cloudflare · jacobbednarz · Feb 16, 2023 · Feb 15, 2023 · Feb 16, 2023 · Feb 16, 2023
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dlp_profile: Add new allowed_match_count field to profiles
+```
@@ -18,9 +18,10 @@ They are referenced in Zero Trust Gateway rules.
 ```terraform
 # Predefined profile
 resource "cloudflare_dlp_profile" "example_predefined" {
-  account_id  = "0da42c8d2132a9ddaf714f9e7c920711"
-  name        = "Example Predefined Profile"
-  type        = "predefined"
+  account_id          = "0da42c8d2132a9ddaf714f9e7c920711"
+  name                = "Example Predefined Profile"
+  type                = "predefined"
+  allowed_match_count = 0
 
   entry {
 	name = "Mastercard Card Number"
@@ -35,10 +36,11 @@ resource "cloudflare_dlp_profile" "example_predefined" {
 
 # Custom profile
 resource "cloudflare_dlp_profile" "example_custom" {
-  account_id  = "0da42c8d2132a9ddaf714f9e7c920711"
-  name        = "Example Custom Profile"
-  description = "A profile with example entries"
-  type        = "custom"
+  account_id          = "0da42c8d2132a9ddaf714f9e7c920711"
+  name                = "Example Custom Profile"
+  description         = "A profile with example entries"
+  type                = "custom"
+  allowed_match_count = 0
 
   entry {
 	name = "Matches visa credit cards"
@@ -72,6 +74,7 @@ resource "cloudflare_dlp_profile" "example_custom" {
 ### Optional
 
 - `description` (String) Brief summary of the profile and its intended use.
+- `allowed_match_count` (Number) Brief summary of the profile and its intended use.
 
 ### Read-Only
 

@@ -1,8 +1,9 @@
 # Predefined profile
 resource "cloudflare_dlp_profile" "example_predefined" {
-  account_id  = "0da42c8d2132a9ddaf714f9e7c920711"
-  name        = "Example Predefined Profile"
-  type        = "predefined"
+  account_id          = "0da42c8d2132a9ddaf714f9e7c920711"
+  name                = "Example Predefined Profile"
+  type                = "predefined"
+  allowed_match_count = 0
 
   entry {
 	name = "Mastercard Card Number"
@@ -17,10 +18,11 @@ resource "cloudflare_dlp_profile" "example_predefined" {
 
 # Custom profile
 resource "cloudflare_dlp_profile" "example_custom" {
-  account_id  = "0da42c8d2132a9ddaf714f9e7c920711"
-  name        = "Example Custom Profile"
-  description = "A profile with example entries"
-  type        = "custom"
+  account_id          = "0da42c8d2132a9ddaf714f9e7c920711"
+  name                = "Example Custom Profile"
+  description         = "A profile with example entries"
+  type                = "custom"
+  allowed_match_count = 0
 
   entry {
 	name = "Matches visa credit cards"

diff --git a/go.mod b/go.mod
@@ -5,7 +5,7 @@ go 1.19
 require (
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/apparentlymart/go-cidr v1.1.0 // indirect
-	github.com/cloudflare/cloudflare-go v0.60.0
+	github.com/cloudflare/cloudflare-go v0.61.0
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/errwrap v1.1.0 // indirect

diff --git a/go.sum b/go.sum
@@ -25,8 +25,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.60.0 h1:Lwt9Nok5LHAkFY4g5jOjbDLAdKpb5qDhQpvU0ie1eNc=
-github.com/cloudflare/cloudflare-go v0.60.0/go.mod h1:qmuJW7P3KCRXYSTHkV7uS9qTeacr8gkqE60ekUwapqQ=
+github.com/cloudflare/cloudflare-go v0.61.0 h1:h39WkNSA3CIMktE8rleiEwaJSc7bYCNCpzLAzCp//Kc=
+github.com/cloudflare/cloudflare-go v0.61.0/go.mod h1:9XgyMNcw8L8JhTKjasJNxx3vE7YM36g+GfNoIKxYPpI=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=

@@ -106,6 +106,7 @@ func resourceCloudflareDLPProfileRead(ctx context.Context, d *schema.ResourceDat
 	if dlpProfile.Description != "" {
 		d.Set("description", dlpProfile.Description)
 	}
+	d.Set("allowed_match_count", fmt.Sprintf("%d", dlpProfile.AllowedMatchCount))
 	entries := make([]interface{}, 0, len(dlpProfile.Entries))
 	for _, entry := range dlpProfile.Entries {
 		entries = append(entries, dlpEntryToSchema(entry))
@@ -122,9 +123,10 @@ func resourceCloudflareDLPProfileCreate(ctx context.Context, d *schema.ResourceD
 	identifier := cloudflare.AccountIdentifier(d.Get(consts.AccountIDSchemaKey).(string))
 
 	newDLPProfile := cloudflare.DLPProfile{
-		Name:        d.Get("name").(string),
-		Type:        d.Get("type").(string),
-		Description: d.Get("description").(string),
+		Name:              d.Get("name").(string),
+		Type:              d.Get("type").(string),
+		Description:       d.Get("description").(string),
+		AllowedMatchCount: d.Get("allowed_match_count").(int),
 	}
 
 	if newDLPProfile.Type == DLPProfileTypePredefined {
@@ -156,9 +158,10 @@ func resourceCloudflareDLPProfileUpdate(ctx context.Context, d *schema.ResourceD
 	client := meta.(*cloudflare.API)
 
 	updatedDLPProfile := cloudflare.DLPProfile{
-		ID:   d.Id(),
-		Name: d.Get("name").(string),
-		Type: d.Get("type").(string),
+		ID:                d.Id(),
+		Name:              d.Get("name").(string),
+		Type:              d.Get("type").(string),
+		AllowedMatchCount: d.Get("allowed_match_count").(int),
 	}
 	updatedDLPProfile.Description, _ = d.Get("description").(string)
 	if entries, ok := d.GetOk("entry"); ok {

@@ -24,6 +24,7 @@ func TestAccCloudflareDLPProfile_Custom(t *testing.T) {
 					resource.TestCheckResourceAttr(name, "name", rnd),
 					resource.TestCheckResourceAttr(name, "description", "custom profile"),
 					resource.TestCheckResourceAttr(name, "type", "custom"),
+					resource.TestCheckResourceAttr(name, "allowed_match_count", "0"),
 					resource.TestCheckResourceAttr(name, "entry.0.name", fmt.Sprintf("%s_entry1", rnd)),
 					resource.TestCheckResourceAttr(name, "entry.0.enabled", "true"),
 					resource.TestCheckResourceAttr(name, "entry.0.pattern.0.regex", "^4[0-9]"),
@@ -49,6 +50,7 @@ func TestAccCloudflareDLPProfile_Custom_MultipleEntries(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(name, "account_id", accountID),
 					resource.TestCheckResourceAttr(name, "name", rnd),
+					resource.TestCheckResourceAttr(name, "allowed_match_count", "0"),
 					resource.TestCheckResourceAttr(name, "description", "custom profile 2"),
 					resource.TestCheckResourceAttr(name, "type", "custom"),
 
@@ -71,13 +73,42 @@ func TestAccCloudflareDLPProfile_Custom_MultipleEntries(t *testing.T) {
 	})
 }
 
+func TestAccCloudflareDLPProfile_CustomWithAllowedMatchCount(t *testing.T) {
+	rnd := generateRandomResourceName()
+	name := fmt.Sprintf("cloudflare_dlp_profile.%s", rnd)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheckAccount(t)
+		},
+		ProviderFactories: providerFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCloudflareDLPProfileConfigCustomWithAllowedMatchCount(accountID, rnd, "custom profile", 42),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(name, "account_id", accountID),
+					resource.TestCheckResourceAttr(name, "name", rnd),
+					resource.TestCheckResourceAttr(name, "description", "custom profile"),
+					resource.TestCheckResourceAttr(name, "allowed_match_count", "42"),
+					resource.TestCheckResourceAttr(name, "type", "custom"),
+					resource.TestCheckResourceAttr(name, "entry.0.name", fmt.Sprintf("%s_entry1", rnd)),
+					resource.TestCheckResourceAttr(name, "entry.0.enabled", "true"),
+					resource.TestCheckResourceAttr(name, "entry.0.pattern.0.regex", "^4[0-9]"),
+					resource.TestCheckResourceAttr(name, "entry.0.pattern.0.validation", "luhn"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCloudflareDLPProfileConfigCustom(accountID, rnd, description string) string {
 	return fmt.Sprintf(`
 resource "cloudflare_dlp_profile" "%[1]s" {
   account_id                = "%[3]s"
   name                      = "%[1]s"
   description               = "%[2]s"
   type                      = "custom"
+  allowed_match_count       = 0
   entry {
 	name = "%[1]s_entry1"
 	enabled = true
@@ -93,9 +124,10 @@ resource "cloudflare_dlp_profile" "%[1]s" {
 func testAccCloudflareDLPProfileConfigCustomMultipleEntries(accountID, rnd, description string) string {
 	return fmt.Sprintf(`
 resource "cloudflare_dlp_profile" "%[1]s" {
-  account_id                  = "%[3]s"
+  account_id                = "%[3]s"
   name                      = "%[1]s"
   description               = "%[2]s"
+  allowed_match_count       = 0
   type                      = "custom"
   entry {
 	name = "%[1]s_entry1"
@@ -117,3 +149,23 @@ resource "cloudflare_dlp_profile" "%[1]s" {
 }
 `, rnd, description, accountID)
 }
+
+func testAccCloudflareDLPProfileConfigCustomWithAllowedMatchCount(accountID, rnd, description string, allowedMatchCount uint) string {
+	return fmt.Sprintf(`
+resource "cloudflare_dlp_profile" "%[1]s" {
+  account_id                = "%[3]s"
+  name                      = "%[1]s"
+  description               = "%[2]s"
+  allowed_match_count       = %[4]d
+  type                      = "custom"
+  entry {
+	name = "%[1]s_entry1"
+	enabled = true
+	pattern {
+		regex = "^4[0-9]"
+		validation = "luhn"
+	}
+  }
+}
+`, rnd, description, accountID, allowedMatchCount)
+}
@@ -92,5 +92,11 @@ func resourceCloudflareDLPProfileSchema() map[string]*schema.Schema {
 				Schema: resourceCloudflareDLPEntrySchema(),
 			},
 		},
+		"allowed_match_count": {
+			Type:         schema.TypeInt,
+			Description:  "Related DLP policies will trigger when the match count exceeds the number set.",
+			Required:     true,
+			ValidateFunc: validation.IntBetween(0, 1000),
+		},
 	}
 }