Added optional config_src parameter to cloudflare_tunnel resource

Author: obezuk

.changelog/2369.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/cloudflare_tunnel: Adds config_src parameter
+```

docs/resources/tunnel.md

@@ -30,6 +30,7 @@ resource "cloudflare_tunnel" "example" {
 - `account_id` (String) The account identifier to target for the resource. **Modifying this attribute will force creation of a new resource.**
 - `name` (String) A user-friendly name chosen when the tunnel is created. **Modifying this attribute will force creation of a new resource.**
 - `secret` (String, Sensitive) 32 or more bytes, encoded as a base64 string. The Create Argo Tunnel endpoint sets this as the tunnel's password. Anyone wishing to run the tunnel needs this password. **Modifying this attribute will force creation of a new resource.**
+- `config_src` (String, Optional) Indicates if this is a locally or remotely configured tunnel. If `local`, manage the tunnel using a YAML file on the origin machine. If `cloudflare`, manage the tunnel on the Zero Trust dashboard or using `tunnel_config`, `tunnel_route` or `tunnel_virtual_network` resources. **Modifying this attribute will force creation of a new resource.**
 
 ### Read-Only
 

internal/sdkv2provider/resource_cloudflare_tunnel.go

@@ -38,8 +38,9 @@ func resourceCloudflareTunnelCreate(ctx context.Context, d *schema.ResourceData,
 	accID := d.Get(consts.AccountIDSchemaKey).(string)
 	name := d.Get("name").(string)
 	secret := d.Get("secret").(string)
+	configSrc := d.Get("config_src").(string)
 
-	tunnel, err := client.CreateTunnel(ctx, cloudflare.AccountIdentifier(accID), cloudflare.TunnelCreateParams{Name: name, Secret: secret})
+	tunnel, err := client.CreateTunnel(ctx, cloudflare.AccountIdentifier(accID), cloudflare.TunnelCreateParams{Name: name, Secret: secret, ConfigSrc: configSrc})
 	if err != nil {
 		return diag.FromErr(errors.Wrap(err, fmt.Sprintf("failed to create Argo Tunnel")))
 	}

internal/sdkv2provider/resource_cloudflare_tunnel_test.go

@@ -52,6 +52,86 @@ func testAccCheckCloudflareTunnelBasic(accID, name string) string {
 	}`, accID, name)
 }
 
+func TestAccCloudflareTunnelCreate_Managed(t *testing.T) {
+	// Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Argo Tunnel
+	// endpoint does not yet support the API tokens.
+	if os.Getenv("CLOUDFLARE_API_TOKEN") != "" {
+		t.Setenv("CLOUDFLARE_API_TOKEN", "")
+	}
+
+	accID := os.Getenv("CLOUDFLARE_ACCOUNT_ID")
+	rnd := generateRandomResourceName()
+	name := fmt.Sprintf("cloudflare_tunnel.%s", rnd)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		ProviderFactories: providerFactories,
+		CheckDestroy:      testAccCheckCloudflareTunnelDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckCloudflareTunnelManaged(accID, rnd),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(name, "name", rnd),
+					resource.TestCheckResourceAttr(name, "secret", "AQIDBAUGBwgBAgMEBQYHCAECAwQFBgcIAQIDBAUGBwg="),
+					resource.TestMatchResourceAttr(name, "cname", regexp.MustCompile(".*\\.cfargotunnel\\.com")),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckCloudflareTunnelManaged(accID, name string) string {
+	return fmt.Sprintf(`
+	resource "cloudflare_tunnel" "%[2]s" {
+		account_id = "%[1]s"
+		name       = "%[2]s"
+		secret     = "AQIDBAUGBwgBAgMEBQYHCAECAwQFBgcIAQIDBAUGBwg="
+		config_src = "cloudflare"
+	}`, accID, name)
+}
+
+func TestAccCloudflareTunnelCreate_Unmanaged(t *testing.T) {
+	// Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Argo Tunnel
+	// endpoint does not yet support the API tokens.
+	if os.Getenv("CLOUDFLARE_API_TOKEN") != "" {
+		t.Setenv("CLOUDFLARE_API_TOKEN", "")
+	}
+
+	accID := os.Getenv("CLOUDFLARE_ACCOUNT_ID")
+	rnd := generateRandomResourceName()
+	name := fmt.Sprintf("cloudflare_tunnel.%s", rnd)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		ProviderFactories: providerFactories,
+		CheckDestroy:      testAccCheckCloudflareTunnelDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckCloudflareTunnelUnmanaged(accID, rnd),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(name, "name", rnd),
+					resource.TestCheckResourceAttr(name, "secret", "AQIDBAUGBwgBAgMEBQYHCAECAwQFBgcIAQIDBAUGBwg="),
+					resource.TestMatchResourceAttr(name, "cname", regexp.MustCompile(".*\\.cfargotunnel\\.com")),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckCloudflareTunnelUnmanaged(accID, name string) string {
+	return fmt.Sprintf(`
+	resource "cloudflare_tunnel" "%[2]s" {
+		account_id = "%[1]s"
+		name       = "%[2]s"
+		secret     = "AQIDBAUGBwgBAgMEBQYHCAECAwQFBgcIAQIDBAUGBwg="
+		config_src = "local"
+	}`, accID, name)
+}
+
 func testAccCheckCloudflareTunnelDestroy(s *terraform.State) error {
 	for _, rs := range s.RootModule().Resources {
 		if rs.Type != "cloudflare_tunnel" {

internal/sdkv2provider/schema_cloudflare_tunnel.go

@@ -26,6 +26,13 @@ func resourceCloudflareTunnelSchema() map[string]*schema.Schema {
 			ForceNew:    true,
 			Description: "32 or more bytes, encoded as a base64 string. The Create Argo Tunnel endpoint sets this as the tunnel's password. Anyone wishing to run the tunnel needs this password.",
 		},
+		"config_src": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Sensitive:   false,
+			ForceNew:    true,
+			Description: "Indicates if this is a locally or remotely configured tunnel. If `local`, manage the tunnel using a YAML file on the origin machine. If `cloudflare`, manage the tunnel on the Zero Trust dashboard or using tunnel_config, tunnel_route or tunnel_virtual_network resources.",
+		},
 		"cname": {
 			Type:        schema.TypeString,
 			Computed:    true,