Update access_groups.tf
Some checks failed
Terraform Apply / Terraform Apply (push) Failing after 12s
Some checks failed
Terraform Apply / Terraform Apply (push) Failing after 12s
This commit is contained in:
@@ -2,16 +2,60 @@
|
|||||||
# CLOUDFLARE : Access : Groups
|
# CLOUDFLARE : Access : Groups
|
||||||
# =============================================================================
|
# =============================================================================
|
||||||
|
|
||||||
#
|
locals {
|
||||||
#resource "cloudflare_zero_trust_access_policy" "allow_policie" {
|
# SAML groups from Okta
|
||||||
# account_id = local.cloudflare_account_id
|
saml_groups = {
|
||||||
# name = "Allow"
|
contractors = var.okta_contractors_saml_group_name
|
||||||
# decision = "allow"
|
infrastructure_admin = var.okta_infra_admin_saml_group_name
|
||||||
# session_duration = "24h"
|
sales_engineering = var.okta_sales_eng_saml_group_name
|
||||||
#
|
sales = var.okta_sales_saml_group_name
|
||||||
# include = [{
|
it_admin = var.okta_itadmin_saml_group_name
|
||||||
# group = {
|
}
|
||||||
# id = cloudflare_zero_trust_access_group.default_groups.id
|
|
||||||
# }
|
# Allowed countries
|
||||||
# }]
|
allowed_countries = ["FR", "DE", "US", "GB"]
|
||||||
#}
|
blocked_countries = ["CN", "RU", "AF", "BY", "CD", "CU", "IR", "IQ", "KP", "MM", "SD", "SY", "UA", "ZW"]
|
||||||
|
|
||||||
|
# OS posture checks
|
||||||
|
os_posture_checks = [
|
||||||
|
var.cf_linux_posture_id,
|
||||||
|
var.cf_macos_posture_id,
|
||||||
|
var.cf_windows_posture_id
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
# SAML Rule Groups
|
||||||
|
resource "cloudflare_zero_trust_access_group" "saml_groups" {
|
||||||
|
for_each = local.saml_groups
|
||||||
|
account_id = local.cloudflare_account_id
|
||||||
|
name = each.value
|
||||||
|
|
||||||
|
include = [{
|
||||||
|
saml = {
|
||||||
|
identity_provider_id = var.cf_okta_identity_provider_id
|
||||||
|
attribute_name = "groups"
|
||||||
|
attribute_value = each.value
|
||||||
|
}
|
||||||
|
}]
|
||||||
|
}
|
||||||
|
|
||||||
|
# Geographic Rule Groups
|
||||||
|
resource "cloudflare_zero_trust_access_group" "country_requirements_rule_group" {
|
||||||
|
account_id = local.cloudflare_account_id
|
||||||
|
name = "Country Requirements"
|
||||||
|
|
||||||
|
include = [
|
||||||
|
for country in local.allowed_countries : {
|
||||||
|
geo = {
|
||||||
|
country_code = country
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
exclude = [
|
||||||
|
for country in local.blocked_countries : {
|
||||||
|
geo = {
|
||||||
|
country_code = country
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user