Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds ciphers to zone settings override #899

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions cloudflare/resource_cloudflare_zone_settings_override.go
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,15 @@ var resourceCloudflareZoneSettingsSchema = map[string]*schema.Schema{
86400, 604800, 2592000, 31536000}),
},

"ciphers": {
Type: schema.TypeList,
Optional: true,
Computed: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},

"development_mode": {
Type: schema.TypeString,
ValidateFunc: validation.StringInSlice([]string{"on", "off"}, false),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,8 @@ func TestAccCloudflareZoneSettingsOverride_Full(t *testing.T) {
name, "settings.0.zero_rtt", "off"),
resource.TestCheckResourceAttr(
name, "settings.0.universal_ssl", "off"),
resource.TestCheckResourceAttr(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test is failing due to the setting not being persisted to state.

=== RUN   TestAccCloudflareZoneSettingsOverride_Full
    testing.go:705: Step 1 error: Check failed: Check 8/8 error: cloudflare_zone_settings_override.test: Attribute 'settings.0.ciphers' not found
--- FAIL: TestAccCloudflareZoneSettingsOverride_Full (21.01s)
FAIL
FAIL	github.com/cloudflare/terraform-provider-cloudflare/cloudflare	21.386s
FAIL

Check out the README for running these integration tests if you haven't already.

Instead of looking for specific values (which I don't think TypeList handles too well), just check the number of elements. This line would become resource.TestCheckResourceAttr(name, "settings.0.ciphers.#", "2") however if you swap it to that, you'll see it's empty without any elements too.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mmm now it fails with:

Error: error from makeRequest: HTTP status 400: content "{\"success\":false,\"errors\":[{\"code\":1023,\"message\":\"Advanced Certificate Manager is required to set custom cipher suites\"}],\"messages\":[],\"result\":null}"

seems it requires some extra configuration tobe enabled...

name, "settings.0.ciphers", "[\"ECDHE-RSA-AES128-GCM-SHA256\", \"AES128-SHA\"]"),
),
},
},
Expand Down Expand Up @@ -245,6 +247,7 @@ resource "cloudflare_zone_settings_override" "test" {
zone_id = "%s"
settings {
brotli = "on"
ciphers = ["ECDHE-RSA-AES128-GCM-SHA256", "AES128-SHA"]
challenge_ttl = 2700
security_level = "high"
opportunistic_encryption = "on"
Expand Down
1 change: 1 addition & 0 deletions website/docs/r/zone_settings_override.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ These can be specified as "on" or "off" string. Similar to boolean values, but h

### String Values

* `ciphers`. An allowlist of ciphers for TLS termination. These ciphers must be in the BoringSSL format. Default: `[]`
* `cache_level`. Allowed values: "aggressive" (default) - delivers a different resource each time the query string changes, "basic" - delivers resources from cache when there is no query string, "simplified" - delivers the same resource to everyone independent of the query string.
* `cname_flattening`. Allowed values: "flatten_at_root" (default), "flatten_all", "flatten_none".
* `h2_prioritization`. Allowed values: "on", "off" (default), "custom".
Expand Down