From 288fac4c28a14fcdafe484ce6b8099f3701ceeae Mon Sep 17 00:00:00 2001 From: Hubert Cornet Date: Mon, 17 Nov 2025 15:25:15 +0100 Subject: [PATCH] Update gateway_policy.tf --- gateway_policy.tf | 47 ++++++++++++----------------------------------- 1 file changed, 12 insertions(+), 35 deletions(-) diff --git a/gateway_policy.tf b/gateway_policy.tf index e7b17e5..b92b301 100644 --- a/gateway_policy.tf +++ b/gateway_policy.tf @@ -21,17 +21,11 @@ resource "cloudflare_zero_trust_gateway_policy" "block_malware" { } # POLICY: Block Ads - locals { - # Iterate through each ads_domain_list resource and extract its ID - ads_domain_lists = [for k, v in cloudflare_zero_trust_list.ads_domain_lists : v.id] - - # Format the values: remove dashes and prepend $ + ads_domain_lists = [for k, v in cloudflare_zero_trust_list.ads_domain_lists : v.id] ads_domain_lists_formatted = [for v in local.ads_domain_lists : format("$%s", replace(v, "-", ""))] - - # Create filters to use in the policy - ads_ad_filters = formatlist("any(dns.domains[*] in %s)", local.ads_domain_lists_formatted) - ads_ad_filter = join(" or ", local.ads_ad_filters) + ads_ad_filters = formatlist("any(dns.domains[*] in %s)", local.ads_domain_lists_formatted) + ads_ad_filter = join(" or ", local.ads_ad_filters) } resource "cloudflare_zero_trust_gateway_policy" "block_ads" { @@ -52,31 +46,15 @@ resource "cloudflare_zero_trust_gateway_policy" "block_ads" { } locals { - # The full path of the list holding the domain list -# ads_domain_list_file = file("${path.module}/lists/pihole_domain_list.txt") - ads_domain_list_file = "${path.module}/lists/pihole_domain_list.txt" - - # Parse the file and create a list, one item per line - #ads_domain_list = split("\n", file(local.ads_domain_list_file)) - ads_domain_list = length(file(local.ads_domain_list_file)) > 0 ? split("\n", file(local.ads_domain_list_file)) : [] - - # Remove empty lines - ads_domain_list_clean = [for x in local.ads_domain_list : x if x != ""] - - # Use chunklist to split a list into fixed-size chunks - # It returns a list of lists - ads_aggregated_lists = chunklist(local.ads_domain_list_clean, 1000) - - # Get the number of lists (chunks) created - ads_list_count = length(local.ads_aggregated_lists) - - # Formatage des domaines en identifiants Cloudflare - ads_domain_lists_new = [for k, v in cloudflare_zero_trust_list.ads_domain_lists : v.id] + ads_domain_list_file = "${path.module}/lists/pihole_domain_list.txt" + ads_domain_list = length(file(local.ads_domain_list_file)) > 0 ? split("\n", file(local.ads_domain_list_file)) : [] + ads_domain_list_clean = [for x in local.ads_domain_list : x if x != ""] + ads_aggregated_lists = chunklist(local.ads_domain_list_clean, 1000) + ads_list_count = length(local.ads_aggregated_lists) + ads_domain_lists_new = [for k, v in cloudflare_zero_trust_list.ads_domain_lists : v.id] ads_domain_lists_formatted_new = [for v in local.ads_domain_lists_new : format("$%s", replace(v, "-", ""))] - - # Créer un filtre pour les domaines à bloquer - ads_ad_filters_new = formatlist("any(dns.domains[*] in %s)", local.ads_domain_lists_formatted_new) - ads_ad_filter_new = join(" or ", local.ads_ad_filters_new) + ads_ad_filters_new = formatlist("any(dns.domains[*] in %s)", local.ads_domain_lists_formatted_new) + ads_ad_filter_new = join(" or ", local.ads_ad_filters_new) } resource "cloudflare_zero_trust_list" "ads_domain_lists" { @@ -89,9 +67,8 @@ resource "cloudflare_zero_trust_list" "ads_domain_lists" { name = "ads_domain_list_${each.key}" type = "DOMAIN" -# items = each.value items = [for domain in each.value : { - value = domain # Chaque domaine est maintenant un objet avec une clé 'value' + value = domain }] }