Add support for replay_protection for Magic transit IPsec tunnels (#1710

) * added attribute to struct * updated tests * added changelog entry * swap ReplayProtection to be a *bool * Update 1710.txt --------- Co-authored-by: Jacob Bednarz <jacob.bednarz@gmail.com> Co-authored-by: Jacob Bednarz <jacob.bednarz@hey.com>
cloudflare · Apr 10, 2024 · a8a9c9f · a8a9c9f
1 parent c6a36a2
commit a8a9c9f
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 2 deletions.
diff --git a/.changelog/1710.txt b/.changelog/1710.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+magic_transit_ipsec_tunnel: Adds support for replay_protection boolean flag
+```
diff --git a/magic_transit_ipsec_tunnel.go b/magic_transit_ipsec_tunnel.go
@@ -42,6 +42,7 @@ type MagicTransitIPsecTunnel struct {
 	PskMetadata        *MagicTransitIPsecTunnelPskMetadata `json:"psk_metadata,omitempty"`
 	RemoteIdentities   *RemoteIdentities                   `json:"remote_identities,omitempty"`
 	AllowNullCipher    bool                                `json:"allow_null_cipher"`
+	ReplayProtection   *bool                               `json:"replay_protection,omitempty"`
 }
 
 // ListMagicTransitIPsecTunnelsResponse contains a response including IPsec tunnels.

diff --git a/magic_transit_ipsec_tunnel_test.go b/magic_transit_ipsec_tunnel_test.go
@@ -31,7 +31,8 @@ func TestListMagicTransitIPsecTunnels(t *testing.T) {
             "customer_endpoint": "203.0.113.1",
             "cloudflare_endpoint": "203.0.113.2",
             "interface_address": "192.0.2.0/31",
-            "description": "Tunnel for ISP X"
+            "description": "Tunnel for ISP X",
+			"replay_protection": true
           }
         ]
       }
@@ -53,6 +54,7 @@ func TestListMagicTransitIPsecTunnels(t *testing.T) {
 			CloudflareEndpoint: "203.0.113.2",
 			InterfaceAddress:   "192.0.2.0/31",
 			Description:        "Tunnel for ISP X",
+			ReplayProtection:   BoolPtr(true),
 		},
 	}
 
@@ -83,7 +85,8 @@ func TestGetMagicTransitIPsecTunnel(t *testing.T) {
           "cloudflare_endpoint": "203.0.113.2",
           "interface_address": "192.0.2.0/31",
           "description": "Tunnel for ISP X",
-          "allow_null_cipher": true
+          "allow_null_cipher": true,
+		  "replay_protection": true
         }
       }
     }`)
@@ -104,6 +107,7 @@ func TestGetMagicTransitIPsecTunnel(t *testing.T) {
 		InterfaceAddress:   "192.0.2.0/31",
 		Description:        "Tunnel for ISP X",
 		AllowNullCipher:    true,
+		ReplayProtection:   BoolPtr(true),
 	}
 
 	actual, err := client.GetMagicTransitIPsecTunnel(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821")
@@ -224,6 +228,58 @@ func TestCreateMagicTransitIPsecTunnelsWithHealthcheck(t *testing.T) {
 	}
 }
 
+func TestCreateMagicTransitIPsecTunnelsWithReplayProtection(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "ipsec_tunnels": [
+          {
+            "id": "c4a7362d577a6c3019a474fd6f485821",
+            "created_on": "2017-06-14T00:00:00Z",
+            "modified_on": "2017-06-14T05:20:00Z",
+            "name": "IPsec_1",
+            "customer_endpoint": "203.0.113.1",
+            "cloudflare_endpoint": "203.0.113.2",
+            "interface_address": "192.0.2.0/31",
+            "description": "Tunnel for ISP X",
+			"replay_protection": true
+          }
+        ]
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/ipsec_tunnels", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := []MagicTransitIPsecTunnel{{
+		ID:                 "c4a7362d577a6c3019a474fd6f485821",
+		CreatedOn:          &createdOn,
+		ModifiedOn:         &modifiedOn,
+		Name:               "IPsec_1",
+		CustomerEndpoint:   "203.0.113.1",
+		CloudflareEndpoint: "203.0.113.2",
+		InterfaceAddress:   "192.0.2.0/31",
+		Description:        "Tunnel for ISP X",
+		ReplayProtection:   BoolPtr(true),
+	}}
+
+	actual, err := client.CreateMagicTransitIPsecTunnels(context.Background(), testAccountID, want)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
 func TestUpdateMagicTransitIPsecTunnel(t *testing.T) {
 	setup()
 	defer teardown()