Merge pull request #11 from Flaconi/PLT-809-custom-log-fields

PLT-755 added ruleset for the http_log_custom_fields phase
Flaconi · Feb 2, 2024 · 2b4001d · 2b4001d
2 parents 6e9fe88 + 582ec3c
commit 2b4001d
Show file tree

Hide file tree

Showing 3 changed files with 82 additions and 19 deletions.
diff --git a/README.md b/README.md
@@ -140,6 +140,21 @@ object({
 
 Default: `{}`
 
+### <a name="input_bot_management"></a> [bot\_management](#input\_bot\_management)
+
+Description: Cloudflare bot management configuration.
+
+Type:
+
+```hcl
+object({
+    auto_update_model = optional(bool, false)
+    enable_js         = optional(bool, false)
+  })
+```
+
+Default: `{}`
+
 ### <a name="input_http_config_settings"></a> [http\_config\_settings](#input\_http\_config\_settings)
 
 Description: Cloudflare ruleset for phase http\_config\_settings. It override the zone settings per request by defining an expression.
@@ -159,20 +174,26 @@ list(object({
 
 Default: `[]`
 
-### <a name="input_bot_management"></a> [bot\_management](#input\_bot\_management)
+### <a name="input_http_log_custom_fields"></a> [http\_log\_custom\_fields](#input\_http\_log\_custom\_fields)
 
-Description: Cloudflare bot management configuration.
+Description: Cloudflare ruleset for phase http\_log\_custom\_fields.
 
 Type:
 
 ```hcl
-object({
-    auto_update_model = optional(bool, false)
-    enable_js         = optional(bool, false)
-  })
+list(object({
+    action_parameters = object({
+      request_fields  = optional(list(string))
+      response_fields = optional(list(string))
+      cookie_fields   = optional(list(string))
+    })
+    description = string
+    enabled     = optional(bool, true)
+    expression  = string
+  }))
 ```
 
-Default: `{}`
+Default: `[]`
 
 <!-- TFDOCS_INPUTS_END -->
 

diff --git a/main.tf b/main.tf
@@ -90,6 +90,12 @@ resource "cloudflare_zone_settings_override" "this" {
   }
 }
 
+resource "cloudflare_bot_management" "this" {
+  zone_id           = cloudflare_zone.this.id
+  auto_update_model = var.bot_management.auto_update_model
+  enable_js         = var.bot_management.enable_js
+}
+
 resource "cloudflare_ruleset" "http_config_settings" {
   count = length(var.http_config_settings) > 0 ? 1 : 0
 
@@ -114,8 +120,28 @@ resource "cloudflare_ruleset" "http_config_settings" {
   }
 }
 
-resource "cloudflare_bot_management" "this" {
-  zone_id           = cloudflare_zone.this.id
-  auto_update_model = var.bot_management.auto_update_model
-  enable_js         = var.bot_management.enable_js
+resource "cloudflare_ruleset" "http_log_custom_fields" {
+  count = length(var.http_log_custom_fields) > 0 ? 1 : 0
+
+  zone_id = cloudflare_zone.this.id
+  kind    = "zone"
+  name    = "Default ruleset for http_log_custom_fields phase"
+  phase   = "http_log_custom_fields"
+
+  dynamic "rules" {
+    for_each = var.http_log_custom_fields
+
+    content {
+      action      = "log_custom_field"
+      description = rules.value.description
+      enabled     = rules.value.enabled
+      expression  = rules.value.expression
+
+      action_parameters {
+        request_fields  = rules.value.action_parameters.request_fields
+        response_fields = rules.value.action_parameters.response_fields
+        cookie_fields   = rules.value.action_parameters.cookie_fields
+      }
+    }
+  }
 }
diff --git a/variables.tf b/variables.tf
@@ -90,6 +90,16 @@ variable "settings_override" {
   default = {}
 }
 
+# https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/bot_management
+variable "bot_management" {
+  description = "Cloudflare bot management configuration."
+  type = object({
+    auto_update_model = optional(bool, false)
+    enable_js         = optional(bool, false)
+  })
+  default = {}
+}
+
 # https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/ruleset
 variable "http_config_settings" {
   description = "Cloudflare ruleset for phase http_config_settings. It override the zone settings per request by defining an expression."
@@ -104,12 +114,18 @@ variable "http_config_settings" {
   default = []
 }
 
-# https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/bot_management
-variable "bot_management" {
-  description = "Cloudflare bot management configuration."
-  type = object({
-    auto_update_model = optional(bool, false)
-    enable_js         = optional(bool, false)
-  })
-  default = {}
+# https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/ruleset
+variable "http_log_custom_fields" {
+  description = "Cloudflare ruleset for phase http_log_custom_fields."
+  type = list(object({
+    action_parameters = object({
+      request_fields  = optional(list(string))
+      response_fields = optional(list(string))
+      cookie_fields   = optional(list(string))
+    })
+    description = string
+    enabled     = optional(bool, true)
+    expression  = string
+  }))
+  default = []
 }