cloudflare · jacobbednarz · Oct 1, 2023 · Sep 14, 2023 · Oct 1, 2023 · Oct 1, 2023
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/cloudflare_ruleset: Add support for cache bypass by default in Edge TTL modes
+```
@@ -637,11 +637,11 @@ Optional:
 
 Required:
 
-- `mode` (String) Mode of the edge TTL.
+- `mode` (String) Mode of the edge TTL. Available values: `override_origin`, `respect_origin`, `bypass_by_default`
 
 Optional:
 
-- `default` (Number) Default edge TTL
+- `default` (Number) Default edge TTL.
 - `status_code_ttl` (Block List) Edge TTL for the status codes. (see [below for nested schema](#nestedblock--rules--action_parameters--edge_ttl--status_code_ttl))
 
 <a id="nestedblock--rules--action_parameters--edge_ttl--status_code_ttl"></a>

@@ -2311,6 +2311,50 @@ func TestAccCloudflareRuleset_CacheSettingsInvalidEdgeTTLWithOverrideOrigin(t *t
 	})
 }
 
+func TestAccCloudflareRuleset_CacheSettingsEdgeTTLWithBypassByDefault(t *testing.T) {
+	rnd := utils.GenerateRandomResourceName()
+	zoneID := os.Getenv("CLOUDFLARE_ZONE_ID")
+	resourceName := "cloudflare_ruleset." + rnd
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { acctest.TestAccPreCheck(t) },
+		ProtoV6ProviderFactories: acctest.TestAccProtoV6ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCloudflareRulesetCacheSettingsBypassByDefaultEdge(rnd, zoneID),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "name", rnd),
+					resource.TestCheckResourceAttr(resourceName, "description", "set cache settings for the request"),
+					resource.TestCheckResourceAttr(resourceName, "kind", "zone"),
+					resource.TestCheckResourceAttr(resourceName, "phase", "http_request_cache_settings"),
+
+					resource.TestCheckResourceAttr(resourceName, "rules.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action", "set_cache_settings"),
+					resource.TestCheckResourceAttr(resourceName, "rules.0.description", "example"),
+
+					resource.TestCheckResourceAttr(resourceName, "rules.0.action_parameters.0.edge_ttl.0.mode", "bypass_by_default"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccCloudflareRuleset_CacheSettingsInvalidEdgeTTLWithBypassByDefault(t *testing.T) {
+	rnd := utils.GenerateRandomResourceName()
+	zoneID := os.Getenv("CLOUDFLARE_ZONE_ID")
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { acctest.TestAccPreCheck(t) },
+		ProtoV6ProviderFactories: acctest.TestAccProtoV6ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config:      testAccCloudflareRulesetCacheSettingsBypassByDefaultEdgeInvalid(rnd, zoneID),
+				ExpectError: regexp.MustCompile("cannot set default ttl when using mode 'bypass_by_default'"),
+			},
+		},
+	})
+}
+
 func TestAccCloudflareRuleset_CacheSettingsBrowserTTLWithBypass(t *testing.T) {
 	rnd := utils.GenerateRandomResourceName()
 	zoneID := os.Getenv("CLOUDFLARE_ZONE_ID")
@@ -4668,6 +4712,55 @@ func testAccCloudflareRulesetCacheSettingsHandleHeaderExcludeOriginFalse(rnd, zo
 	`, rnd, zoneID)
 }
 
+func testAccCloudflareRulesetCacheSettingsBypassByDefaultEdge(rnd, zoneID string) string {
+	return fmt.Sprintf(`
+	resource "cloudflare_ruleset" "%[1]s" {
+		zone_id     = "%[2]s"
+		name        = "%[1]s"
+		description = "set cache settings for the request"
+		kind        = "zone"
+		phase       = "http_request_cache_settings"
+		rules {
+			action      = "set_cache_settings"
+			description = "example"
+			enabled     = true
+			expression  = "(http.host eq \"example.com\" and starts_with(http.request.uri.path, \"/example\"))"
+			action_parameters {
+				cache = true
+				edge_ttl {
+					mode = "bypass_by_default"
+				}
+			}
+		}
+	  }
+	`, rnd, zoneID)
+}
+
+func testAccCloudflareRulesetCacheSettingsBypassByDefaultEdgeInvalid(rnd, zoneID string) string {
+	return fmt.Sprintf(`
+	resource "cloudflare_ruleset" "%[1]s" {
+		zone_id     = "%[2]s"
+		name        = "%[1]s"
+		description = "set cache settings for the request"
+		kind        = "zone"
+		phase       = "http_request_cache_settings"
+		rules {
+			action      = "set_cache_settings"
+			description = "example"
+			enabled     = true
+			expression  = "(http.host eq \"example.com\" and starts_with(http.request.uri.path, \"/example\"))"
+			action_parameters {
+				cache = true
+				edge_ttl {
+					mode    = "bypass_by_default"
+					default = 100
+				}
+			}
+		}
+	  }
+	`, rnd, zoneID)
+}
+
 func testAccCloudflareRulesetCacheSettingsBypassBrowser(rnd, zoneID string) string {
 	return fmt.Sprintf(`
 	resource "cloudflare_ruleset" "%[1]s" {

@@ -465,13 +465,13 @@ func (r *RulesetResource) Schema(ctx context.Context, req resource.SchemaRequest
 											Attributes: map[string]schema.Attribute{
 												"mode": schema.StringAttribute{
 													Required:            true,
-													Validators:          []validator.String{stringvalidator.OneOf("override_origin", "respect_origin")},
-													MarkdownDescription: "Mode of the edge TTL.",
+													Validators:          []validator.String{stringvalidator.OneOf("override_origin", "respect_origin", "bypass_by_default")},
+													MarkdownDescription: fmt.Sprintf("Mode of the edge TTL. %s", utils.RenderAvailableDocumentationValuesStringSlice([]string{"override_origin", "respect_origin", "bypass_by_default"})),
 												},
 												"default": schema.Int64Attribute{
 													Optional:            true,
 													Validators:          []validator.Int64{int64validator.AtLeast(1)},
-													MarkdownDescription: "Default edge TTL",
+													MarkdownDescription: "Default edge TTL.",
 												},
 											},
 											Validators: []validator.Object{EdgeTTLValidator{}},

@@ -71,6 +71,14 @@ func (v EdgeTTLValidator) ValidateObject(ctx context.Context, req validator.Obje
 				fmt.Sprintf("using mode '%s' requires setting a default for ttl", parameter.Mode.ValueString()),
 			)
 		}
+	} else if parameter.Mode.ValueString() == "bypass_by_default" {
+		if !parameter.Default.IsNull() {
+			resp.Diagnostics.AddAttributeError(
+				req.Path,
+				errInvalidConfiguration,
+				fmt.Sprintf("cannot set default ttl when using mode '%s'", parameter.Mode.ValueString()),
+			)
+		}
 	}
 }
 

@@ -95,6 +95,42 @@ func TestEdgeTTLValidation(t *testing.T) {
 				}
 			})
 		})
+
+		t.Run("bypass by default mode is specified", func(t *testing.T) {
+			t.Parallel()
+
+			t.Run("errors when ttl is passed", func(t *testing.T) {
+				t.Parallel()
+
+				resp := &validator.ObjectResponse{}
+				req := constructEdgeTTLObjectRequest("bypass_by_default", big.NewFloat(1))
+				edgeValidator.ValidateObject(ctx, req, resp)
+
+				expected := &validator.ObjectResponse{
+					Diagnostics: diag.Diagnostics{
+						diag.NewAttributeErrorDiagnostic(path.Root("edge_ttl"), "invalid configuration", "cannot set default ttl when using mode 'bypass_by_default'"),
+					},
+				}
+				if diff := cmp.Diff(resp, expected); diff != "" {
+					t.Errorf("unexpected difference: %s", diff)
+				}
+			})
+
+			t.Run("passes without ttl", func(t *testing.T) {
+				t.Parallel()
+
+				resp := &validator.ObjectResponse{}
+				req := constructEdgeTTLObjectRequest("bypass_by_default", nil)
+				edgeValidator.ValidateObject(ctx, req, resp)
+
+				expected := &validator.ObjectResponse{
+					Diagnostics: nil,
+				}
+				if diff := cmp.Diff(resp, expected); diff != "" {
+					t.Errorf("unexpected difference: %s", diff)
+				}
+			})
+		})
 	})
 }