cloudflare · jacobbednarz · Jan 10, 2023 · Jan 10, 2023
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/cloudflare_device_posture_rule: add ability to create crowdstrike s2s posture rule creation
+```
@@ -39,7 +39,7 @@ resource "cloudflare_device_posture_rule" "eaxmple" {
 ### Required
 
 - `account_id` (String) The account identifier to target for the resource.
-- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `workspace_one`, `unique_client_id`.
+- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`.
 
 ### Optional
 
@@ -74,6 +74,11 @@ Optional:
 - `sha256` (String) The sha256 hash of the file.
 - `thumbprint` (String) The thumbprint of the file certificate.
 - `version` (String) The operating system semantic version.
+- `os` (String) OS signal score from Crowdstrike. (1 to 100.).
+- `overall` (String) Overall ZTA score from Crowdstrike. (1 to 100.)
+- `sensor_config` (String) Sensor signal score from Crowdstrike. (1 to 100.)
+- `version_operator` The version comparison operator for crowdstrike.  (">", ">=", "<", "<=", "==")
+
 
 
 <a id="nestedblock--match"></a>

@@ -203,6 +203,18 @@ func setDevicePostureRuleInput(rule *cloudflare.DevicePostureRule, d *schema.Res
 		if osDistroRevision, ok := d.GetOk("input.0.os_distro_revision"); ok {
 			input.OsDistroRevision = osDistroRevision.(string)
 		}
+		if os, ok := d.GetOk("input.0.os"); ok {
+			input.Os = os.(string)
+		}
+		if overall, ok := d.GetOk("input.0.overall"); ok {
+			input.Overall = overall.(string)
+		}
+		if sensorConfig, ok := d.GetOk("input.0.sensor_config"); ok {
+			input.SensorConfig = sensorConfig.(string)
+		}
+		if versionOperator, ok := d.GetOk("input.0.version_operator"); ok {
+			input.VersionOperator = versionOperator.(string)
+		}
 		rule.Input = input
 	}
 }
@@ -255,6 +267,10 @@ func convertInputToSchema(input cloudflare.DevicePostureRuleInput) []map[string]
 		"domain":             input.Domain,
 		"compliance_status":  input.ComplianceStatus,
 		"connection_id":      input.ConnectionID,
+		"os":                 input.Os,
+		"overall":            input.Overall,
+		"sensor_config":      input.SensorConfig,
+		"version_operator":   input.VersionOperator,
 	}
 
 	return []map[string]interface{}{m}

@@ -216,6 +216,43 @@ func TestAccCloudflareDevicePostureRule_DiskEncryption(t *testing.T) {
 	})
 }
 
+func TestAccCloudflareDevicePostureRule_CrowdstrikeS2S(t *testing.T) {
+	// Temporarily unset CLOUDFLARE_API_TOKEN if it is set as the Access
+	// service does not yet support the API tokens and it results in
+	// misleading state error messages.
+	if os.Getenv("CLOUDFLARE_API_TOKEN") != "" {
+		t.Setenv("CLOUDFLARE_API_TOKEN", "")
+	}
+
+	rnd := generateRandomResourceName()
+	name := fmt.Sprintf("cloudflare_device_posture_rule.%s", rnd)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		ProviderFactories: providerFactories,
+		CheckDestroy:      testAccCheckCloudflareDevicePostureRuleDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCloudflareDevicePostureRuleConfigDiskEncryption(rnd, accountID),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(name, "account_id", accountID),
+					resource.TestCheckResourceAttr(name, "name", rnd),
+					resource.TestCheckResourceAttr(name, "type", "crowdstrike_s2s"),
+					resource.TestCheckResourceAttr(name, "description", "My description"),
+					resource.TestCheckResourceAttr(name, "schedule", "24h"),
+					resource.TestCheckResourceAttr(name, "expiration", "24h"),
+					resource.TestCheckResourceAttr(name, "match.0.platform", "mac"),
+					resource.TestCheckResourceAttr(name, "input.0.connection_id", "af8d87a7-1272-4932-92b8-208ffbead88e"),
+					resource.TestCheckResourceAttr(name, "input.0.version_operator", "<>"),
+					resource.TestCheckResourceAttr(name, "input.0.version", "true"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCloudflareDevicePostureRuleConfigSerialNumber(rnd, accountID string) string {
 	return fmt.Sprintf(`
 resource "cloudflare_device_posture_rule" "%[1]s" {

@@ -17,8 +17,8 @@ func resourceCloudflareDevicePostureRuleSchema() map[string]*schema.Schema {
 		"type": {
 			Type:         schema.TypeString,
 			Required:     true,
-			ValidateFunc: validation.StringInSlice([]string{"serial_number", "file", "application", "gateway", "warp", "domain_joined", "os_version", "disk_encryption", "firewall", "workspace_one", "unique_client_id"}, false),
-			Description:  fmt.Sprintf("The device posture rule type. %s", renderAvailableDocumentationValuesStringSlice([]string{"serial_number", "file", "application", "gateway", "warp", "domain_joined", "os_version", "disk_encryption", "firewall", "workspace_one", "unique_client_id"})),
+			ValidateFunc: validation.StringInSlice([]string{"serial_number", "file", "application", "gateway", "warp", "domain_joined", "os_version", "disk_encryption", "firewall", "workspace_one", "unique_client_id", "crowdstrike_s2s"}, false),
+			Description:  fmt.Sprintf("The device posture rule type. %s", renderAvailableDocumentationValuesStringSlice([]string{"serial_number", "file", "application", "gateway", "warp", "domain_joined", "os_version", "disk_encryption", "firewall", "workspace_one", "unique_client_id", "crowdstrike_s2s"})),
 		},
 		"name": {
 			Type:        schema.TypeString,
@@ -141,6 +141,27 @@ func resourceCloudflareDevicePostureRuleSchema() map[string]*schema.Schema {
 						Optional:    true,
 						Description: "The operating system version excluding OS name information or release name.",
 					},
+					"os": {
+						Type:        schema.TypeString,
+						Optional:    true,
+						Description: "OS signal score from Crowdstrike. (1 to 100.)",
+					},
+					"overall": {
+						Type:        schema.TypeString,
+						Optional:    true,
+						Description: "Overall ZTA score from Crowdstrike. (1 to 100.)",
+					},
+					"sensor_config": {
+						Type:        schema.TypeString,
+						Optional:    true,
+						Description: "Sensor signal score from Crowdstrike. (1 to 100.)",
+					},
+					"version_operator": {
+						Type:         schema.TypeString,
+						Optional:     true,
+						ValidateFunc: validation.StringInSlice([]string{">", ">=", "<", "<=", "=="}, true),
+						Description:  "The version comparison operator for crowdstrike. (\" > \", \" >= \", \" < \", \" <= \", \" == \")",
+					},
 				},
 			},
 		},