Merge pull request #3792 from jroyal/jroyal/doc-update-auth-method

Add descriptions for Access rules
cloudflare · Sep 4, 2024 · 77d68a8 · 77d68a8
2 parents 71b5afc + 2272b8c
commit 77d68a8
Show file tree

Hide file tree

Showing 13 changed files with 542 additions and 494 deletions.
diff --git a/.changelog/3792.txt b/.changelog/3792.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/cloudflare_access_group: Added description strings to all rule types
+```
diff --git a/docs/data-sources/device_posture_rules.md b/docs/data-sources/device_posture_rules.md
@@ -28,7 +28,7 @@ data "cloudflare_device_posture_rules" "example" {
 ### Optional
 
 - `name` (String) Name of the Device Posture Rule.
-- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`.
+- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`.
 
 ### Read-Only
 

diff --git a/docs/resources/access_group.md b/docs/resources/access_group.md
diff --git a/docs/resources/access_policy.md b/docs/resources/access_policy.md
diff --git a/docs/resources/device_posture_rule.md b/docs/resources/device_posture_rule.md
@@ -78,7 +78,7 @@ Optional:
 - `is_active` (Boolean) True if SentinelOne device is active.
 - `issue_count` (String) The number of issues for kolide.
 - `last_seen` (String) The duration of time that the host was last seen from Crowdstrike. Must be in the format `1h` or `30m`. Valid units are `d`, `h` and `m`.
-- `locations` (Block List) List of locations to check for client certificate posture check. (see [below for nested schema](#nestedblock--certificate_locations))
+- `locations` (Block List) List of operating system locations to check for a client certificate.. (see [below for nested schema](#nestedblock--input--locations))
 - `network_status` (String) The network status from SentinelOne. Available values: `connected`, `disconnected`, `disconnecting`, `connecting`.
 - `operator` (String) The version comparison operator. Available values: `>`, `>=`, `<`, `<=`, `==`.
 - `os` (String) OS signal score from Crowdstrike. Value must be between 1 and 100.
@@ -96,23 +96,24 @@ Optional:
 - `thumbprint` (String) The thumbprint of the file certificate.
 - `total_score` (Number) The total score from Tanium.
 - `version` (String) The operating system semantic version.
-- `version_operator` (String) The version comparison operator for crowdstrike. Available values: `>`, `>=`, `<`, `<=`, `==`.
+- `version_operator` (String) The version comparison operator for Crowdstrike. Available values: `>`, `>=`, `<`, `<=`, `==`.
 
-
-<a id="nestedblock--match"></a>
-### Nested Schema for `match`
+<a id="nestedblock--input--locations"></a>
+### Nested Schema for `input.locations`
 
 Optional:
 
-- `platform` (String) The platform of the device. Available values: `windows`, `mac`, `linux`, `android`, `ios`, `chromeos`.
+- `paths` (Set of String) List of paths to check for client certificate rule.
+- `trust_stores` (Set of String) List of trust stores to check for client certificate rule. Available values: `system`, `user`.
+
 
-<a id="nestedblock--certificate_locations"></a>
-### Nested Schema for `locations`
+
+<a id="nestedblock--match"></a>
+### Nested Schema for `match`
 
 Optional:
 
-- `paths` (Set of String) List of paths to check for client certificate.
-- `trust_stores` (Set of String) List of trust stores to check for client certificate. Available values: `system`, `user`.
+- `platform` (String) The platform of the device. Available values: `windows`, `mac`, `linux`, `android`, `ios`, `chromeos`.
 
 ## Import
 

diff --git a/docs/resources/device_settings_policy.md b/docs/resources/device_settings_policy.md
@@ -60,7 +60,7 @@ resource "cloudflare_device_settings_policy" "developer_warp_policy" {
 - `service_mode_v2_port` (Number) The port to use for the proxy service mode. Required when using `service_mode_v2_mode`.
 - `support_url` (String) The support URL that will be opened when sending feedback.
 - `switch_locked` (Boolean) Enablement of the ZT client switch lock.
-- `tunnel_protocol` (String) Determines which tunnel protocol to use. Available values: `""`, `wireguard`, `masque`. Defaults to `wireguard`
+- `tunnel_protocol` (String) Determines which tunnel protocol to use. Available values: `""`, `wireguard`, `masque`. Defaults to `wireguard`.
 
 ### Read-Only
 

diff --git a/docs/resources/zero_trust_access_group.md b/docs/resources/zero_trust_access_group.md
diff --git a/docs/resources/zero_trust_access_policy.md b/docs/resources/zero_trust_access_policy.md
diff --git a/docs/resources/zero_trust_device_posture_rule.md b/docs/resources/zero_trust_device_posture_rule.md
@@ -40,7 +40,7 @@ resource "cloudflare_zero_trust_device_posture_rule" "eaxmple" {
 ### Required
 
 - `account_id` (String) The account identifier to target for the resource.
-- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`.
+- `type` (String) The device posture rule type. Available values: `serial_number`, `file`, `application`, `gateway`, `warp`, `domain_joined`, `os_version`, `disk_encryption`, `firewall`, `client_certificate`, `client_certificate_v2`, `workspace_one`, `unique_client_id`, `crowdstrike_s2s`, `sentinelone`, `kolide`, `tanium_s2s`, `intune`, `sentinelone_s2s`.
 
 ### Optional
 
@@ -63,19 +63,22 @@ Optional:
 - `active_threats` (Number) The number of active threats from SentinelOne.
 - `certificate_id` (String) The UUID of a Cloudflare managed certificate.
 - `check_disks` (Set of String) Specific volume(s) to check for encryption.
+- `check_private_key` (Boolean) Confirm the certificate was not imported from another device.
 - `cn` (String) The common name for a certificate.
 - `compliance_status` (String) The workspace one or intune device compliance status. `compliant` and `noncompliant` are values supported by both providers. `unknown`, `conflict`, `error`, `ingraceperiod` values are only supported by intune. Available values: `compliant`, `noncompliant`, `unknown`, `conflict`, `error`, `ingraceperiod`.
 - `connection_id` (String) The workspace one or intune connection id.
 - `count_operator` (String) The count comparison operator for kolide. Available values: `>`, `>=`, `<`, `<=`, `==`.
 - `domain` (String) The domain that the client must join.
-- `eid_last_seen` (String) The time a device last seen in Tanium. Must be in the format `1h` or `30m`. Valid units are `d`, `h` and `m`
+- `eid_last_seen` (String) The time a device last seen in Tanium. Must be in the format `1h` or `30m`. Valid units are `d`, `h` and `m`.
 - `enabled` (Boolean) True if the firewall must be enabled.
 - `exists` (Boolean) Checks if the file should exist.
+- `extended_key_usage` (Set of String) List of values indicating purposes for which the certificate public key can be used. Available values: `clientAuth`, `emailProtection`.
 - `id` (String) The Teams List id. Required for `serial_number` and `unique_client_id` rule types.
 - `infected` (Boolean) True if SentinelOne device is infected.
 - `is_active` (Boolean) True if SentinelOne device is active.
 - `issue_count` (String) The number of issues for kolide.
 - `last_seen` (String) The duration of time that the host was last seen from Crowdstrike. Must be in the format `1h` or `30m`. Valid units are `d`, `h` and `m`.
+- `locations` (Block List) List of operating system locations to check for a client certificate.. (see [below for nested schema](#nestedblock--input--locations))
 - `network_status` (String) The network status from SentinelOne. Available values: `connected`, `disconnected`, `disconnecting`, `connecting`.
 - `operator` (String) The version comparison operator. Available values: `>`, `>=`, `<`, `<=`, `==`.
 - `os` (String) OS signal score from Crowdstrike. Value must be between 1 and 100.
@@ -93,7 +96,16 @@ Optional:
 - `thumbprint` (String) The thumbprint of the file certificate.
 - `total_score` (Number) The total score from Tanium.
 - `version` (String) The operating system semantic version.
-- `version_operator` (String) The version comparison operator for crowdstrike. Available values: `>`, `>=`, `<`, `<=`, `==`.
+- `version_operator` (String) The version comparison operator for Crowdstrike. Available values: `>`, `>=`, `<`, `<=`, `==`.
+
+<a id="nestedblock--input--locations"></a>
+### Nested Schema for `input.locations`
+
+Optional:
+
+- `paths` (Set of String) List of paths to check for client certificate rule.
+- `trust_stores` (Set of String) List of trust stores to check for client certificate rule. Available values: `system`, `user`.
+
 
 
 <a id="nestedblock--match"></a>

diff --git a/docs/resources/zero_trust_device_profiles.md b/docs/resources/zero_trust_device_profiles.md
@@ -59,6 +59,7 @@ resource "cloudflare_zero_trust_device_profiles" "developer_warp_policy" {
 - `service_mode_v2_port` (Number) The port to use for the proxy service mode. Required when using `service_mode_v2_mode`.
 - `support_url` (String) The support URL that will be opened when sending feedback.
 - `switch_locked` (Boolean) Enablement of the ZT client switch lock.
+- `tunnel_protocol` (String) Determines which tunnel protocol to use. Available values: `""`, `wireguard`, `masque`. Defaults to `wireguard`.
 
 ### Read-Only
 

diff --git a/docs/resources/risk_score_integration.md → ...rces/zero_trust_risk_score_integration.md b/docs/resources/risk_score_integration.md → ...rces/zero_trust_risk_score_integration.md