Skip to content

Commit

Permalink
updated access app with access group policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@initd1
initd1 committed Oct 7, 2024
1 parent 766683c commit cd8e036
Show file tree
Hide file tree
Showing 4 changed files with 272 additions and 9 deletions.
3 changes: 2 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
*.tfvars
*.tfvars
*.tfstate.backup
36 changes: 30 additions & 6 deletions terraform/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ resource "cloudflare_zero_trust_tunnel_cloudflared_config" "tun1_config" {
# }
}
ingress_rule {
# Hostname to match the incoming request with
hostname = "kash"
path = "/service2"
service = "http://10.0.0.2:8080"
Expand All @@ -51,6 +52,8 @@ resource "cloudflare_zero_trust_tunnel_cloudflared_config" "tun1_config" {
}
}
ingress_rule {
# Hostname to match the incoming request with
hostname = "kash"
service = "https://10.0.0.3:8081"
origin_request {
connect_timeout = "2m0s"
Expand All @@ -67,15 +70,36 @@ resource "cloudflare_zero_trust_tunnel_cloudflared_config" "tun1_config" {
}
}

# Allowing access to `[email protected]` email address only
resource "cloudflare_zero_trust_access_group" "geo_policy" {
account_id = var.account_id
name = var.geo_policy_name

include {
geo = [ au, in ]
}
}

# Allowing access to `[email protected]` email address only
resource "cloudflare_zero_trust_access_group" "mail_policy" {
account_id = var.account_id
name = var.mail_policy_name

include {
email = [ "[email protected]" ]
}
}


resource "cloudflare_zero_trust_access_application" "app1" {
zone_id = var.zone_id
name = var.application1_name
domain = var.subdomain
type = "self_hosted"
session_duration = "24h"
session_duration = "4h"
auto_redirect_to_identity = false
# policies = [
# cloudflare_access_policy.example_1.id,
# cloudflare_access_policy.example_2.id
# ]
}
policies = [
cloudflare_zero_trust_access_group.mail_policy.id,
cloudflare_zero_trust_access_group.geo_policy.id
]
}
189 changes: 188 additions & 1 deletion terraform/terraform.tfstate
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,63 @@
{
"version": 4,
"terraform_version": "1.9.6",
"serial": 6,
"serial": 12,
"lineage": "82a14001-d6c0-3985-0419-c7a1e167ad0e",
"outputs": {},
"resources": [
{
"mode": "managed",
"type": "cloudflare_zero_trust_access_application",
"name": "app1",
"provider": "provider[\"registry.terraform.io/cloudflare/cloudflare\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"account_id": null,
"allow_authenticate_via_warp": false,
"allowed_idps": [],
"app_launcher_logo_url": "",
"app_launcher_visible": true,
"aud": "bc8c45f373f300ebd0d3aeb99b7d384c2b789dc3ff0dacb2aaf654f396dd778c",
"auto_redirect_to_identity": false,
"bg_color": "",
"cors_headers": [],
"custom_deny_message": "",
"custom_deny_url": "",
"custom_non_identity_deny_url": "",
"custom_pages": [],
"domain": "webserver1.kashyapvijay.com",
"enable_binding_cookie": false,
"footer_links": [],
"header_bg_color": "",
"http_only_cookie_attribute": false,
"id": "8e66e562-0843-4945-b11f-870afd448806",
"landing_page_design": [],
"logo_url": "",
"name": "app1",
"options_preflight_bypass": false,
"policies": [
"d10e39fb-0352-4c60-9f48-783ad806d015"
],
"saas_app": [],
"same_site_cookie_attribute": "",
"scim_config": [],
"self_hosted_domains": null,
"service_auth_401_redirect": false,
"session_duration": "24h",
"skip_app_launcher_login_page": false,
"skip_interstitial": false,
"tags": [],
"target_criteria": [],
"type": "self_hosted",
"zone_id": "6e0ba0e81e512d90d52375ad220793e5"
},
"sensitive_attributes": [],
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "cloudflare_zero_trust_tunnel_cloudflared",
Expand Down Expand Up @@ -49,6 +102,140 @@
}
]
},
{
"mode": "managed",
"type": "cloudflare_zero_trust_tunnel_cloudflared_config",
"name": "tun1_config",
"provider": "provider[\"registry.terraform.io/cloudflare/cloudflare\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"account_id": "05ebce6b92b983967ba9fca114da5171",
"config": [
{
"ingress_rule": [
{
"hostname": "kash",
"origin_request": [
{
"access": [
{
"aud_tag": null,
"required": true,
"team_name": ""
}
],
"bastion_mode": false,
"ca_pool": "",
"connect_timeout": "2m0s",
"disable_chunked_encoding": false,
"http2_origin": false,
"http_host_header": "",
"ip_rules": [],
"keep_alive_connections": 100,
"keep_alive_timeout": "1m30s",
"no_happy_eyeballs": false,
"no_tls_verify": false,
"origin_server_name": "",
"proxy_address": "127.0.0.1",
"proxy_port": 0,
"proxy_type": "",
"tcp_keep_alive": "30s",
"tls_timeout": "10s"
}
],
"path": "/service2",
"service": "http://10.0.0.2:8080"
},
{
"hostname": "kash",
"origin_request": [
{
"access": [
{
"aud_tag": null,
"required": true,
"team_name": ""
}
],
"bastion_mode": false,
"ca_pool": "",
"connect_timeout": "2m0s",
"disable_chunked_encoding": false,
"http2_origin": false,
"http_host_header": "",
"ip_rules": [],
"keep_alive_connections": 100,
"keep_alive_timeout": "1m30s",
"no_happy_eyeballs": false,
"no_tls_verify": false,
"origin_server_name": "",
"proxy_address": "127.0.0.1",
"proxy_port": 0,
"proxy_type": "",
"tcp_keep_alive": "30s",
"tls_timeout": "10s"
}
],
"path": "",
"service": "https://10.0.0.3:8081"
},
{
"hostname": "",
"origin_request": [],
"path": "",
"service": "http_status:404"
}
],
"origin_request": [
{
"access": [],
"bastion_mode": false,
"ca_pool": "",
"connect_timeout": "1m0s",
"disable_chunked_encoding": false,
"http2_origin": false,
"http_host_header": "",
"ip_rules": [],
"keep_alive_connections": 1024,
"keep_alive_timeout": "1m0s",
"no_happy_eyeballs": false,
"no_tls_verify": true,
"origin_server_name": "",
"proxy_address": "10.0.0.1",
"proxy_port": 8123,
"proxy_type": "socks",
"tcp_keep_alive": "1m0s",
"tls_timeout": "1m0s"
}
],
"warp_routing": [
{
"enabled": true
}
]
}
],
"id": "5e4d1a77-7ef4-4bb8-a0a7-ea1a54acd2ff",
"tunnel_id": "5e4d1a77-7ef4-4bb8-a0a7-ea1a54acd2ff"
},
"sensitive_attributes": [
[
{
"type": "get_attr",
"value": "account_id"
}
]
],
"private": "bnVsbA==",
"dependencies": [
"cloudflare_zero_trust_tunnel_cloudflared.tun1",
"random_id.tunnel_secret"
]
}
]
},
{
"mode": "managed",
"type": "random_id",
Expand Down
53 changes: 52 additions & 1 deletion terraform/terraform.tfstate.backup
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,61 @@
{
"version": 4,
"terraform_version": "1.9.6",
"serial": 6,
"serial": 9,
"lineage": "82a14001-d6c0-3985-0419-c7a1e167ad0e",
"outputs": {},
"resources": [
{
"mode": "managed",
"type": "cloudflare_zero_trust_access_application",
"name": "app1",
"provider": "provider[\"registry.terraform.io/cloudflare/cloudflare\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"account_id": null,
"allow_authenticate_via_warp": false,
"allowed_idps": null,
"app_launcher_logo_url": "",
"app_launcher_visible": true,
"aud": "bc8c45f373f300ebd0d3aeb99b7d384c2b789dc3ff0dacb2aaf654f396dd778c",
"auto_redirect_to_identity": false,
"bg_color": "",
"cors_headers": [],
"custom_deny_message": "",
"custom_deny_url": "",
"custom_non_identity_deny_url": "",
"custom_pages": null,
"domain": "webserver1.kashyapvijay.com",
"enable_binding_cookie": false,
"footer_links": [],
"header_bg_color": "",
"http_only_cookie_attribute": false,
"id": "8e66e562-0843-4945-b11f-870afd448806",
"landing_page_design": [],
"logo_url": "",
"name": "app1",
"options_preflight_bypass": false,
"policies": null,
"saas_app": [],
"same_site_cookie_attribute": "",
"scim_config": [],
"self_hosted_domains": null,
"service_auth_401_redirect": false,
"session_duration": "24h",
"skip_app_launcher_login_page": false,
"skip_interstitial": false,
"tags": null,
"target_criteria": [],
"type": "self_hosted",
"zone_id": "6e0ba0e81e512d90d52375ad220793e5"
},
"sensitive_attributes": [],
"private": "bnVsbA=="
}
]
},
{
"mode": "managed",
"type": "cloudflare_zero_trust_tunnel_cloudflared",
Expand Down

0 comments on commit cd8e036

Please sign in to comment.