s2s" ) func resourceCloudflareDevicePostureIntegration() *schema.Resource { @@ -273,6 +274,18 @@ func setDevicePostureIntegrationConfig(integration *cloudflare.DevicePostureInte return fmt.Errorf("access_client_secret has to be of type string") } integration.Config = config + case customs2s: + if config.ApiUrl, ok = d.Get("config.0.api_url").(string); !ok { + return fmt.Errorf("api_url has to be of type string") + } + if config.AccessClientID, ok = d.Get("config.0.access_client_id").(string); !ok { + return fmt.Errorf("access_client_id has to be of type string") + } + if config.AccessClientSecret, ok = d.Get("config.0.access_client_secret").(string); !ok { + return fmt.Errorf("access_client_secret has to be of type string") + } + integration.Config = config + default: return fmt.Errorf("unsupported integration type:%s", integration.Type) } diff --git a/internal/sdkv2provider/resource_cloudflare_device_posture_rule.go b/internal/sdkv2provider/resource_cloudflare_device_posture_rule.go index 815cded771..075606aa08 100644 --- a/internal/sdkv2provider/resource_cloudflare_device_posture_rule.go +++ b/internal/sdkv2provider/resource_cloudflare_device_posture_rule.go @@ -293,6 +293,9 @@ func setDevicePostureRuleInput(rule *cloudflare.DevicePostureRule, d *schema.Res if locations, ok := d.GetOk("input.0.locations"); ok { input.Locations = locations.(cloudflare.CertificateLocations) } + if score, ok := d.GetOk("input.0.score"); ok { + input.Score = score.(int) + } rule.Input = input } } @@ -380,6 +383,7 @@ func convertInputToSchema(input cloudflare.DevicePostureRuleInput) []map[string] "check_private_key": input.CheckPrivateKey, "extended_key_usage": input.ExtendedKeyUsage, "locations": formatLocationsToSchema, + "score": input.Score, } return []map[string]interface{}{m} diff --git a/internal/sdkv2provider/schema_cloudflare_device_posture_integration.go b/internal/sdkv2provider/schema_cloudflare_device_posture_integration.go index 9159fdf29a..ea3590f4bf 100644 --- a/internal/sdkv2provider/schema_cloudflare_device_posture_integration.go +++ b/internal/sdkv2provider/schema_cloudflare_device_posture_integration.go @@ -24,7 +24,7 @@ func resourceCloudflareDevicePostureIntegrationSchema() map[string]*schema.Schem Type: schema.TypeString, Required: true, ValidateFunc: validation.StringInSlice([]string{ws1, uptycs, crowdstrike, intune, kolide, sentinelone}, false), - Description: fmt.Sprintf("The device posture integration type. %s", renderAvailableDocumentationValuesStringSlice([]string{ws1, uptycs, crowdstrike, intune, kolide, sentinelone, tanium})), + Description: fmt.Sprintf("The device posture integration type. %s", renderAvailableDocumentationValuesStringSlice([]string{ws1, uptycs, crowdstrike, intune, kolide, sentinelone, tanium, customs2s})), }, "identifier": { Type: schema.TypeString, diff --git a/internal/sdkv2provider/schema_cloudflare_device_posture_rule.go b/internal/sdkv2provider/schema_cloudflare_device_posture_rule.go index 89d7a5acae..7e68c5f487 100644 --- a/internal/sdkv2provider/schema_cloudflare_device_posture_rule.go +++ b/internal/sdkv2provider/schema_cloudflare_device_posture_rule.go @@ -9,7 +9,7 @@ import ( "github.com/cloudflare/terraform-provider-cloudflare/internal/consts" ) -var devicePostureRuleTypes = []string{"serial_number", "file", "application", "gateway", "warp", "domain_joined", "os_version", "disk_encryption", "firewall", "client_certificate", "client_certificate_v2", "workspace_one", "unique_client_id", "crowdstrike_s2s", "sentinelone", "kolide", "tanium_s2s", "intune", "sentinelone_s2s"} +var devicePostureRuleTypes = []string{"serial_number", "file", "application", "gateway", "warp", "domain_joined", "os_version", "disk_encryption", "firewall", "client_certificate", "client_certificate_v2", "workspace_one", "unique_client_id", "crowdstrike_s2s", "sentinelone", "kolide", "tanium_s2s", "intune", "sentinelone_s2s", "custom_s2s"} func resourceCloudflareDevicePostureRuleSchema() map[string]*schema.Schema { return map[string]*schema.Schema{ @@ -289,6 +289,11 @@ func resourceCloudflareDevicePostureRuleSchema() map[string]*schema.Schema { Optional: true, Description: "List of operating system locations to check for a client certificate..", }, + "score": { + Type: schema.TypeInt, + Optional: true, + Description: "A value between 0-100 assigned to devices set by the 3rd party posture provider for custom device posture integrations.", + }, }, }, }, From 34cf69d5f6e38b7bc15a03eff33a38301d316634 Mon Sep 17 00:00:00 2001 From: Justin Lu Date: Wed, 18 Sep 2024 15:26:03 +0100 Subject: [PATCH 2/2] correct change log --- .changelog/{3912.txt => 3917.txt} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .changelog/{3912.txt => 3917.txt} (100%) diff --git a/.changelog/3912.txt b/.changelog/3917.txt similarity index 100% rename from .changelog/3912.txt rename to .changelog/3917.txt