Merge branch 'cloudflare:master' into master

Author: MrMortbury

.changelog/1214.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+teams_rules: Add `untrusted_cert` rule setting
+```

.changelog/1220.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/stretchr/testify from 1.8.1 to 1.8.2
+```

CHANGELOG.md

@@ -5,6 +5,7 @@ ENHANCEMENTS:
 * dex_test: add CRUD functionality for DEX test configurations ([#1209](https://github.com/cloudflare/cloudflare-go/issues/1209))
 * dlp: Adds support for partial payload logging ([#1212](https://github.com/cloudflare/cloudflare-go/issues/1212))
 * teams_accounts: Add new root_certificate_installation_enabled field ([#1208](https://github.com/cloudflare/cloudflare-go/issues/1208))
+* teams_rules: Add `untrusted_cert` rule setting ([#1214](https://github.com/cloudflare/cloudflare-go/issues/1214))
 * tunnels: automatically paginate `ListTunnels` ([#1206](https://github.com/cloudflare/cloudflare-go/issues/1206))
 
 BUG FIXES:
@@ -13,6 +14,7 @@ BUG FIXES:
 
 DEPENDENCIES:
 
+* deps: bumps github.com/stretchr/testify from 1.8.1 to 1.8.2 ([#1220](https://github.com/cloudflare/cloudflare-go/issues/1220))
 * deps: bumps github.com/urfave/cli/v2 from 2.24.3 to 2.24.4 ([#1210](https://github.com/cloudflare/cloudflare-go/issues/1210))
 * deps: bumps golang.org/x/net from 0.0.0-20220722155237-a158d28d115b to 0.7.0 ([#1218](https://github.com/cloudflare/cloudflare-go/issues/1218))
 * deps: bumps golang.org/x/net from 0.0.0-20220722155237-a158d28d115b to 0.7.0 ([#1219](https://github.com/cloudflare/cloudflare-go/issues/1219))

go.mod

@@ -6,7 +6,7 @@ require (
 	github.com/google/go-querystring v1.1.0
 	github.com/hashicorp/go-retryablehttp v0.7.2
 	github.com/olekukonko/tablewriter v0.0.5
-	github.com/stretchr/testify v1.8.1
+	github.com/stretchr/testify v1.8.2
 	github.com/urfave/cli/v2 v2.24.4
 	golang.org/x/net v0.7.0
 	golang.org/x/time v0.3.0

go.sum

@@ -58,8 +58,8 @@ github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpE
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/urfave/cli/v2 v2.24.4 h1:0gyJJEBYtCV87zI/x2nZCPyDxD51K6xM8SkwjHFCNEU=
 github.com/urfave/cli/v2 v2.24.4/go.mod h1:GHupkWPMM0M/sj1a2b4wUrWBPzazNrIjouW6fmdJLxc=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=

teams_rules.go

@@ -40,6 +40,20 @@ type TeamsRuleSettings struct {
 
 	// DLP payload logging configuration
 	PayloadLog *TeamsDlpPayloadLogSettings `json:"payload_log"`
+
+	UntrustedCertSettings *UntrustedCertSettings `json:"untrusted_cert"`
+}
+
+type TeamsGatewayUntrustedCertAction string
+
+const (
+	UntrustedCertPassthrough TeamsGatewayUntrustedCertAction = "pass_through"
+	UntrustedCertBlock       TeamsGatewayUntrustedCertAction = "block"
+	UntrustedCertError       TeamsGatewayUntrustedCertAction = "error"
+)
+
+type UntrustedCertSettings struct {
+	Action TeamsGatewayUntrustedCertAction `json:"action"`
 }
 
 type EgressSettings struct {
@@ -116,6 +130,14 @@ func TeamsRulesActionValues() []string {
 	}
 }
 
+func TeamsRulesUntrustedCertActionValues() []string {
+	return []string{
+		string(UntrustedCertPassthrough),
+		string(UntrustedCertBlock),
+		string(UntrustedCertError),
+	}
+}
+
 // TeamsRule represents an Teams wirefilter rule.
 type TeamsRule struct {
 	ID            string             `json:"id,omitempty"`

teams_rules_test.go

@@ -50,7 +50,10 @@ func TestTeamsRules(t *testing.T) {
 						"enforce": true,
 						"duration": "15m0s"
 					},
-                    "insecure_disable_dnssec_validation": false
+                    "insecure_disable_dnssec_validation": false,
+					"untrusted_cert": {
+						"action": "error"
+					}
 				  }
 				},
 				{
@@ -78,7 +81,10 @@ func TestTeamsRules(t *testing.T) {
 					"biso_admin_controls": null,
 					"add_headers": null,
 					"check_session": null,
-                    "insecure_disable_dnssec_validation": true
+                    "insecure_disable_dnssec_validation": true,
+					"untrusted_cert": {
+						"action": "pass_through"
+					}
 				  }
 				}
 			]
@@ -114,6 +120,9 @@ func TestTeamsRules(t *testing.T) {
 				Duration: Duration{900 * time.Second},
 			},
 			InsecureDisableDNSSECValidation: false,
+			UntrustedCertSettings: &UntrustedCertSettings{
+				Action: UntrustedCertError,
+			},
 		},
 		CreatedAt: &createdAt,
 		UpdatedAt: &updatedAt,
@@ -142,6 +151,9 @@ func TestTeamsRules(t *testing.T) {
 				CheckSession:      nil,
 				// setting is invalid for block rules, just testing serialization here
 				InsecureDisableDNSSECValidation: true,
+				UntrustedCertSettings: &UntrustedCertSettings{
+					Action: UntrustedCertPassthrough,
+				},
 			},
 			CreatedAt: &createdAt,
 			UpdatedAt: &updatedAt,
@@ -196,7 +208,10 @@ func TestTeamsRule(t *testing.T) {
 						"enforce": true,
 						"duration": "15m0s"
 					},
-                    "insecure_disable_dnssec_validation": false
+                    "insecure_disable_dnssec_validation": false,
+					"untrusted_cert": {
+						"action": "block"
+					}
 				}
 			}
 		}
@@ -231,6 +246,9 @@ func TestTeamsRule(t *testing.T) {
 				Duration: Duration{900 * time.Second},
 			},
 			InsecureDisableDNSSECValidation: false,
+			UntrustedCertSettings: &UntrustedCertSettings{
+				Action: UntrustedCertBlock,
+			},
 		},
 		CreatedAt: &createdAt,
 		UpdatedAt: &updatedAt,