Merge pull request cloudflare#730 from xens/721-add-support-for-auto_…

…redirect_to_identity Access: add support for auto_redirect_to_identity
mojotalantikite · Jul 13, 2020 · 4f20458 · 4f20458
2 parents 48a1a27 + 6ad1598
commit 4f20458
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 16 deletions.
diff --git a/cloudflare/resource_cloudflare_access_application.go b/cloudflare/resource_cloudflare_access_application.go
@@ -93,6 +93,11 @@ func resourceCloudflareAccessApplication() *schema.Resource {
 					},
 				},
 			},
+			"auto_redirect_to_identity": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
 		},
 	}
 }
@@ -102,9 +107,10 @@ func resourceCloudflareAccessApplicationCreate(d *schema.ResourceData, meta inte
 	zoneID := d.Get("zone_id").(string)
 
 	newAccessApplication := cloudflare.AccessApplication{
-		Name:            d.Get("name").(string),
-		Domain:          d.Get("domain").(string),
-		SessionDuration: d.Get("session_duration").(string),
+		Name:                   d.Get("name").(string),
+		Domain:                 d.Get("domain").(string),
+		SessionDuration:        d.Get("session_duration").(string),
+		AutoRedirectToIdentity: d.Get("auto_redirect_to_identity").(bool),
 	}
 
 	if _, ok := d.GetOk("cors_headers"); ok {
@@ -141,6 +147,7 @@ func resourceCloudflareAccessApplicationRead(d *schema.ResourceData, meta interf
 	d.Set("aud", accessApplication.AUD)
 	d.Set("session_duration", accessApplication.SessionDuration)
 	d.Set("domain", accessApplication.Domain)
+	d.Set("auto_redirect_to_identity", accessApplication.AutoRedirectToIdentity)
 
 	corsConfig := convertCORSStructToSchema(d, accessApplication.CorsHeaders)
 	if corsConfigErr := d.Set("cors_headers", corsConfig); corsConfigErr != nil {
@@ -155,10 +162,11 @@ func resourceCloudflareAccessApplicationUpdate(d *schema.ResourceData, meta inte
 	zoneID := d.Get("zone_id").(string)
 
 	updatedAccessApplication := cloudflare.AccessApplication{
-		ID:              d.Id(),
-		Name:            d.Get("name").(string),
-		Domain:          d.Get("domain").(string),
-		SessionDuration: d.Get("session_duration").(string),
+		ID:                     d.Id(),
+		Name:                   d.Get("name").(string),
+		Domain:                 d.Get("domain").(string),
+		SessionDuration:        d.Get("session_duration").(string),
+		AutoRedirectToIdentity: d.Get("auto_redirect_to_identity").(bool),
 	}
 
 	if _, ok := d.GetOk("cors_headers"); ok {

diff --git a/cloudflare/resource_cloudflare_access_application_test.go b/cloudflare/resource_cloudflare_access_application_test.go
@@ -34,6 +34,7 @@ func TestAccCloudflareAccessApplicationBasic(t *testing.T) {
 					resource.TestCheckResourceAttr(name, "domain", fmt.Sprintf("%s.%s", rnd, domain)),
 					resource.TestCheckResourceAttr(name, "session_duration", "24h"),
 					resource.TestCheckResourceAttr(name, "cors_headers.#", "0"),
+					resource.TestCheckResourceAttr(name, "auto_redirect_to_identity", "false"),
 				),
 			},
 		},
@@ -62,6 +63,32 @@ func TestAccCloudflareAccessApplicationWithCORS(t *testing.T) {
 					resource.TestCheckResourceAttr(name, "cors_headers.0.allowed_methods.#", "3"),
 					resource.TestCheckResourceAttr(name, "cors_headers.0.allowed_origins.#", "1"),
 					resource.TestCheckResourceAttr(name, "cors_headers.0.max_age", "10"),
+					resource.TestCheckResourceAttr(name, "auto_redirect_to_identity", "false"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccCloudflareAccessApplicationWithAutoRedirectToIdentity(t *testing.T) {
+	rnd := generateRandomResourceName()
+	name := fmt.Sprintf("cloudflare_access_application.%s", rnd)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckCloudflareAccessApplicationDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCloudflareAccessApplicationConfigWithAutoRedirectToIdentity(rnd, zoneID, domain),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(name, "zone_id", zoneID),
+					resource.TestCheckResourceAttr(name, "name", rnd),
+					resource.TestCheckResourceAttr(name, "domain", fmt.Sprintf("%s.%s", rnd, domain)),
+					resource.TestCheckResourceAttr(name, "session_duration", "24h"),
+					resource.TestCheckResourceAttr(name, "auto_redirect_to_identity", "true"),
 				),
 			},
 		},
@@ -71,10 +98,11 @@ func TestAccCloudflareAccessApplicationWithCORS(t *testing.T) {
 func testAccCloudflareAccessApplicationConfigBasic(rnd, zoneID, domain string) string {
 	return fmt.Sprintf(`
 resource "cloudflare_access_application" "%[1]s" {
-  zone_id          = "%[2]s"
-  name             = "%[1]s"
-  domain           = "%[1]s.%[3]s"
-  session_duration = "24h"
+  zone_id                   = "%[2]s"
+  name                      = "%[1]s"
+  domain                    = "%[1]s.%[3]s"
+  session_duration          = "24h"
+  auto_redirect_to_identity = false
 }
 `, rnd, zoneID, domain)
 }
@@ -92,6 +120,19 @@ resource "cloudflare_access_application" "%[1]s" {
     allow_credentials = true
     max_age = 10
   }
+  auto_redirect_to_identity = false
+}
+`, rnd, zoneID, domain)
+}
+
+func testAccCloudflareAccessApplicationConfigWithAutoRedirectToIdentity(rnd, zoneID, domain string) string {
+	return fmt.Sprintf(`
+resource "cloudflare_access_application" "%[1]s" {
+  zone_id                   = "%[2]s"
+  name                      = "%[1]s"
+  domain                    = "%[1]s.%[3]s"
+  session_duration          = "24h"
+  auto_redirect_to_identity = true
 }
 `, rnd, zoneID, domain)
 }

diff --git a/website/docs/r/access_application.html.markdown b/website/docs/r/access_application.html.markdown
@@ -16,10 +16,11 @@ authorisation gateway managed by Cloudflare.
 
 ```hcl
 resource "cloudflare_access_application" "staging_app" {
-  zone_id          = "1d5fdc9e88c8a8c4518b068cd94331fe"
-  name             = "staging application"
-  domain           = "staging.example.com"
-  session_duration = "24h"
+  zone_id                   = "1d5fdc9e88c8a8c4518b068cd94331fe"
+  name                      = "staging application"
+  domain                    = "staging.example.com"
+  session_duration          = "24h"
+  auto_redirect_to_identity = false 
 }
 
 # With CORS configuration
@@ -66,7 +67,10 @@ The following arguments are supported:
   requests.
 * `max_age` - (Optional) Integer representing the maximum time a preflight
   request will be cached.
-
+* `auto_redirect_to_identity` - (Optional) Option to skip identity provider
+  selection if only one is configured in allowed_idps. Defaults to `false`
+  (disabled).
+
 ## Attributes Reference
 
 The following additional attributes are exported:
@@ -75,6 +79,7 @@ The following additional attributes are exported:
 * `aud` - Application Audience (AUD) Tag of the application
 * `domain` - Domain of the application
 * `session_duration` - Length of session for the application before prompting for a sign in
+* `auto_redirect_to_identity` - If the IdP selection page is skipped or not
 
 ## Import