Merge pull request #1842 from dhens/patch-1

.changelog/1842.txt

@@ -0,0 +1,3 @@
+```release-note:note
+resource/device_posture_rule: update device posture rule to reflect new linux posture fields
+```

docs/data-sources/devices.md

@@ -24,7 +24,31 @@ data "cloudflare_devices" "devices" {
 
 - `devices` - A list of device object. See below for nested attributes.
 
-**devices**
+- `devices` (List of Object) (see [below for nested schema](#nestedatt--devices))
+- `id` (String) The ID of this resource.
+
+<a id="nestedatt--devices"></a>
+
+### Nested Schema for `devices`
+
+Read-Only:
+
+- `created` (String)
+- `device_type` (String)
+- `id` (String)
+- `ip` (String)
+- `key` (String)
+- `last_seen` (String)
+- `model` (String)
+- `name` (String)
+- `os_distro_name` (String)
+- `os_distro_revision` (String)
+- `os_version` (String)
+- `updated` (String)
+- `user_email` (String)
+- `user_id` (String)
+- `user_name` (String)
+- `version` (String)
 
 - `id` - Device ID.
 - `key` - The device's public key.

docs/resources/device_posture_rule.md

@@ -1,103 +1,91 @@
 ---
-layout: "cloudflare"
-page_title: "Cloudflare: cloudflare_device_posture_rule"
-description: Provides a Cloudflare Device Posture Rule resource.
+page_title: "cloudflare_device_posture_rule Resource - Cloudflare"
+subcategory: ""
+description: |-
+  Provides a Cloudflare Device Posture Rule resource. Device posture rules configure security policies for device posture checks.
 ---
 
-# cloudflare_device_posture_rule
+# cloudflare_device_posture_rule (Resource)
 
 Provides a Cloudflare Device Posture Rule resource. Device posture rules configure security policies for device posture checks.
 
 ## Example Usage
 
-```hcl
-resource "cloudflare_device_posture_rule" "corporate_devices_posture_rule" {
-  account_id  = "1d5fdc9e88c8a8c4518b068cd94331fe"
+```terraform
+resource "cloudflare_device_posture_rule" "eaxmple" {
+  account_id  = "f037e56e89293a057740de681ac9abbe"
   name        = "Corporate devices posture rule"
-  type        = "serial_number"
+  type        = "os_version"
   description = "Device posture rule for corporate devices."
   schedule    = "24h"
   expiration  = "24h"
+
   match {
-    platform = "mac"
+    platform = "linux"
   }
+
   input {
-    id = cloudflare_teams_list.corporate_devices.id
+    id                 = cloudflare_teams_list.corporate_devices.id
+    version            = "1.0.0"
+    operator           = "<"
+    os_distro_name     = "ubuntu"
+    os_distro_revision = "1.0.0"
   }
 }
 ```
+<!-- schema generated by tfplugindocs -->
+## Schema
 
-## Argument Reference
-
-The following arguments are supported:
-
-- `account_id` - (Required) The account to which the device posture rule should be added.
-- `type` - (Required) The device posture rule type. Valid values are `file`, `application`, and `serial_number`.
-- `input` - (Required) The value to be checked against. See below for reference
-  structure.
-- `name` - (Optional) Name of the device posture rule.
-- `schedule` - (Optional) Tells the client when to run the device posture check.
-  Must be in the format `"1h"` or `"30m"`. Valid units are `h` and `m`.
-- `expiration` - (Optional) Expire posture results after the specified amount of time.
-  Must be in the format `"1h"` or `"30m"`. Valid units are `h` and `m`.
-- `description` - (Optional) The description of the device posture rule.
-- `match` - (Optional) The conditions that the client must match to run the rule. See below for reference structure.
-
-### Match argument
-
-The match structure allows the following:
-
-- `platform` - (Required) The platform of the device. Valid values are `windows`, `mac`, `linux`, `android`, and `ios`.
-
-### Input argument
+### Required
 
-The input structure depends on the device posture rule type.
+- `account_id` (String) The account identifier to target for the resource.
+- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `workspace_one`.
 
-**serial_number** allows the following:
+### Optional
 
-- `id` - (Required) The Teams List id.
+- `description` (String)
+- `expiration` (String) Expire posture results after the specified amount of time. Must be in the format `1h` or `30m`. Valid units are `h` and `m`.
+- `input` (Block List) (see [below for nested schema](#nestedblock--input))
+- `match` (Block List) The conditions that the client must match to run the rule. (see [below for nested schema](#nestedblock--match))
+- `name` (String) Name of the device posture rule.
+- `schedule` (String) Tells the client when to run the device posture check. Must be in the format `1h` or `30m`. Valid units are `h` and `m`.
 
-**file** allows the following:
+### Read-Only
 
-- `path` - (Required) The path to the file.
-- `exists` - (Optional) Checks if the file should exist.
-- `thumbprint` - (Optional) The thumbprint of the file certificate.
-- `sha256` - (Optional) The sha256 hash of the file.
+- `id` (String) The ID of this resource.
 
-**application** allows the following:
+<a id="nestedblock--input"></a>
+### Nested Schema for `input`
 
-- `path` - (Required) The path to the application.
-- `thumbprint` - (Optional) The thumbprint of the application certificate.
-- `running` - (Optional) Checks if the application should be running.
+Optional:
 
-**os_version** allows the following:
+- `compliance_status` (String) The workspace one device compliance status.
+- `connection_id` (String) The workspace one connection id.
+- `domain` (String) The domain that the client must join.
+- `enabled` (Boolean) True if the firewall must be enabled.
+- `exists` (Boolean) Checks if the file should exist.
+- `id` (String) The Teams List id.
+- `operator` (String) The version comparison operator.
+- `os_distro_name` (String) The operating system excluding version information.
+- `os_distro_revision` (String) The operating system version excluding OS name information or release name.
+- `path` (String) The path to the file.
+- `require_all` (Boolean) True if all drives must be encrypted.
+- `running` (Boolean) Checks if the application should be running.
+- `sha256` (String) The sha256 hash of the file.
+- `thumbprint` (String) The thumbprint of the file certificate.
+- `version` (String) The operating system semantic version.
 
-- `version` = (Required) The operating system semantic version.
-- `operator` = (Required) The version comparison operator in (>,>=,<,<=,==)
 
-**domain_joined**
+<a id="nestedblock--match"></a>
+### Nested Schema for `match`
 
-- `domain` = (Required) The domain that the client must join.
+Optional:
 
-**firewall**
-
-- `enabled` = (Required) True if the firewall must be enabled.
-
-**disk_encryption**
-
-- `require_all` = (Required) True if all drives must be encrypted.
-
-## Attributes Reference
-
-The following additional attributes are exported:
-
-- `id` - ID of the device posture rule.
+- `platform` (String) The platform of the device. Available values: `windows`, `mac`, `linux`, `android`, `ios`.
 
 ## Import
 
-Device posture rules can be imported using a composite ID formed of account
-ID and device posture rule ID.
-
-```
-$ terraform import cloudflare_device_posture_rule.corporate_devices cb029e245cfdd66dc8d2e570d5dd3322/d41d8cd98f00b204e9800998ecf8427e
+Import is supported using the following syntax:
+```shell
+$ terraform import cloudflare_device_posture_rule.example <account_id>/<device_posture_rule_id>
 ```

examples/resources/cloudflare_device_posture_rule/import.sh

@@ -0,0 +1 @@
+$ terraform import cloudflare_device_posture_rule.example <account_id>/<device_posture_rule_id>

examples/resources/cloudflare_device_posture_rule/resource.tf

@@ -0,0 +1,20 @@
+resource "cloudflare_device_posture_rule" "eaxmple" {
+  account_id  = "f037e56e89293a057740de681ac9abbe"
+  name        = "Corporate devices posture rule"
+  type        = "os_version"
+  description = "Device posture rule for corporate devices."
+  schedule    = "24h"
+  expiration  = "24h"
+
+  match {
+    platform = "linux"
+  }
+
+  input {
+    id                 = cloudflare_teams_list.corporate_devices.id
+    version            = "1.0.0"
+    operator           = "<"
+    os_distro_name     = "ubuntu"
+    os_distro_revision = "1.0.0"
+  }
+}

internal/provider/data_source_devices.go

@@ -31,20 +31,25 @@ func dataResourceCloudflareDevicesRead(ctx context.Context, d *schema.ResourceDa
 
 	for _, device := range devices {
 		deviceDetails = append(deviceDetails, map[string]interface{}{
-			"id":          device.ID,
-			"key":         device.Key,
-			"device_type": device.DeviceType,
-			"name":        device.Name,
-			"version":     device.Version,
-			"updated":     device.Updated,
-			"created":     device.Created,
-			"last_seen":   device.LastSeen,
-			"model":       device.Model,
-			"os_version":  device.OSVersion,
-			"ip":          device.IP,
-			"user_id":     device.User.ID,
-			"user_email":  device.User.Email,
-			"user_name":   device.User.Name,
+			"id":                 device.ID,
+			"key":                device.Key,
+			"device_type":        device.DeviceType,
+			"name":               device.Name,
+			"version":            device.Version,
+			"updated":            device.Updated,
+			"created":            device.Created,
+			"last_seen":          device.LastSeen,
+			"revoked_at":         device.RevokedAt,
+			"model":              device.Model,
+			"os_version":         device.OSVersion,
+			"os_distro_name":     device.OSDistroName,
+			"os_distro_revision": device.OsDistroRevision,
+			"ip":                 device.IP,
+			"mac_address":        device.MacAddress,
+			"serial_number":      device.SerialNumber,
+			"user_id":            device.User.ID,
+			"user_email":         device.User.Email,
+			"user_name":          device.User.Name,
 		})
 	}
 

internal/provider/resource_cloudflare_device_posture_rule.go

@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/MakeNowJust/heredoc/v2"
 	cloudflare "github.com/cloudflare/cloudflare-go"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
@@ -23,6 +24,9 @@ func resourceCloudflareDevicePostureRule() *schema.Resource {
 		Importer: &schema.ResourceImporter{
 			StateContext: resourceCloudflareDevicePostureRuleImport,
 		},
+		Description: heredoc.Doc(`
+			Provides a Cloudflare Device Posture Rule resource. Device posture rules configure security policies for device posture checks.
+		`),
 	}
 }
 
@@ -193,6 +197,12 @@ func setDevicePostureRuleInput(rule *cloudflare.DevicePostureRule, d *schema.Res
 		if connectionID, ok := d.GetOk("input.0.connection_id"); ok {
 			input.ConnectionID = connectionID.(string)
 		}
+		if osDistroName, ok := d.GetOk("input.0.os_distro_name"); ok {
+			input.OsDistroName = osDistroName.(string)
+		}
+		if osDistroRevision, ok := d.GetOk("input.0.os_distro_revision"); ok {
+			input.OsDistroRevision = osDistroRevision.(string)
+		}
 		rule.Input = input
 	}
 }
@@ -230,19 +240,21 @@ func convertMatchToSchema(matches []cloudflare.DevicePostureRuleMatch) []map[str
 
 func convertInputToSchema(input cloudflare.DevicePostureRuleInput) []map[string]interface{} {
 	m := map[string]interface{}{
-		"id":                input.ID,
-		"path":              input.Path,
-		"exists":            input.Exists,
-		"thumbprint":        input.Thumbprint,
-		"sha256":            input.Sha256,
-		"running":           input.Running,
-		"require_all":       input.RequireAll,
-		"enabled":           input.Enabled,
-		"version":           input.Version,
-		"operator":          input.Operator,
-		"domain":            input.Domain,
-		"compliance_status": input.ComplianceStatus,
-		"connection_id":     input.ConnectionID,
+		"id":                 input.ID,
+		"path":               input.Path,
+		"exists":             input.Exists,
+		"thumbprint":         input.Thumbprint,
+		"sha256":             input.Sha256,
+		"running":            input.Running,
+		"require_all":        input.RequireAll,
+		"enabled":            input.Enabled,
+		"version":            input.Version,
+		"os_distro_name":     input.OsDistroName,
+		"os_distro_revision": input.OsDistroRevision,
+		"operator":           input.Operator,
+		"domain":             input.Domain,
+		"compliance_status":  input.ComplianceStatus,
+		"connection_id":      input.ConnectionID,
 	}
 
 	return []map[string]interface{}{m}