access_policy: update more references and method signatures

cloudflare · Jul 5, 2023 · 0a58e18 · 0a58e18
1 parent 978579f
commit 0a58e18
Show file tree

Hide file tree

Showing 3 changed files with 150 additions and 9 deletions.
diff --git a/.changelog/1326.txt b/.changelog/1326.txt
@@ -0,0 +1,83 @@
+```release-note:breaking-change
+logpush: all methods are updated to use the newer client conventions for method signatures
+```
+
+```release-note:breaking-change
+logpush: `CreateAccountLogpushJob` is removed in favour of `CreateLogpushJob` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `CreateZoneLogpushJob` is removed in favour of `CreateLogpushJob` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `ListAccountLogpushJobs` is removed in favour of `ListLogpushJobs` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `ListZoneLogpushJobs` is removed in favour of `ListLogpushJobs` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `ListAccountLogpushJobsForDataset` is removed in favour of `ListLogpushJobsForDataset` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `ListZoneLogpushJobsForDataset` is removed in favour of `ListLogpushJobsForDataset` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `GetAccountLogpushFields` is removed in favour of `GetLogpushFields` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `GetZoneLogpushFields` is removed in favour of `GetLogpushFields` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `GetAccountLogpushJob` is removed in favour of `GetLogpushJob` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `GetZoneLogpushJob` is removed in favour of `GetLogpushJob` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `UpdateAccountLogpushJob` is removed in favour of `UpdateLogpushJob` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `UpdateZoneLogpushJob` is removed in favour of `UpdateLogpushJob` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `DeleteAccountLogpushJob` is removed in favour of `DeleteLogpushJob` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `DeleteZoneLogpushJob` is removed in favour of `DeleteLogpushJob` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `GetAccountLogpushOwnershipChallenge` is removed in favour of `GetLogpushOwnershipChallenge` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `GetZoneLogpushOwnershipChallenge` is removed in favour of `GetLogpushOwnershipChallenge` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `ValidateAccountLogpushOwnershipChallenge` is removed in favour of `ValidateLogpushOwnershipChallenge` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `ValidateZoneLogpushOwnershipChallenge` is removed in favour of `ValidateLogpushOwnershipChallenge` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `CheckAccountLogpushDestinationExists` is removed in favour of `CheckLogpushDestinationExists` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `CheckZoneLogpushDestinationExists` is removed in favour of `CheckLogpushDestinationExists` with `ResourceContainer` method parameter
+```
diff --git a/access_policy.go b/access_policy.go
@@ -101,6 +101,33 @@ type CreateAccessPolicyParams struct {
 	Require []interface{} `json:"require"`
 }
 
+type UpdateAccessPolicyParams struct {
+	ApplicationID string `json:"-"`
+	PolicyID      string `json:"-"`
+
+	Precedence int    `json:"precedence"`
+	Decision   string `json:"decision"`
+	Name       string `json:"name"`
+
+	IsolationRequired            *bool                 `json:"isolation_required,omitempty"`
+	PurposeJustificationRequired *bool                 `json:"purpose_justification_required,omitempty"`
+	PurposeJustificationPrompt   *string               `json:"purpose_justification_prompt,omitempty"`
+	ApprovalRequired             *bool                 `json:"approval_required,omitempty"`
+	ApprovalGroups               []AccessApprovalGroup `json:"approval_groups"`
+
+	// The include policy works like an OR logical operator. The user must
+	// satisfy one of the rules.
+	Include []interface{} `json:"include"`
+
+	// The exclude policy works like a NOT logical operator. The user must
+	// not satisfy all the rules in exclude.
+	Exclude []interface{} `json:"exclude"`
+
+	// The require policy works like a AND logical operator. The user must
+	// satisfy all the rules in require.
+	Require []interface{} `json:"require"`
+}
+
 type DeleteAccessPolicyParams struct {
 	ApplicationID string `json:"-"`
 	PolicyID      string `json:"-"`
@@ -215,19 +242,20 @@ func (api *API) CreateAccessPolicy(ctx context.Context, rc *ResourceContainer, p
 //
 // Account API reference: https://developers.cloudflare.com/api/operations/access-policies-update-an-access-policy
 // Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-update-an-access-policy
-func (api *API) UpdateAccessPolicy(ctx context.Context, rc *ResourceContainer, applicationID string, accessPolicy AccessPolicy) (AccessPolicy, error) {
-	if accessPolicy.ID == "" {
+func (api *API) UpdateAccessPolicy(ctx context.Context, rc *ResourceContainer, params UpdateAccessPolicyParams) (AccessPolicy, error) {
+	if params.PolicyID == "" {
 		return AccessPolicy{}, fmt.Errorf("access policy ID cannot be empty")
 	}
+
 	uri := fmt.Sprintf(
 		"/%s/%s/access/apps/%s/policies/%s",
 		rc.Level,
 		rc.Identifier,
-		applicationID,
-		accessPolicy.ID,
+		params.ApplicationID,
+		params.PolicyID,
 	)
 
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, accessPolicy)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
 	if err != nil {
 		return AccessPolicy{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
 	}

diff --git a/access_policy_test.go b/access_policy_test.go
@@ -329,6 +329,36 @@ func TestUpdateAccessPolicy(t *testing.T) {
 	setup()
 	defer teardown()
 
+	accessPolicy := UpdateAccessPolicyParams{
+		ApplicationID: accessApplicationID,
+		PolicyID:      accessPolicyID,
+		Precedence:    1,
+		Decision:      "allow",
+		Name:          "Allow devs",
+		Include: []interface{}{
+			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+		},
+		Exclude: []interface{}{
+			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+		},
+		Require: []interface{}{
+			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+		},
+		IsolationRequired:            &isolationRequired,
+		PurposeJustificationRequired: &purposeJustificationRequired,
+		ApprovalRequired:             &approvalRequired,
+		PurposeJustificationPrompt:   &purposeJustificationPrompt,
+		ApprovalGroups: []AccessApprovalGroup{
+			{
+				EmailListUuid:   "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
+				ApprovalsNeeded: 3,
+			},
+			{
+				EmailAddresses:  []string{"email1@example.com", "email2@example.com"},
+				ApprovalsNeeded: 1,
+			},
+		},
+	}
 	handler := func(w http.ResponseWriter, r *http.Request) {
 		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
 		w.Header().Set("content-type", "application/json")
@@ -384,14 +414,14 @@ func TestUpdateAccessPolicy(t *testing.T) {
 	}
 
 	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/"+accessApplicationID+"/policies/"+accessPolicyID, handler)
-	actual, err := client.UpdateAccessPolicy(context.Background(), testAccountRC, accessApplicationID, expectedAccessPolicy)
+	actual, err := client.UpdateAccessPolicy(context.Background(), testAccountRC, accessPolicy)
 
 	if assert.NoError(t, err) {
 		assert.Equal(t, expectedAccessPolicy, actual)
 	}
 
 	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/"+accessApplicationID+"/policies/"+accessPolicyID, handler)
-	actual, err = client.UpdateAccessPolicy(context.Background(), testZoneRC, accessApplicationID, expectedAccessPolicy)
+	actual, err = client.UpdateAccessPolicy(context.Background(), testZoneRC, accessPolicy)
 
 	if assert.NoError(t, err) {
 		assert.Equal(t, expectedAccessPolicy, actual)
@@ -402,10 +432,10 @@ func TestUpdateAccessPolicyWithMissingID(t *testing.T) {
 	setup()
 	defer teardown()
 
-	_, err := client.UpdateAccessPolicy(context.Background(), testAccountRC, accessApplicationID, AccessPolicy{})
+	_, err := client.UpdateAccessPolicy(context.Background(), testAccountRC, UpdateAccessPolicyParams{ApplicationID: accessApplicationID})
 	assert.EqualError(t, err, "access policy ID cannot be empty")
 
-	_, err = client.UpdateAccessPolicy(context.Background(), testZoneRC, accessApplicationID, AccessPolicy{})
+	_, err = client.UpdateAccessPolicy(context.Background(), testZoneRC, UpdateAccessPolicyParams{ApplicationID: accessApplicationID})
 	assert.EqualError(t, err, "access policy ID cannot be empty")
 }