cloudflare · jacobbednarz · Oct 26, 2023 · Oct 25, 2023 · Oct 26, 2023 · Oct 26, 2023
diff --git a/.changelog/2878.txt b/.changelog/2878.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/cloudflare_teams_account: Add `non_identity_browser_isolation_enabled` field
+```
diff --git a/docs/resources/teams_account.md b/docs/resources/teams_account.md
@@ -77,12 +77,13 @@ resource "cloudflare_teams_account" "example" {
 - `block_page` (Block List, Max: 1) Configuration for a custom block page. (see [below for nested schema](#nestedblock--block_page))
 - `fips` (Block List, Max: 1) Configure compliance with Federal Information Processing Standards. (see [below for nested schema](#nestedblock--fips))
 - `logging` (Block List, Max: 1) (see [below for nested schema](#nestedblock--logging))
+- `non_identity_browser_isolation_enabled` (Boolean) Enable non-identity onramp for Browser Isolation. Defaults to `false`.
 - `payload_log` (Block List, Max: 1) Configuration for DLP Payload Logging. (see [below for nested schema](#nestedblock--payload_log))
 - `protocol_detection_enabled` (Boolean) Indicator that protocol detection is enabled.
 - `proxy` (Block List, Max: 1) Configuration block for specifying which protocols are proxied. (see [below for nested schema](#nestedblock--proxy))
 - `ssh_session_log` (Block List, Max: 1) Configuration for SSH Session Logging. (see [below for nested schema](#nestedblock--ssh_session_log))
 - `tls_decrypt_enabled` (Boolean) Indicator that decryption of TLS traffic is enabled.
-- `url_browser_isolation_enabled` (Boolean) Safely browse websites in Browser Isolation through a URL.
+- `url_browser_isolation_enabled` (Boolean) Safely browse websites in Browser Isolation through a URL. Defaults to `false`.
 
 ### Read-Only
 

diff --git a/internal/sdkv2provider/resource_cloudflare_access_policy_test.go b/internal/sdkv2provider/resource_cloudflare_access_policy_test.go
@@ -982,6 +982,7 @@ func testAccessPolicyIsolationRequiredConfig(resourceID, zone, accountID string)
 		protocol_detection_enabled = true
 		activity_log_enabled = true
 		url_browser_isolation_enabled = true
+		non_identity_browser_isolation_enabled = false
 		block_page {
 		  name = "%[1]s"
 		  enabled = true

diff --git a/internal/sdkv2provider/resource_cloudflare_teams_accounts.go b/internal/sdkv2provider/resource_cloudflare_teams_accounts.go
@@ -84,6 +84,9 @@ func resourceCloudflareTeamsAccountRead(ctx context.Context, d *schema.ResourceD
 		if err := d.Set("url_browser_isolation_enabled", configuration.Settings.BrowserIsolation.UrlBrowserIsolationEnabled); err != nil {
 			return diag.FromErr(fmt.Errorf("error parsing account url browser isolation enablement: %w", err))
 		}
+		if err := d.Set("non_identity_browser_isolation_enabled", configuration.Settings.BrowserIsolation.NonIdentityEnabled); err != nil {
+			return diag.FromErr(fmt.Errorf("error parsing account non-identity browser isolation enablement: %w", err))
+		}
 	}
 
 	logSettings, err := client.TeamsAccountLoggingConfiguration(ctx, accountID)
@@ -169,10 +172,9 @@ func resourceCloudflareTeamsAccountUpdate(ctx context.Context, d *schema.Resourc
 		updatedTeamsAccount.Settings.ActivityLog = &cloudflare.TeamsActivityLog{Enabled: activtyLog.(bool)}
 	}
 
-	//nolint:staticcheck
-	browserIsolation, ok := d.GetOkExists("url_browser_isolation_enabled")
-	if ok {
-		updatedTeamsAccount.Settings.BrowserIsolation = &cloudflare.BrowserIsolation{UrlBrowserIsolationEnabled: browserIsolation.(bool)}
+	updatedTeamsAccount.Settings.BrowserIsolation = &cloudflare.BrowserIsolation{
+		UrlBrowserIsolationEnabled: cloudflare.BoolPtr(d.Get("url_browser_isolation_enabled").(bool)),
+		NonIdentityEnabled:         cloudflare.BoolPtr(d.Get("non_identity_browser_isolation_enabled").(bool)),
 	}
 
 	tflog.Debug(ctx, fmt.Sprintf("Updating Cloudflare Teams Account configuration from struct: %+v", updatedTeamsAccount))

diff --git a/internal/sdkv2provider/resource_cloudflare_teams_accounts_test.go b/internal/sdkv2provider/resource_cloudflare_teams_accounts_test.go
@@ -54,6 +54,7 @@ func TestAccCloudflareTeamsAccounts_ConfigurationBasic(t *testing.T) {
 					resource.TestCheckResourceAttr(name, "proxy.0.root_ca", "true"),
 					resource.TestCheckResourceAttr(name, "payload_log.0.public_key", "EmpOvSXw8BfbrGCi0fhGiD/3yXk2SiV1Nzg2lru3oj0="),
 					resource.TestCheckResourceAttr(name, "ssh_session_log.0.public_key", "testvSXw8BfbrGCi0fhGiD/3yXk2SiV1Nzg2lru3oj0="),
+					resource.TestCheckResourceAttr(name, "non_identity_browser_isolation_enabled", "false"),
 				),
 			},
 		},
@@ -68,6 +69,7 @@ resource "cloudflare_teams_account" "%[1]s" {
   protocol_detection_enabled = true
   activity_log_enabled = true
   url_browser_isolation_enabled = true
+  non_identity_browser_isolation_enabled = false
   block_page {
     name = "%[1]s"
     enabled = true

diff --git a/internal/sdkv2provider/schema_cloudflare_teams_accounts.go b/internal/sdkv2provider/schema_cloudflare_teams_accounts.go
@@ -57,8 +57,15 @@ func resourceCloudflareTeamsAccountSchema() map[string]*schema.Schema {
 		"url_browser_isolation_enabled": {
 			Type:        schema.TypeBool,
 			Optional:    true,
+			Default:     false,
 			Description: "Safely browse websites in Browser Isolation through a URL.",
 		},
+		"non_identity_browser_isolation_enabled": {
+			Type:        schema.TypeBool,
+			Optional:    true,
+			Default:     false,
+			Description: "Enable non-identity onramp for Browser Isolation.",
+		},
 		"logging": {
 			Type:     schema.TypeList,
 			MaxItems: 1,