Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict test sweepers to account ID provided #648

Closed
jacobbednarz opened this issue Apr 7, 2020 · 1 comment · Fixed by #708 or #716
Closed

Restrict test sweepers to account ID provided #648

jacobbednarz opened this issue Apr 7, 2020 · 1 comment · Fixed by #708 or #716
Labels
dependencies kind/bug Categorizes issue or PR as related to a bug. workflow/pending-upstream-library Indicates an issue or PR requires changes from an upstream library.

Comments

@jacobbednarz
Copy link
Member

While porting the integration test suite I managed to delete our non-critical production domains as the ListZones method used by the cloudflare_zone_sweeper doesn't restrict the zones returned by the CLOUDFLARE_ACCOUNT_ID provided.

The sweeper should only use the CLOUDFLARE_ACCOUNT_ID like other resources and fail if it isn't provided. I suspect we will need to update cloudflare/cloudflare-go to support this properly.
@patryk
Copy link
Contributor

patryk commented Apr 7, 2020

Interesting. Yes, it's reasonable to expect ListZones will filter according to set Account ID. We should extend the method in cloudflare-go.

@patryk patryk added kind/bug Categorizes issue or PR as related to a bug. dependencies upstream labels Apr 7, 2020
@jacobbednarz jacobbednarz added workflow/pending-upstream-library Indicates an issue or PR requires changes from an upstream library. and removed upstream labels Apr 7, 2020
jacobbednarz added a commit to jacobbednarz/terraform-provider-cloudflare that referenced this issue Jun 12, 2020
@jacobbednarz
datasource/zone: Restrict sweeper to account ID provided
45e5f06 
Changes the `cloudflare_zone_sweeper` to be restricted to an account ID
provided. This prevents using API keys with global access from sweeping the
wrong zones/accounts.

Fixes cloudflare#648
@jacobbednarz jacobbednarz mentioned this issue Jun 12, 2020
Merged
jacobbednarz added a commit to jacobbednarz/terraform-provider-cloudflare that referenced this issue Jun 21, 2020
@jacobbednarz
Restrict zone sweeper to account ID
fda27a9 
Updates the test zone sweeper to use the `withZoneFilters` method and
restrict the API fetching of zones to a single account ID. This
eliminates the risk of accidentally running this in a production account
should you provide the account ID in the CLOUDFLARE_ACCOUNT_ID
environment variable (which you must now).

Fixes cloudflare#648
@jacobbednarz jacobbednarz mentioned this issue Jun 21, 2020
Merged
Justin-Holmes pushed a commit to Justin-Holmes/terraform-provider-cloudflare that referenced this issue Jul 15, 2020
@jacobbednarz
Restrict zone sweeper to account ID
9f5d92c 
Updates the test zone sweeper to use the `withZoneFilters` method and
restrict the API fetching of zones to a single account ID. This
eliminates the risk of accidentally running this in a production account
should you provide the account ID in the CLOUDFLARE_ACCOUNT_ID
environment variable (which you must now).

Fixes cloudflare#648
boekkooi-lengoo pushed a commit to boekkooi-lengoo/terraform-provider-cloudflare that referenced this issue Feb 28, 2022
@jacobbednarz
Merge pull request cloudflare#648 from cloudflare/dependabot/github_a…
524e601 
…ctions/actions/cache-2.1.6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies kind/bug Categorizes issue or PR as related to a bug. workflow/pending-upstream-library Indicates an issue or PR requires changes from an upstream library.
Projects
None yet
Milestone
No milestone
2 participants
@patryk @jacobbednarz