cloudflare · jacobbednarz · Oct 28, 2022 · Oct 19, 2022 · Oct 19, 2022 · Oct 19, 2022
@@ -0,0 +1,3 @@
+```release-note:new-resource
+cloudflare_total_tls
+```
@@ -0,0 +1,37 @@
+---
+page_title: "cloudflare_total_tls Resource - Cloudflare"
+subcategory: ""
+description: |-
+  Provides a resource which manages Total TLS for a zone.
+---
+
+# cloudflare_total_tls (Resource)
+
+Provides a resource which manages Total TLS for a zone.
+
+## Example Usage
+
+```terraform
+resource "cloudflare_total_tls" "example" {
+  zone_id               = "0da42c8d2132a9ddaf714f9e7c920711"
+  enabled               = true
+  certificate_authority = "lets_encrypt"
+}
+```
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `enabled` (Boolean) Enable Total TLS for the zone.
+- `zone_id` (String) The zone identifier to target for the resource.
+
+### Optional
+
+- `certificate_authority` (String) The Certificate Authority that Total TLS certificates will be issued through. Available values: `google`, `lets_encrypt`.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+
@@ -0,0 +1,5 @@
+resource "cloudflare_total_tls" "example" {
+  zone_id               = "0da42c8d2132a9ddaf714f9e7c920711"
+  enabled               = true
+  certificate_authority = "lets_encrypt"
+}
@@ -254,6 +254,7 @@ func New(version string) func() *schema.Provider {
 				"cloudflare_teams_location":                         resourceCloudflareTeamsLocation(),
 				"cloudflare_teams_proxy_endpoint":                   resourceCloudflareTeamsProxyEndpoint(),
 				"cloudflare_teams_rule":                             resourceCloudflareTeamsRule(),
+				"cloudflare_total_tls":                              resourceCloudflareTotalTLS(),
 				"cloudflare_tunnel_route":                           resourceCloudflareTunnelRoute(),
 				"cloudflare_tunnel_virtual_network":                 resourceCloudflareTunnelVirtualNetwork(),
 				"cloudflare_user_agent_blocking_rule":               resourceCloudflareUserAgentBlockingRules(),

@@ -0,0 +1,67 @@
+package provider
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/MakeNowJust/heredoc/v2"
+	"github.com/cloudflare/cloudflare-go"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func resourceCloudflareTotalTLS() *schema.Resource {
+	return &schema.Resource{
+		Schema:        resourceCloudflareTotalTLSSchema(),
+		CreateContext: resourceCloudflareTotalSSLUpdate,
+		ReadContext:   resourceCloudflareTotalSSLRead,
+		UpdateContext: resourceCloudflareTotalSSLUpdate,
+		DeleteContext: resourceCloudflareTotalSSLDelete,
+		Description: heredoc.Doc(`
+			Provides a resource which manages Total TLS for a zone.
+		`),
+	}
+}
+
+func resourceCloudflareTotalSSLUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client := meta.(*cloudflare.API)
+	zoneID := d.Get("zone_id").(string)
+	settings := cloudflare.TotalTLS{
+		Enabled: cloudflare.BoolPtr(d.Get("enabled").(bool)),
+	}
+	if certificateAuthority, ok := d.GetOk("certificate_authority"); ok {
+		settings.CertificateAuthority = certificateAuthority.(string)
+	}
+	_, err := client.SetTotalTLS(ctx, cloudflare.ZoneIdentifier(zoneID), settings)
+	if err != nil {
+		return diag.FromErr(fmt.Errorf("error creating updating total TLS: %w", err))
+	}
+	d.SetId(zoneID)
+	return resourceCloudflareTotalSSLRead(ctx, d, meta)
+}
+
+func resourceCloudflareTotalSSLRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client := meta.(*cloudflare.API)
+	zoneID := d.Get("zone_id").(string)
+
+	result, err := client.GetTotalTLS(ctx, cloudflare.ZoneIdentifier(zoneID))
+	if err != nil {
+		return diag.FromErr(fmt.Errorf("error creating updating total TLS: %w", err))
+	}
+	d.SetId(zoneID)
+	d.Set("enabled", result.Enabled)
+	d.Set("certificate_authority", result.CertificateAuthority)
+	return nil
+}
+
+func resourceCloudflareTotalSSLDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	client := meta.(*cloudflare.API)
+	zoneID := d.Get("zone_id").(string)
+
+	_, err := client.SetTotalTLS(ctx, cloudflare.ZoneIdentifier(zoneID), cloudflare.TotalTLS{Enabled: cloudflare.BoolPtr(false)})
+	if err != nil {
+		return diag.FromErr(fmt.Errorf("error creating deleting total TLS: %w", err))
+	}
+
+	return nil
+}
@@ -0,0 +1,39 @@
+package provider
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"os"
+	"testing"
+)
+
+func testTotalTLS(rnd, zoneID string) string {
+	return fmt.Sprintf(`
+resource "cloudflare_total_tls" "%[1]s" {
+	zone_id = "%[2]s"
+	enabled = true
+	certificate_authority = "google"
+}
+`, rnd, zoneID)
+}
+
+func TestAccCloudflareTotalTLS(t *testing.T) {
+	rnd := generateRandomResourceName()
+	name := "cloudflare_total_tls." + rnd
+	zoneID := os.Getenv("CLOUDFLARE_ZONE_ID")
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: providerFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testTotalTLS(rnd, zoneID),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(name, "zone_id", zoneID),
+					resource.TestCheckResourceAttr(name, "enabled", "true"),
+					resource.TestCheckResourceAttr(name, "certificate_authority", "google"),
+				),
+			},
+		},
+	})
+}
@@ -0,0 +1,30 @@
+package provider
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+)
+
+func resourceCloudflareTotalTLSSchema() map[string]*schema.Schema {
+	return map[string]*schema.Schema{
+		"zone_id": {
+			Description: "The zone identifier to target for the resource.",
+			Type:        schema.TypeString,
+			Required:    true,
+			ForceNew:    true,
+		},
+		"enabled": {
+			Description: "Enable Total TLS for the zone.",
+			Type:        schema.TypeBool,
+			Required:    true,
+		},
+		"certificate_authority": {
+			Description:  fmt.Sprintf("The Certificate Authority that Total TLS certificates will be issued through. %s", renderAvailableDocumentationValuesStringSlice([]string{"google", "lets_encrypt"})),
+			Type:         schema.TypeString,
+			Optional:     true,
+			ValidateFunc: validation.StringInSlice([]string{"google", "lets_encrypt"}, false),
+		},
+	}
+}