cloudflare · jacobbednarz · Sep 25, 2024 · Sep 7, 2024 · Sep 18, 2024
@@ -0,0 +1,7 @@
+```release-note:enhancement
+resource/cloudflare_device_posture_integration: add support for managing `custom_s2s` third party posture provider.
+```
+
+```release-note:enhancement
+resource/cloudflare_device_posture_rule: add ability to create custom_s2s posture rule
+```
@@ -28,7 +28,7 @@ data "cloudflare_device_posture_rules" "example" {
 ### Optional
 
 - `name` (String) Name of the Device Posture Rule.
-- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`.
+- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`, `custom_s2s`.
 
 ### Read-Only
 

@@ -36,7 +36,7 @@ resource "cloudflare_device_posture_integration" "example" {
 
 - `account_id` (String) The account identifier to target for the resource.
 - `name` (String) Name of the device posture integration.
-- `type` (String) The device posture integration type. Available values: `workspace_one`, `uptycs`, `crowdstrike_s2s`, `intune`, `kolide`, `sentinelone_s2s`, `tanium_s2s`.
+- `type` (String) The device posture integration type. Available values: `workspace_one`, `uptycs`, `crowdstrike_s2s`, `intune`, `kolide`, `sentinelone_s2s`, `tanium_s2s`, `custom_s2s`.
 
 ### Optional
 

@@ -40,7 +40,7 @@ resource "cloudflare_device_posture_rule" "eaxmple" {
 ### Required
 
 - `account_id` (String) The account identifier to target for the resource.
-- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`.
+- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`, `custom_s2s`.
 
 ### Optional
 
@@ -90,6 +90,7 @@ Optional:
 - `require_all` (Boolean) True if all drives must be encrypted.
 - `risk_level` (String) The risk level from Tanium. Available values: `low`, `medium`, `high`, `critical`.
 - `running` (Boolean) Checks if the application should be running.
+- `score` (Number) A value between 0-100 assigned to devices set by the 3rd party posture provider for custom device posture integrations.
 - `sensor_config` (String) Sensor signal score from Crowdstrike. Value must be between 1 and 100.
 - `sha256` (String) The sha256 hash of the file.
 - `state` (String) The host’s current online status from Crowdstrike. Available values: `online`, `offline`, `unknown`.

@@ -36,7 +36,7 @@ resource "cloudflare_zero_trust_device_posture_integration" "example" {
 
 - `account_id` (String) The account identifier to target for the resource.
 - `name` (String) Name of the device posture integration.
-- `type` (String) The device posture integration type. Available values: `workspace_one`, `uptycs`, `crowdstrike_s2s`, `intune`, `kolide`, `sentinelone_s2s`, `tanium_s2s`.
+- `type` (String) The device posture integration type. Available values: `workspace_one`, `uptycs`, `crowdstrike_s2s`, `intune`, `kolide`, `sentinelone_s2s`, `tanium_s2s`, `custom_s2s`.
 
 ### Optional
 

@@ -40,7 +40,7 @@ resource "cloudflare_zero_trust_device_posture_rule" "eaxmple" {
 ### Required
 
 - `account_id` (String) The account identifier to target for the resource.
-- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`.
+- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`, `custom_s2s`.
 
 ### Optional
 
@@ -90,6 +90,7 @@ Optional:
 - `require_all` (Boolean) True if all drives must be encrypted.
 - `risk_level` (String) The risk level from Tanium. Available values: `low`, `medium`, `high`, `critical`.
 - `running` (Boolean) Checks if the application should be running.
+- `score` (Number) A value between 0-100 assigned to devices set by the 3rd party posture provider for custom device posture integrations.
 - `sensor_config` (String) Sensor signal score from Crowdstrike. Value must be between 1 and 100.
 - `sha256` (String) The sha256 hash of the file.
 - `state` (String) The host’s current online status from Crowdstrike. Available values: `online`, `offline`, `unknown`.

@@ -22,6 +22,7 @@ const (
 	kolide      = "kolide"
 	sentinelone = "sentinelone_s2s"
 	tanium      = "tanium_s2s"
+	customs2s   = "custom_s2s"
 )
 
 func resourceCloudflareDevicePostureIntegration() *schema.Resource {
@@ -273,6 +274,18 @@ func setDevicePostureIntegrationConfig(integration *cloudflare.DevicePostureInte
 				return fmt.Errorf("access_client_secret has to be of type string")
 			}
 			integration.Config = config
+		case customs2s:
+			if config.ApiUrl, ok = d.Get("config.0.api_url").(string); !ok {
+				return fmt.Errorf("api_url has to be of type string")
+			}
+			if config.AccessClientID, ok = d.Get("config.0.access_client_id").(string); !ok {
+				return fmt.Errorf("access_client_id has to be of type string")
+			}
+			if config.AccessClientSecret, ok = d.Get("config.0.access_client_secret").(string); !ok {
+				return fmt.Errorf("access_client_secret has to be of type string")
+			}
+			integration.Config = config
+
 		default:
 			return fmt.Errorf("unsupported integration type:%s", integration.Type)
 		}

@@ -293,6 +293,9 @@ func setDevicePostureRuleInput(rule *cloudflare.DevicePostureRule, d *schema.Res
 		if locations, ok := d.GetOk("input.0.locations"); ok {
 			input.Locations = locations.(cloudflare.CertificateLocations)
 		}
+		if score, ok := d.GetOk("input.0.score"); ok {
+			input.Score = score.(int)
+		}
 		rule.Input = input
 	}
 }
@@ -380,6 +383,7 @@ func convertInputToSchema(input cloudflare.DevicePostureRuleInput) []map[string]
 		"check_private_key":  input.CheckPrivateKey,
 		"extended_key_usage": input.ExtendedKeyUsage,
 		"locations":          formatLocationsToSchema,
+		"score":              input.Score,
 	}
 
 	return []map[string]interface{}{m}

@@ -24,7 +24,7 @@ func resourceCloudflareDevicePostureIntegrationSchema() map[string]*schema.Schem
 			Type:         schema.TypeString,
 			Required:     true,
 			ValidateFunc: validation.StringInSlice([]string{ws1, uptycs, crowdstrike, intune, kolide, sentinelone}, false),
-			Description:  fmt.Sprintf("The device posture integration type. %s", renderAvailableDocumentationValuesStringSlice([]string{ws1, uptycs, crowdstrike, intune, kolide, sentinelone, tanium})),
+			Description:  fmt.Sprintf("The device posture integration type. %s", renderAvailableDocumentationValuesStringSlice([]string{ws1, uptycs, crowdstrike, intune, kolide, sentinelone, tanium, customs2s})),
 		},
 		"identifier": {
 			Type:     schema.TypeString,

@@ -9,7 +9,7 @@ import (
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/consts"
 )
 
-var devicePostureRuleTypes = []string{"serial_number", "file", "application", "gateway", "warp", "domain_joined", "os_version", "disk_encryption", "firewall", "client_certificate", "client_certificate_v2", "workspace_one", "unique_client_id", "crowdstrike_s2s", "sentinelone", "kolide", "tanium_s2s", "intune", "sentinelone_s2s"}
+var devicePostureRuleTypes = []string{"serial_number", "file", "application", "gateway", "warp", "domain_joined", "os_version", "disk_encryption", "firewall", "client_certificate", "client_certificate_v2", "workspace_one", "unique_client_id", "crowdstrike_s2s", "sentinelone", "kolide", "tanium_s2s", "intune", "sentinelone_s2s", "custom_s2s"}
 
 func resourceCloudflareDevicePostureRuleSchema() map[string]*schema.Schema {
 	return map[string]*schema.Schema{
@@ -289,6 +289,11 @@ func resourceCloudflareDevicePostureRuleSchema() map[string]*schema.Schema {
 						Optional:    true,
 						Description: "List of operating system locations to check for a client certificate..",
 					},
+					"score": {
+						Type:        schema.TypeInt,
+						Optional:    true,
+						Description: "A value between 0-100 assigned to devices set by the 3rd party posture provider for custom device posture integrations.",
+					},
 				},
 			},
 		},