Update gateway_policy.tf
All checks were successful
Terraform Apply / Terraform Apply (push) Successful in 56s
All checks were successful
Terraform Apply / Terraform Apply (push) Successful in 56s
This commit is contained in:
@@ -21,15 +21,9 @@ resource "cloudflare_zero_trust_gateway_policy" "block_malware" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# POLICY: Block Ads
|
# POLICY: Block Ads
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
# Iterate through each ads_domain_list resource and extract its ID
|
|
||||||
ads_domain_lists = [for k, v in cloudflare_zero_trust_list.ads_domain_lists : v.id]
|
ads_domain_lists = [for k, v in cloudflare_zero_trust_list.ads_domain_lists : v.id]
|
||||||
|
|
||||||
# Format the values: remove dashes and prepend $
|
|
||||||
ads_domain_lists_formatted = [for v in local.ads_domain_lists : format("$%s", replace(v, "-", ""))]
|
ads_domain_lists_formatted = [for v in local.ads_domain_lists : format("$%s", replace(v, "-", ""))]
|
||||||
|
|
||||||
# Create filters to use in the policy
|
|
||||||
ads_ad_filters = formatlist("any(dns.domains[*] in %s)", local.ads_domain_lists_formatted)
|
ads_ad_filters = formatlist("any(dns.domains[*] in %s)", local.ads_domain_lists_formatted)
|
||||||
ads_ad_filter = join(" or ", local.ads_ad_filters)
|
ads_ad_filter = join(" or ", local.ads_ad_filters)
|
||||||
}
|
}
|
||||||
@@ -52,29 +46,13 @@ resource "cloudflare_zero_trust_gateway_policy" "block_ads" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
# The full path of the list holding the domain list
|
|
||||||
# ads_domain_list_file = file("${path.module}/lists/pihole_domain_list.txt")
|
|
||||||
ads_domain_list_file = "${path.module}/lists/pihole_domain_list.txt"
|
ads_domain_list_file = "${path.module}/lists/pihole_domain_list.txt"
|
||||||
|
|
||||||
# Parse the file and create a list, one item per line
|
|
||||||
#ads_domain_list = split("\n", file(local.ads_domain_list_file))
|
|
||||||
ads_domain_list = length(file(local.ads_domain_list_file)) > 0 ? split("\n", file(local.ads_domain_list_file)) : []
|
ads_domain_list = length(file(local.ads_domain_list_file)) > 0 ? split("\n", file(local.ads_domain_list_file)) : []
|
||||||
|
|
||||||
# Remove empty lines
|
|
||||||
ads_domain_list_clean = [for x in local.ads_domain_list : x if x != ""]
|
ads_domain_list_clean = [for x in local.ads_domain_list : x if x != ""]
|
||||||
|
|
||||||
# Use chunklist to split a list into fixed-size chunks
|
|
||||||
# It returns a list of lists
|
|
||||||
ads_aggregated_lists = chunklist(local.ads_domain_list_clean, 1000)
|
ads_aggregated_lists = chunklist(local.ads_domain_list_clean, 1000)
|
||||||
|
|
||||||
# Get the number of lists (chunks) created
|
|
||||||
ads_list_count = length(local.ads_aggregated_lists)
|
ads_list_count = length(local.ads_aggregated_lists)
|
||||||
|
|
||||||
# Formatage des domaines en identifiants Cloudflare
|
|
||||||
ads_domain_lists_new = [for k, v in cloudflare_zero_trust_list.ads_domain_lists : v.id]
|
ads_domain_lists_new = [for k, v in cloudflare_zero_trust_list.ads_domain_lists : v.id]
|
||||||
ads_domain_lists_formatted_new = [for v in local.ads_domain_lists_new : format("$%s", replace(v, "-", ""))]
|
ads_domain_lists_formatted_new = [for v in local.ads_domain_lists_new : format("$%s", replace(v, "-", ""))]
|
||||||
|
|
||||||
# Créer un filtre pour les domaines à bloquer
|
|
||||||
ads_ad_filters_new = formatlist("any(dns.domains[*] in %s)", local.ads_domain_lists_formatted_new)
|
ads_ad_filters_new = formatlist("any(dns.domains[*] in %s)", local.ads_domain_lists_formatted_new)
|
||||||
ads_ad_filter_new = join(" or ", local.ads_ad_filters_new)
|
ads_ad_filter_new = join(" or ", local.ads_ad_filters_new)
|
||||||
}
|
}
|
||||||
@@ -89,9 +67,8 @@ resource "cloudflare_zero_trust_list" "ads_domain_lists" {
|
|||||||
|
|
||||||
name = "ads_domain_list_${each.key}"
|
name = "ads_domain_list_${each.key}"
|
||||||
type = "DOMAIN"
|
type = "DOMAIN"
|
||||||
# items = each.value
|
|
||||||
items = [for domain in each.value : {
|
items = [for domain in each.value : {
|
||||||
value = domain # Chaque domaine est maintenant un objet avec une clé 'value'
|
value = domain
|
||||||
}]
|
}]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user