Merge branch 'master' into dsousa/FLPROD-397-redirect-list-support

cloudflare · Jun 22, 2022 · 4690a53 · 4690a53
2 parents c52fc84 + c609a7f
commit 4690a53
Show file tree

Hide file tree

Showing 7 changed files with 1,177 additions and 19 deletions.
diff --git a/.changelog/1701.txt b/.changelog/1701.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/cloudflare_ruleset: add support for set cache settings
+```
diff --git a/.github/workflows/generate-changelog.yml b/.github/workflows/generate-changelog.yml
@@ -1,7 +1,7 @@
 
 name: Generate CHANGELOG
 on:
-  pull_request:
+  pull_request_target:
     types: [closed]
   workflow_dispatch:
 jobs:

diff --git a/docs/resources/ruleset.md b/docs/resources/ruleset.md
@@ -265,6 +265,71 @@ resource "cloudflare_ruleset" "custom_fields_logging_example" {
     enabled     = true
   }
 }
+
+resource "cloudflare_ruleset" "cache_settings_example" {
+  zone_id     = "cb029e245cfdd66dc8d2e570d5dd3322"
+  name        = "set cache settings"
+  description = "set cache settings for the request"
+  kind        = "zone"
+  phase       = "http_request_cache_settings"
+
+  rules {
+    action = "set_cache_settings"
+    action_parameters {
+      edge_ttl {
+        mode = "override_origin"
+        default = 60
+        status_code_ttl {
+          status_code = 200
+          value = 50
+        }
+        status_code_ttl {
+          status_code_range {
+            from = 201
+            to = 300
+          }
+          value = 30
+        }
+      }
+      browser_ttl {
+        mode = "respect_origin"
+      }
+      serve_stale {
+        disable_stale_while_updating = true
+      }
+      respect_strong_etags = true
+      cache_key {
+        ignore_query_strings_order = false
+        cache_deception_armor = true
+        custom_key {
+          query_string {
+            exclude = ["*"]
+          }
+          header {
+            include = ["habc", "hdef"]
+            check_presence = ["habc_t", "hdef_t"]
+            exclude_origin = true
+          }
+          cookie {
+            include = ["cabc", "cdef"]
+            check_presence = ["cabc_t", "cdef_t"]
+          }
+          user {
+            device_type = true
+            geo = false
+          }
+          host {
+            resolved = true
+          }
+        }
+      }
+      origin_error_page_passthru = false
+    }
+    expression = "true"
+    description = "set cache settings rule"
+    enabled = true
+  }
+}
 ```
 
 <!-- schema generated by tfplugindocs -->
@@ -316,25 +381,148 @@ Read-Only:
 
 Optional:
 
+- `browser_ttl` (Block List, Max: 1) List of browser TTL parameters to apply to the request. (see [below for nested schema](#nestedblock--rules--action_parameters--browser_ttl))
+- `bypass_cache` (Boolean) Whether to bypass the cache if expression matches.
+- `cache_key` (Block List, Max: 1) List of cache key parameters to apply to the request. (see [below for nested schema](#nestedblock--rules--action_parameters--cache_key))
 - `cookie_fields` (Set of String) List of cookie values to include as part of custom fields logging.
+- `edge_ttl` (Block List, Max: 1) List of edge TTL parameters to apply to the request. (see [below for nested schema](#nestedblock--rules--action_parameters--edge_ttl))
 - `headers` (Block List) List of HTTP header modifications to perform in the ruleset rule. (see [below for nested schema](#nestedblock--rules--action_parameters--headers))
 - `host_header` (String) Host Header that request origin receives.
 - `id` (String) Identifier of the action parameter to modify.
 - `increment` (Number)
 - `matched_data` (Block List, Max: 1) List of properties to configure WAF payload logging. (see [below for nested schema](#nestedblock--rules--action_parameters--matched_data))
 - `origin` (Block List, Max: 1) List of properties to change request origin. (see [below for nested schema](#nestedblock--rules--action_parameters--origin))
+- `origin_error_page_passthru` (Boolean) Pass-through error page for origin.
 - `overrides` (Block List, Max: 1) List of override configurations to apply to the ruleset. (see [below for nested schema](#nestedblock--rules--action_parameters--overrides))
 - `phases` (Set of String) Point in the request/response lifecycle where the ruleset will be created. Available values: `ddos_l4`, `ddos_l7`, `http_log_custom_fields`, `http_request_cache_settings`, `http_request_firewall_custom`, `http_request_firewall_managed`, `http_request_late_transform`, `http_request_late_transform_managed`, `http_request_main`, `http_request_origin`, `http_request_redirect`, `http_request_sanitize`, `http_request_transform`, `http_response_firewall_managed`, `http_response_headers_transform`, `magic_transit`, `http_ratelimit`, `http_request_sbfm`.
 - `products` (Set of String) Products to target with the actions. Available values: `bic`, `hot`, `ratelimit`, `securityLevel`, `uablock`, `waf`, `zonelockdown`.
 - `request_fields` (Set of String) List of request headers to include as part of custom fields logging, in lowercase.
+- `respect_strong_etags` (Boolean) Respect strong ETags.
 - `response` (Block List) List of parameters that configure the response given to end users. (see [below for nested schema](#nestedblock--rules--action_parameters--response))
 - `response_fields` (Set of String) List of response headers to include as part of custom fields logging, in lowercase.
 - `rules` (Map of String) Map of managed WAF rule ID to comma-delimited string of ruleset rule IDs. Example: `rules = { "efb7b8c949ac4650a09736fc376e9aee" = "5de7edfa648c4d6891dc3e7f84534ffa,e3a567afc347477d9702d9047e97d760" }`.
 - `ruleset` (String) Which ruleset ID to target.
 - `rulesets` (Set of String) List of managed WAF rule IDs to target. Only valid when the `"action"` is set to skip.
+- `serve_stale` (Block List, Max: 1) List of serve stale parameters to apply to the request. (see [below for nested schema](#nestedblock--rules--action_parameters--serve_stale))
 - `uri` (Block List, Max: 1) List of URI properties to configure for the ruleset rule when performing URL rewrite transformations. (see [below for nested schema](#nestedblock--rules--action_parameters--uri))
 - `version` (String) Version of the ruleset to deploy.
 
+<a id="nestedblock--rules--action_parameters--browser_ttl"></a>
+### Nested Schema for `rules.action_parameters.browser_ttl`
+
+Required:
+
+- `mode` (String) Mode of the browser TTL.
+
+Optional:
+
+- `default` (Number) Default browser TTL.
+
+
+<a id="nestedblock--rules--action_parameters--cache_key"></a>
+### Nested Schema for `rules.action_parameters.cache_key`
+
+Optional:
+
+- `cache_by_device_type` (Boolean) Cache by device type. Conflicts with "custom_key.user.device_type".
+- `cache_deception_armor` (Boolean) Cache deception armor.
+- `custom_key` (Block List, Max: 1) Custom key parameters for the request. (see [below for nested schema](#nestedblock--rules--action_parameters--cache_key--custom_key))
+- `ignore_query_strings_order` (Boolean) Ignore query strings order.
+
+<a id="nestedblock--rules--action_parameters--cache_key--custom_key"></a>
+### Nested Schema for `rules.action_parameters.cache_key.ignore_query_strings_order`
+
+Optional:
+
+- `cookie` (Block List, Max: 1) Cookie parameters for the custom key. (see [below for nested schema](#nestedblock--rules--action_parameters--cache_key--ignore_query_strings_order--cookie))
+- `header` (Block List, Max: 1) Header parameters for the custom key. (see [below for nested schema](#nestedblock--rules--action_parameters--cache_key--ignore_query_strings_order--header))
+- `host` (Block List, Max: 1) Host parameters for the custom key. (see [below for nested schema](#nestedblock--rules--action_parameters--cache_key--ignore_query_strings_order--host))
+- `query_string` (Block List, Max: 1) Query string parameters for the custom key. (see [below for nested schema](#nestedblock--rules--action_parameters--cache_key--ignore_query_strings_order--query_string))
+- `user` (Block List, Max: 1) User parameters for the custom key. (see [below for nested schema](#nestedblock--rules--action_parameters--cache_key--ignore_query_strings_order--user))
+
+<a id="nestedblock--rules--action_parameters--cache_key--ignore_query_strings_order--cookie"></a>
+### Nested Schema for `rules.action_parameters.cache_key.ignore_query_strings_order.cookie`
+
+Optional:
+
+- `check_presence` (List of String) List of cookies to check for presence in the custom key.
+- `include` (List of String) List of cookies to include in the custom key.
+
+
+<a id="nestedblock--rules--action_parameters--cache_key--ignore_query_strings_order--header"></a>
+### Nested Schema for `rules.action_parameters.cache_key.ignore_query_strings_order.header`
+
+Optional:
+
+- `check_presence` (List of String) List of headers to check for presence in the custom key.
+- `exclude_origin` (Boolean) Exclude the origin header from the custom key.
+- `include` (List of String) List of headers to include in the custom key.
+
+
+<a id="nestedblock--rules--action_parameters--cache_key--ignore_query_strings_order--host"></a>
+### Nested Schema for `rules.action_parameters.cache_key.ignore_query_strings_order.host`
+
+Optional:
+
+- `resolved` (Boolean) Resolve hostname to IP address.
+
+
+<a id="nestedblock--rules--action_parameters--cache_key--ignore_query_strings_order--query_string"></a>
+### Nested Schema for `rules.action_parameters.cache_key.ignore_query_strings_order.query_string`
+
+Optional:
+
+- `exclude` (List of String) List of query string parameters to exclude from the custom key. Conflicts with "include".
+- `include` (List of String) List of query string parameters to include in the custom key. Conflicts with "exclude".
+
+
+<a id="nestedblock--rules--action_parameters--cache_key--ignore_query_strings_order--user"></a>
+### Nested Schema for `rules.action_parameters.cache_key.ignore_query_strings_order.user`
+
+Optional:
+
+- `device_type` (Boolean) Add device type to the custom key. Conflicts with "cache_key.cache_by_device_type".
+- `geo` (Boolean) Add geo data to the custom key.
+- `lang` (Boolean) Add language data to the custom key.
+
+
+
+
+<a id="nestedblock--rules--action_parameters--edge_ttl"></a>
+### Nested Schema for `rules.action_parameters.edge_ttl`
+
+Required:
+
+- `default` (Number) Default edge TTL.
+- `mode` (String) Mode of the edge TTL.
+
+Optional:
+
+- `status_code_ttl` (Block List) Edge TTL for the status codes. (see [below for nested schema](#nestedblock--rules--action_parameters--edge_ttl--status_code_ttl))
+
+<a id="nestedblock--rules--action_parameters--edge_ttl--status_code_ttl"></a>
+### Nested Schema for `rules.action_parameters.edge_ttl.status_code_ttl`
+
+Required:
+
+- `value` (Number) Status code edge TTL value.
+
+Optional:
+
+- `status_code` (Number) Status code for which the edge TTL is applied. Conflicts with "status_code_range".
+- `status_code_range` (Block List) Status code range for which the edge TTL is applied. Conflicts with "status_code". (see [below for nested schema](#nestedblock--rules--action_parameters--edge_ttl--status_code_ttl--status_code_range))
+
+<a id="nestedblock--rules--action_parameters--edge_ttl--status_code_ttl--status_code_range"></a>
+### Nested Schema for `rules.action_parameters.edge_ttl.status_code_ttl.status_code_range`
+
+Optional:
+
+- `from` (Number) From status code.
+- `to` (Number) To status code.
+
+
+
+
 <a id="nestedblock--rules--action_parameters--headers"></a>
 ### Nested Schema for `rules.action_parameters.headers`
 
@@ -409,6 +597,14 @@ Optional:
 - `status_code` (Number) HTTP status code to send in the response.
 
 
+<a id="nestedblock--rules--action_parameters--serve_stale"></a>
+### Nested Schema for `rules.action_parameters.serve_stale`
+
+Optional:
+
+- `disable_stale_while_updating` (Boolean) Disable stale while updating.
+
+
 <a id="nestedblock--rules--action_parameters--uri"></a>
 ### Nested Schema for `rules.action_parameters.uri`
 

diff --git a/examples/resources/cloudflare_ruleset/resource.tf b/examples/resources/cloudflare_ruleset/resource.tf
@@ -230,3 +230,68 @@ resource "cloudflare_ruleset" "custom_fields_logging_example" {
     enabled     = true
   }
 }
+
+resource "cloudflare_ruleset" "cache_settings_example" {
+  zone_id     = "cb029e245cfdd66dc8d2e570d5dd3322"
+  name        = "set cache settings"
+  description = "set cache settings for the request"
+  kind        = "zone"
+  phase       = "http_request_cache_settings"
+
+  rules {
+    action = "set_cache_settings"
+    action_parameters {
+      edge_ttl {
+        mode = "override_origin"
+        default = 60
+        status_code_ttl {
+          status_code = 200
+          value = 50
+        }
+        status_code_ttl {
+          status_code_range {
+            from = 201
+            to = 300
+          }
+          value = 30
+        }
+      }
+      browser_ttl {
+        mode = "respect_origin"
+      }
+      serve_stale {
+        disable_stale_while_updating = true
+      }
+      respect_strong_etags = true
+      cache_key {
+        ignore_query_strings_order = false
+        cache_deception_armor = true
+        custom_key {
+          query_string {
+            exclude = ["*"]
+          }
+          header {
+            include = ["habc", "hdef"]
+            check_presence = ["habc_t", "hdef_t"]
+            exclude_origin = true
+          }
+          cookie {
+            include = ["cabc", "cdef"]
+            check_presence = ["cabc_t", "cdef_t"]
+          }
+          user {
+            device_type = true
+            geo = false
+          }
+          host {
+            resolved = true
+          }
+        }
+      }
+      origin_error_page_passthru = false
+    }
+    expression = "true"
+    description = "set cache settings rule"
+    enabled = true
+  }
+}