cloudflare · jacobbednarz · Aug 19, 2022 · Aug 10, 2022 · Aug 15, 2022 · Aug 19, 2022
diff --git a/.changelog/1837.txt b/.changelog/1837.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/cloudflare_ruleset: add support for `http_config_settings`
+```
diff --git a/internal/provider/resource_cloudflare_ruleset.go b/internal/provider/resource_cloudflare_ruleset.go
@@ -259,6 +259,10 @@ func buildStateFromRulesetRules(rules []cloudflare.RulesetRule) interface{} {
 				cacheKeyFields         []map[string]interface{}
 				fromListFields         []map[string]interface{}
 				fromValueFields        []map[string]interface{}
+				autoMinifyFields       []map[string]interface{}
+				polishSetting          string
+				sslSetting             string
+				securityLevel          string
 			)
 			actionParameterRules := make(map[string]string)
 
@@ -518,6 +522,26 @@ func buildStateFromRulesetRules(rules []cloudflare.RulesetRule) interface{} {
 				})
 			}
 
+			if !reflect.ValueOf(r.ActionParameters.AutoMinify).IsNil() {
+				autoMinifyFields = append(autoMinifyFields, map[string]interface{}{
+					"html": r.ActionParameters.AutoMinify.HTML,
+					"css":  r.ActionParameters.AutoMinify.CSS,
+					"js":   r.ActionParameters.AutoMinify.JS,
+				})
+			}
+
+			if !reflect.ValueOf(r.ActionParameters.Polish).IsNil() {
+				polishSetting = r.ActionParameters.Polish.String()
+			}
+
+			if !reflect.ValueOf(r.ActionParameters.SecurityLevel).IsNil() {
+				securityLevel = r.ActionParameters.SecurityLevel.String()
+			}
+
+			if !reflect.ValueOf(r.ActionParameters.SecurityLevel).IsNil() {
+				sslSetting = r.ActionParameters.SSL.String()
+			}
+
 			actionParameters = append(actionParameters, map[string]interface{}{
 				"id":                         r.ActionParameters.ID,
 				"increment":                  r.ActionParameters.Increment,
@@ -550,6 +574,22 @@ func buildStateFromRulesetRules(rules []cloudflare.RulesetRule) interface{} {
 				"content":                    r.ActionParameters.Content,
 				"content_type":               r.ActionParameters.ContentType,
 				"status_code":                r.ActionParameters.StatusCode,
+				"automatic_https_rewrites":   r.ActionParameters.AutomaticHTTPSRewrites,
+				"autominify":                 autoMinifyFields,
+				"bic":                        r.ActionParameters.BrowserIntegrityCheck,
+				"disable_apps":               r.ActionParameters.DisableApps,
+				"disable_zaraz":              r.ActionParameters.DisableZaraz,
+				"disable_railgun":            r.ActionParameters.DisableRailgun,
+				"email_obfuscation":          r.ActionParameters.EmailObfuscation,
+				"mirage":                     r.ActionParameters.Mirage,
+				"opportunistic_encryption":   r.ActionParameters.OpportunisticEncryption,
+				"polish":                     polishSetting,
+				"rocket_loader":              r.ActionParameters.RocketLoader,
+				"security_level":             securityLevel,
+				"server_side_excludes":       r.ActionParameters.ServerSideExcludes,
+				"ssl":                        sslSetting,
+				"sxg":                        r.ActionParameters.SXG,
+				"hotlink_protection":         r.ActionParameters.HotLinkProtection,
 			})
 
 			rule["action_parameters"] = actionParameters
@@ -806,14 +846,84 @@ func buildRulesetRulesFromResource(d *schema.ResourceData) ([]cloudflare.Ruleset
 								Port: uint16(pValue.([]interface{})[i].(map[string]interface{})["port"].(int)),
 							}
 						}
+					case "automatic_https_rewrites":
+						if value, ok := d.GetOk(fmt.Sprintf("rules.%d.action_parameters.0.automatic_https_rewrites", rulesCounter)); ok {
+							rule.ActionParameters.AutomaticHTTPSRewrites = cloudflare.BoolPtr(value.(bool))
+						}
+					case "autominify":
+						for i := range pValue.([]interface{}) {
+							rule.ActionParameters.AutoMinify = &cloudflare.RulesetRuleActionParametersAutoMinify{
+								HTML: pValue.([]interface{})[i].(map[string]interface{})["html"].(bool),
+								CSS:  pValue.([]interface{})[i].(map[string]interface{})["css"].(bool),
+								JS:   pValue.([]interface{})[i].(map[string]interface{})["js"].(bool),
+							}
+						}
 
+					case "bic":
+						if value, ok := d.GetOk(fmt.Sprintf("rules.%d.action_parameters.0.bic", rulesCounter)); ok {
+							rule.ActionParameters.BrowserIntegrityCheck = cloudflare.BoolPtr(value.(bool))
+						}
+					case "disable_apps":
+						if value, ok := d.GetOk(fmt.Sprintf("rules.%d.action_parameters.0.disable_apps", rulesCounter)); ok {
+							rule.ActionParameters.DisableApps = cloudflare.BoolPtr(value.(bool))
+						}
+					case "disable_zaraz":
+						if value, ok := d.GetOk(fmt.Sprintf("rules.%d.action_parameters.0.disable_zaraz", rulesCounter)); ok {
+							rule.ActionParameters.DisableZaraz = cloudflare.BoolPtr(value.(bool))
+						}
+					case "disable_railgun":
+						if value, ok := d.GetOk(fmt.Sprintf("rules.%d.action_parameters.0.disable_zaraz", rulesCounter)); ok {
+							rule.ActionParameters.DisableRailgun = cloudflare.BoolPtr(value.(bool))
+						}
+					case "email_obfuscation":
+						if value, ok := d.GetOk(fmt.Sprintf("rules.%d.action_parameters.0.email_obfuscation", rulesCounter)); ok {
+							rule.ActionParameters.EmailObfuscation = cloudflare.BoolPtr(value.(bool))
+						}
+					case "mirage":
+						if value, ok := d.GetOk(fmt.Sprintf("rules.%d.action_parameters.0.mirage", rulesCounter)); ok {
+							rule.ActionParameters.Mirage = cloudflare.BoolPtr(value.(bool))
+						}
+					case "opportunistic_encryption":
+						if value, ok := d.GetOk(fmt.Sprintf("rules.%d.action_parameters.0.opportunistic_encryption", rulesCounter)); ok {
+							rule.ActionParameters.OpportunisticEncryption = cloudflare.BoolPtr(value.(bool))
+						}
+					case "polish":
+						if value, ok := d.GetOk(fmt.Sprintf("rules.%d.action_parameters.0.polish", rulesCounter)); ok {
+							p, _ := cloudflare.PolishFromString(value.(string))
+							rule.ActionParameters.Polish = p
+						}
+					case "rocket_loader":
+						if value, ok := d.GetOk(fmt.Sprintf("rules.%d.action_parameters.0.rocket_loader", rulesCounter)); ok {
+							rule.ActionParameters.RocketLoader = cloudflare.BoolPtr(value.(bool))
+						}
+					case "security_level":
+						if value, ok := d.GetOk(fmt.Sprintf("rules.%d.action_parameters.0.security_level", rulesCounter)); ok {
+							sl, _ := cloudflare.SecurityLevelFromString(value.(string))
+							rule.ActionParameters.SecurityLevel = sl
+						}
+					case "server_side_excludes":
+						if value, ok := d.GetOk(fmt.Sprintf("rules.%d.action_parameters.0.server_side_excludes", rulesCounter)); ok {
+							rule.ActionParameters.ServerSideExcludes = cloudflare.BoolPtr(value.(bool))
+						}
+					case "ssl":
+						if value, ok := d.GetOk(fmt.Sprintf("rules.%d.action_parameters.0.ssl", rulesCounter)); ok {
+							ssl, _ := cloudflare.SSLFromString(value.(string))
+							rule.ActionParameters.SSL = ssl
+						}
+					case "sxg":
+						if value, ok := d.GetOk(fmt.Sprintf("rules.%d.action_parameters.0.sxg", rulesCounter)); ok {
+							rule.ActionParameters.SXG = cloudflare.BoolPtr(value.(bool))
+						}
+					case "hotlink_protection":
+						if value, ok := d.GetOk(fmt.Sprintf("rules.%d.action_parameters.0.hotlink_protection", rulesCounter)); ok {
+							rule.ActionParameters.HotLinkProtection = cloudflare.BoolPtr(value.(bool))
+						}
 					case "sni":
 						for i := range pValue.([]interface{}) {
 							rule.ActionParameters.SNI = &cloudflare.RulesetRuleActionParametersSni{
 								Value: pValue.([]interface{})[i].(map[string]interface{})["value"].(string),
 							}
 						}
-
 					case "cache":
 						if value, ok := d.GetOk(fmt.Sprintf("rules.%d.action_parameters.0.cache", rulesCounter)); ok {
 							rule.ActionParameters.Cache = cloudflare.BoolPtr(value.(bool))

diff --git a/internal/provider/resource_cloudflare_ruleset_test.go b/internal/provider/resource_cloudflare_ruleset_test.go
@@ -1726,6 +1726,51 @@ func TestAccCloudflareRuleset_CacheSettings(t *testing.T) {
 	})
 }
 
+func TestAccCloudflareRuleset_Config(t *testing.T) {
+	t.Parallel()
+	rnd := generateRandomResourceName()
+	zoneID := os.Getenv("CLOUDFLARE_ZONE_ID")
+	resourceName := "cloudflare_ruleset." + rnd
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: providerFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCloudflareRulesetConfigAllEnabled(rnd, "my basic config ruleset", zoneID),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "name", "my basic config ruleset"),
+					resource.TestCheckResourceAttr(resourceName, "description", rnd+" ruleset description"),
+					resource.TestCheckResourceAttr(resourceName, "kind", "zone"),
+					resource.TestCheckResourceAttr(resourceName, "phase", "http_config_settings"),
+
+					resource.TestCheckResourceAttr(resourceName, "rules.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action", "set_config"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.description", rnd+" set config rule"),
+
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.automatic_https_rewrites", "true"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.autominify.0.html", "true"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.autominify.0.css", "true"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.autominify.0.js", "true"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.bic", "true"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.disable_apps", "true"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.disable_zaraz", "true"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.disable_railgun", "true"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.email_obfuscation", "true"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.mirage", "true"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.opportunistic_encryption", "true"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.polish", "off"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.rocket_loader", "true"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.security_level", "off"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.server_side_excludes", "true"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.ssl", "off"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.sxg", "true"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.hotlink_protection", "true"),
+				),
+			},
+		},
+	})
+}
 func TestAccCloudflareRuleset_Redirect(t *testing.T) {
 	t.Parallel()
 	rnd := generateRandomResourceName()
@@ -3061,6 +3106,46 @@ func testAccCloudflareRulesetCacheSettingsCustomKeyEmpty(rnd, accountID, zoneID
   }`, rnd, accountID, zoneID)
 }
 
+func testAccCloudflareRulesetConfigAllEnabled(rnd, accountID, zoneID string) string {
+	return fmt.Sprintf(`
+  resource "cloudflare_ruleset" "%[1]s" {
+	zone_id     = "%[3]s"
+    name        = "%[2]s"
+    description = "%[1]s ruleset description"
+    kind        = "zone"
+    phase       = "http_config_settings"
+
+    rules {
+      action = "set_config"
+      action_parameters {
+		automatic_https_rewrites = true
+		autominify {
+			html = true
+			css = true
+			js = true
+		}
+		bic = true
+		disable_apps = true
+		disable_zaraz = true
+		disable_railgun = true
+		email_obfuscation = true
+		mirage = true
+		opportunistic_encryption = true
+		polish = "off"
+		rocket_loader = true
+		security_level = "off"
+		server_side_excludes = true
+		ssl = "off"
+		sxg = true
+		hotlink_protection = true
+      }
+	  expression = "true"
+	  description = "%[1]s set config rule"
+	  enabled = true
+    }
+  }`, rnd, accountID, zoneID)
+}
+
 func testAccCloudflareRulesetRedirectFromList(rnd, accountID string) string {
 	return fmt.Sprintf(`
   resource "cloudflare_list" "list-%[1]s" {

diff --git a/internal/provider/schema_cloudflare_ruleset.go b/internal/provider/schema_cloudflare_ruleset.go
@@ -462,6 +462,105 @@ func resourceCloudflareRulesetSchema() map[string]*schema.Schema {
 									Optional:    true,
 									Description: "Whether to cache if expression matches.",
 								},
+								"automatic_https_rewrites": {
+									Type:        schema.TypeBool,
+									Optional:    true,
+									Description: "Turn on or off Cloudflare Automatic HTTPS rewrites.",
+								},
+								"autominify": {
+									Type:        schema.TypeList,
+									Optional:    true,
+									Description: "Indicate which file extensions to minify automatically.",
+									Elem: &schema.Resource{
+										Schema: map[string]*schema.Schema{
+											"html": {
+												Type:        schema.TypeBool,
+												Optional:    true,
+												Description: "HTML minification.",
+											},
+											"css": {
+												Type:        schema.TypeBool,
+												Optional:    true,
+												Description: "SSL minification.",
+											},
+											"js": {
+												Type:        schema.TypeBool,
+												Optional:    true,
+												Description: "JS minification.",
+											},
+										},
+									},
+								},
+								"bic": {
+									Type:        schema.TypeBool,
+									Optional:    true,
+									Description: "Inspect the visitor's browser for headers commonly associated with spammers and certain bots.",
+								},
+								"disable_apps": {
+									Type:        schema.TypeBool,
+									Optional:    true,
+									Description: "Turn off all active Cloudflare Apps.",
+								},
+								"disable_zaraz": {
+									Type:        schema.TypeBool,
+									Optional:    true,
+									Description: "Turn off zaraz feature.",
+								},
+								"disable_railgun": {
+									Type:        schema.TypeBool,
+									Optional:    true,
+									Description: "Turn off railgun feature of the Cloudflare Speed app.",
+								},
+								"email_obfuscation": {
+									Type:        schema.TypeBool,
+									Optional:    true,
+									Description: "Turn on or off the Cloudflare Email Obfuscation feature of the Cloudflare Scrape Shield app.",
+								},
+								"mirage": {
+									Type:        schema.TypeBool,
+									Optional:    true,
+									Description: "Turn on or off Cloudflare Mirage of the Cloudflare Speed app.",
+								},
+								"opportunistic_encryption": {
+									Type:        schema.TypeBool,
+									Optional:    true,
+									Description: "Turn on or off the Cloudflare Opportunistic Encryption feature of the Edge Certificates tab in the Cloudflare SSL/TLS app.",
+								},
+								"polish": {
+									Type:        schema.TypeString,
+									Optional:    true,
+									Description: "Apply options from the Polish feature of the Cloudflare Speed app.",
+								},
+								"rocket_loader": {
+									Type:        schema.TypeBool,
+									Optional:    true,
+									Description: "Turn on or off Cloudflare Rocket Loader in the Cloudflare Speed app.",
+								},
+								"security_level": {
+									Type:        schema.TypeString,
+									Optional:    true,
+									Description: "Control options for the Security Level feature from the Security app.",
+								},
+								"server_side_excludes": {
+									Type:        schema.TypeBool,
+									Optional:    true,
+									Description: "Turn on or off the Server Side Excludes feature of the Cloudflare Scrape Shield app.",
+								},
+								"ssl": {
+									Type:        schema.TypeString,
+									Optional:    true,
+									Description: "Control options for the SSL feature of the Edge Certificates tab in the Cloudflare SSL/TLS app.",
+								},
+								"sxg": {
+									Type:        schema.TypeBool,
+									Optional:    true,
+									Description: "Turn on or off the SXG feature.",
+								},
+								"hotlink_protection": {
+									Type:        schema.TypeBool,
+									Optional:    true,
+									Description: "Turn on or off the hotlink protection feature.",
+								},
 								"edge_ttl": {
 									Type:        schema.TypeList,
 									Optional:    true,