Tips-Of-Mine/terraform-cloudflare-tunnel-zone-org
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Update access_rule_groups.tf
Some checks failed
Terraform Apply / Terraform Apply (push) Failing after 12s
Details

Browse Source
This commit is contained in:
Hubert Cornet
2025-11-16 12:14:32 +01:00
parent 8104b5c149
commit b1b7ca965b
1 changed files with 101 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

202
access_rule_groups.tf
View File

@@ -1,15 +1,15 @@
#========================================================== #==========================================================
# Local Variables # Local Variables
#========================================================== #==========================================================
locals { #locals {
# SAML groups from Okta # SAML groups from Okta
saml_groups = { # saml_groups = {
contractors = "Contractors" # contractors = "Contractors"
infrastructure_admin = "InfrastructureAdmin" # infrastructure_admin = "InfrastructureAdmin"
sales_engineering = "SalesEngineering" # sales_engineering = "SalesEngineering"
sales = "Sales" # sales = "Sales"
it_admin = "ITAdmin" # it_admin = "ITAdmin"
} # }
# Azure AD groups # Azure AD groups
# azure_groups = { # azure_groups = {
@@ -19,16 +19,16 @@ locals {
# } # }
# Allowed countries # Allowed countries
allowed_countries = ["FR", "DE", "US", "GB"] # allowed_countries = ["FR", "DE", "US", "GB"]
blocked_countries = ["CN", "RU", "AF", "BY", "CD", "CU", "IR", "IQ", "KP", "MM", "SD", "SY", "UA", "ZW"] # blocked_countries = ["CN", "RU", "AF", "BY", "CD", "CU", "IR", "IQ", "KP", "MM", "SD", "SY", "UA", "ZW"]
# OS posture checks # OS posture checks
os_posture_checks = [ # os_posture_checks = [
var.cloudflare_linux_posture_id, # var.cloudflare_linux_posture_id,
var.cloudflare_macos_posture_id, # var.cloudflare_macos_posture_id,
var.cloudflare_windows_posture_id # var.cloudflare_windows_posture_id
] # ]
} #}
#================================================== #==================================================
# Default Rule Groups # Default Rule Groups
@@ -45,101 +45,101 @@ resource "cloudflare_zero_trust_access_group" "default_groups" {
#================================================== #==================================================
# Geographic Rule Groups # Geographic Rule Groups
#=================================================== #===================================================
resource "cloudflare_zero_trust_access_group" "country_requirements_rule_group" { #resource "cloudflare_zero_trust_access_group" "country_requirements_rule_group" {
account_id = local.cloudflare_account_id # account_id = local.cloudflare_account_id
name = "Country Requirements" # name = "Country Requirements"
#
include = [ # include = [
for country in local.allowed_countries : { # for country in local.allowed_countries : {
geo = { # geo = {
country_code = country # country_code = country
} # }
} # }
] # ]
exclude = [ # exclude = [
for country in local.blocked_countries : { # for country in local.blocked_countries : {
geo = { # geo = {
country_code = country # country_code = country
} # }
} # }
] # ]
} #}
#================================================== #==================================================
# Device Posture Rule Groups # Device Posture Rule Groups
#=================================================== #===================================================
resource "cloudflare_zero_trust_access_group" "latest_os_version_requirements_rule_group" { #resource "cloudflare_zero_trust_access_group" "latest_os_version_requirements_rule_group" {
account_id = local.cloudflare_account_id # account_id = local.cloudflare_account_id
name = "Latest OS Version Requirements" # name = "Latest OS Version Requirements"
#
include = [ # include = [
for posture_id in local.os_posture_checks : { # for posture_id in local.os_posture_checks : {
device_posture = { # device_posture = {
integration_uid = posture_id # integration_uid = posture_id
} # }
} # }
] # ]
} #}
#================================================== #==================================================
# Composite Rule Groups # Composite Rule Groups
#=================================================== #===================================================
resource "cloudflare_zero_trust_access_group" "employees_rule_group" { #resource "cloudflare_zero_trust_access_group" "employees_rule_group" {
account_id = local.cloudflare_account_id # account_id = local.cloudflare_account_id
name = "Employees" # name = "Employees"
#
# include = [
# for group_key in ["it_admin", "sales", "sales_engineering", "infrastructure_admin"] : {
# group = {
# id = cloudflare_zero_trust_access_group.saml_groups[group_key].id
# }
# }
# ]
#}
include = [ #resource "cloudflare_zero_trust_access_group" "sales_team_rule_group" {
for group_key in ["it_admin", "sales", "sales_engineering", "infrastructure_admin"] : { # account_id = local.cloudflare_account_id
group = { # name = "Sales Team"
id = cloudflare_zero_trust_access_group.saml_groups[group_key].id #
} # include = [
} # for group_key in ["sales", "sales_engineering"] : {
] # group = {
} # id = cloudflare_zero_trust_access_group.saml_groups[group_key].id
# }
# }
# ]
#}
resource "cloudflare_zero_trust_access_group" "sales_team_rule_group" { #resource "cloudflare_zero_trust_access_group" "admins_rule_group" {
account_id = local.cloudflare_account_id # account_id = local.cloudflare_account_id
name = "Sales Team" # name = "Administrators"
#
# include = [
# for group_key in ["it_admin", "infrastructure_admin"] : {
# group = {
# id = cloudflare_zero_trust_access_group.saml_groups[group_key].id
# }
# }
# ]
#}
include = [ #resource "cloudflare_zero_trust_access_group" "contractors_rule_group" {
for group_key in ["sales", "sales_engineering"] : { # account_id = local.cloudflare_account_id
group = { # name = "Contractors Extended"
id = cloudflare_zero_trust_access_group.saml_groups[group_key].id #
} # include = [
} # {
] # group = {
} # id = cloudflare_zero_trust_access_group.saml_groups["contractors"].id
# }
resource "cloudflare_zero_trust_access_group" "admins_rule_group" { # },
account_id = local.cloudflare_account_id # {
name = "Administrators" # email_domain = {
# domain = var.cloudflare_email_domain
include = [ # }
for group_key in ["it_admin", "infrastructure_admin"] : { # }
group = { # ]
id = cloudflare_zero_trust_access_group.saml_groups[group_key].id #}
}
}
]
}
resource "cloudflare_zero_trust_access_group" "contractors_rule_group" {
account_id = local.cloudflare_account_id
name = "Contractors Extended"
include = [
{
group = {
id = cloudflare_zero_trust_access_group.saml_groups["contractors"].id
}
},
{
email_domain = {
domain = var.cloudflare_email_domain
}
}
]
}
#================================================== #==================================================
# Azure AD Rule Groups # Azure AD Rule Groups