Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: add support for DNS filtering #573

Merged
Merged
Show file tree
Hide file tree
Changes from 21 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
100 changes: 100 additions & 0 deletions docs/data-sources/dns_filtering_profile.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "twingate_dns_filtering_profile Data Source - terraform-provider-twingate"
subcategory: ""
description: |-
DNS filtering gives you the ability to control what websites your users can access. For more information, see Twingate's documentation https://www.twingate.com/docs/dns-filtering.
---

# twingate_dns_filtering_profile (Data Source)

DNS filtering gives you the ability to control what websites your users can access. For more information, see Twingate's [documentation](https://www.twingate.com/docs/dns-filtering).
bertekintw marked this conversation as resolved.
Show resolved Hide resolved

## Example Usage

```terraform
provider "twingate" {
api_token = "1234567890abcdef"
network = "mynetwork"
}

data "twingate_dns_filtering_profile" "example" {
id = "<your dns profile's id>"
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `id` (String) The DNS filtering profile's ID.

### Read-Only

- `allowed_domains` (Block, Read-only) A block with the following attributes. (see [below for nested schema](#nestedblock--allowed_domains))
- `content_categories` (Block, Read-only) A block with the following attributes. (see [below for nested schema](#nestedblock--content_categories))
- `denied_domains` (Block, Read-only) A block with the following attributes. (see [below for nested schema](#nestedblock--denied_domains))
- `fallback_method` (String) The DNS filtering profile's fallback method. One of AUTOMATIC or STRICT.
- `groups` (Set of String) A set of group IDs that have this as their DNS filtering profile. Defaults to an empty set.
- `name` (String) The DNS filtering profile's name.
- `priority` (Number) A floating point number representing the profile's priority.
- `privacy_categories` (Block, Read-only) A block with the following attributes. (see [below for nested schema](#nestedblock--privacy_categories))
- `security_categories` (Block, Read-only) A block with the following attributes. (see [below for nested schema](#nestedblock--security_categories))

<a id="nestedblock--allowed_domains"></a>
### Nested Schema for `allowed_domains`

Read-Only:

- `domains` (Set of String) A set of allowed domains.


<a id="nestedblock--content_categories"></a>
### Nested Schema for `content_categories`

Read-Only:

- `block_adult_content` (Boolean) Whether to block adult content.
- `block_dating` (Boolean) Whether to block dating content.
- `block_gambling` (Boolean) Whether to block gambling content.
- `block_games` (Boolean) Whether to block games.
- `block_piracy` (Boolean) Whether to block piracy sites.
- `block_social_media` (Boolean) Whether to block social media.
- `block_streaming` (Boolean) Whether to block streaming content.
- `enable_safesearch` (Boolean) Whether to force safe search.
- `enable_youtube_restricted_mode` (Boolean) Whether to force YouTube to use restricted mode.


<a id="nestedblock--denied_domains"></a>
### Nested Schema for `denied_domains`

Read-Only:

- `domains` (Set of String) A set of denied domains.


<a id="nestedblock--privacy_categories"></a>
### Nested Schema for `privacy_categories`

Read-Only:

- `block_ads_and_trackers` (Boolean) Whether to block ads and trackers.
- `block_affiliate_links` (Boolean) Whether to block affiliate links.
- `block_disguised_trackers` (Boolean) Whether to block disguised third party trackers.


<a id="nestedblock--security_categories"></a>
### Nested Schema for `security_categories`

Read-Only:

- `block_cryptojacking` (Boolean) Whether to block cryptojacking sites.
- `block_dns_rebinding` (Boolean) Blocks public DNS entries from returning private IP addresses.
- `block_domain_generation_algorithms` (Boolean) Blocks DGA domains.
- `block_idn_homoglyph` (Boolean) Whether to block homoglyph attacks.
- `block_newly_registered_domains` (Boolean) Blocks newly registered domains.
- `block_parked_domains` (Boolean) Block parked domains.
- `block_typosquatting` (Boolean) Blocks typosquatted domains.
- `enable_google_safe_browsing` (Boolean) Whether to use Google Safe browsing lists to block content.
- `enable_threat_intelligence_feeds` (Boolean) Whether to filter content using threat intelligence feeds.
151 changes: 151 additions & 0 deletions docs/resources/dns_filtering_profile.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,151 @@
---
bertekintw marked this conversation as resolved.
Show resolved Hide resolved
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "twingate_dns_filtering_profile Resource - terraform-provider-twingate"
subcategory: ""
description: |-
DNS filtering gives you the ability to control what websites your users can access. For more information, see Twingate's documentation https://www.twingate.com/docs/dns-filtering.
---

# twingate_dns_filtering_profile (Resource)

DNS filtering gives you the ability to control what websites your users can access. For more information, see Twingate's [documentation](https://www.twingate.com/docs/dns-filtering).
bertekintw marked this conversation as resolved.
Show resolved Hide resolved

## Example Usage

```terraform
provider "twingate" {
api_token = "1234567890abcdef"
network = "mynetwork"
}

resource "twingate_group" "example1" {
name = "example_1"
}

resource "twingate_group" "example2" {
name = "example_2"
}

data "twingate_groups" "example" {
name_prefix = "example"

depends_on = [twingate_group.example1, twingate_group.example2]
}

resource "twingate_dns_filtering_profile" "example" {
name = "Example DNS Filtering Profile"
priority = 2
fallback_method = "AUTO"
groups = toset(data.twingate_groups.example.groups[*].id)

allowed_domains {
is_authoritative = false
domains = [
"twingate.com",
"zoom.us"
]
}

denied_domains {
is_authoritative = true
domains = [
"evil.example"
]
}

content_categories {
block_adult_content = true
}

security_categories {
block_dns_rebinding = false
block_newly_registered_domains = false
}

privacy_categories {
block_disguised_trackers = true
}

}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `name` (String) The DNS filtering profile's name.
- `priority` (Number) A floating point number representing the profile's priority.

### Optional

- `allowed_domains` (Block, Optional) A block with the following attributes. (see [below for nested schema](#nestedblock--allowed_domains))
- `content_categories` (Block, Optional) A block with the following attributes. (see [below for nested schema](#nestedblock--content_categories))
- `denied_domains` (Block, Optional) A block with the following attributes. (see [below for nested schema](#nestedblock--denied_domains))
- `fallback_method` (String) The DNS filtering profile's fallback method. One of "AUTO" or "STRICT". Defaults to "STRICT".
- `groups` (Set of String) A set of group IDs that have this as their DNS filtering profile. Defaults to an empty set.
- `privacy_categories` (Block, Optional) A block with the following attributes. (see [below for nested schema](#nestedblock--privacy_categories))
- `security_categories` (Block, Optional) A block with the following attributes. (see [below for nested schema](#nestedblock--security_categories))

### Read-Only

- `id` (String) Autogenerated ID of the DNS filtering profile.

<a id="nestedblock--allowed_domains"></a>
### Nested Schema for `allowed_domains`

Optional:

- `domains` (Set of String) A set of allowed domains. Defaults to an empty set.
- `is_authoritative` (Boolean) Whether Terraform should override changes made outside of Terraform. Defaults to true.


<a id="nestedblock--content_categories"></a>
### Nested Schema for `content_categories`

Optional:

- `block_adult_content` (Boolean) Whether to block adult content. Defaults to false.
- `block_dating` (Boolean) Whether to block dating content. Defaults to false.
- `block_gambling` (Boolean) Whether to block gambling content. Defaults to false.
- `block_games` (Boolean) Whether to block games. Defaults to false.
- `block_piracy` (Boolean) Whether to block piracy sites. Defaults to false.
- `block_social_media` (Boolean) Whether to block social media. Defaults to false.
- `block_streaming` (Boolean) Whether to block streaming content. Defaults to false.
- `enable_safesearch` (Boolean) Whether to force safe search. Defaults to false.
- `enable_youtube_restricted_mode` (Boolean) Whether to force YouTube to use restricted mode. Defaults to false.


<a id="nestedblock--denied_domains"></a>
### Nested Schema for `denied_domains`

Optional:

- `domains` (Set of String) A set of denied domains. Defaults to an empty set.
- `is_authoritative` (Boolean) Whether Terraform should override changes made outside of Terraform. Defaults to true.


<a id="nestedblock--privacy_categories"></a>
### Nested Schema for `privacy_categories`

Optional:

- `block_ads_and_trackers` (Boolean) Whether to block ads and trackers. Defaults to false.
- `block_affiliate_links` (Boolean) Whether to block affiliate links. Defaults to false.
- `block_disguised_trackers` (Boolean) Whether to block disguised third party trackers. Defaults to false.


<a id="nestedblock--security_categories"></a>
### Nested Schema for `security_categories`

Optional:

- `block_cryptojacking` (Boolean) Whether to block cryptojacking sites. Defaults to true.
- `block_dns_rebinding` (Boolean) Blocks public DNS entries from returning private IP addresses. Defaults to true.
- `block_domain_generation_algorithms` (Boolean) Blocks DGA domains. Defaults to true.
- `block_idn_homoglyph` (Boolean) Whether to block homoglyph attacks. Defaults to true.
- `block_newly_registered_domains` (Boolean) Blocks newly registered domains. Defaults to true.
- `block_parked_domains` (Boolean) Block parked domains. Defaults to true.
- `block_typosquatting` (Boolean) Blocks typosquatted domains. Defaults to true.
- `enable_google_safe_browsing` (Boolean) Whether to use Google Safe browsing lists to block content. Defaults to true.
- `enable_threat_intelligence_feeds` (Boolean) Whether to filter content using threat intelligence feeds. Defaults to true.
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
provider "twingate" {
api_token = "1234567890abcdef"
network = "mynetwork"
}

data "twingate_dns_filtering_profile" "example" {
id = "<your dns profile's id>"
}

55 changes: 55 additions & 0 deletions examples/resources/twingate_dns_filtering_profile/resource.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
provider "twingate" {
api_token = "1234567890abcdef"
network = "mynetwork"
}

resource "twingate_group" "example1" {
name = "example_1"
}

resource "twingate_group" "example2" {
name = "example_2"
}

data "twingate_groups" "example" {
name_prefix = "example"

depends_on = [twingate_group.example1, twingate_group.example2]
}

resource "twingate_dns_filtering_profile" "example" {
name = "Example DNS Filtering Profile"
priority = 2
fallback_method = "AUTO"
groups = toset(data.twingate_groups.example.groups[*].id)

allowed_domains {
is_authoritative = false
domains = [
"twingate.com",
"zoom.us"
]
}

denied_domains {
is_authoritative = true
domains = [
"evil.example"
]
}

content_categories {
block_adult_content = true
}

security_categories {
block_dns_rebinding = false
block_newly_registered_domains = false
}

privacy_categories {
block_disguised_trackers = true
}

}

33 changes: 33 additions & 0 deletions twingate/internal/attr/dns-filtering-profile.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
package attr

const (
Priority = "priority"
FallbackMethod = "fallback_method"
AllowedDomains = "allowed_domains"
DeniedDomains = "denied_domains"
Domains = "domains"
PrivacyCategories = "privacy_categories"
BlockAffiliateLinks = "block_affiliate_links"
BlockDisguisedTrackers = "block_disguised_trackers"
BlockAdsAndTrackers = "block_ads_and_trackers"
SecurityCategories = "security_categories"
EnableThreatIntelligenceFeeds = "enable_threat_intelligence_feeds"
EnableGoogleSafeBrowsing = "enable_google_safe_browsing"
BlockCryptojacking = "block_cryptojacking"
BlockIdnHomoglyph = "block_idn_homoglyph"
BlockTyposquatting = "block_typosquatting"
BlockDNSRebinding = "block_dns_rebinding"
BlockNewlyRegisteredDomains = "block_newly_registered_domains"
BlockDomainGenerationAlgorithms = "block_domain_generation_algorithms"
BlockParkedDomains = "block_parked_domains"
ContentCategories = "content_categories"
BlockGambling = "block_gambling"
BlockDating = "block_dating"
BlockAdultContent = "block_adult_content"
BlockSocialMedia = "block_social_media"
BlockGames = "block_games"
BlockStreaming = "block_streaming"
BlockPiracy = "block_piracy"
EnableYoutubeRestrictedMode = "enable_youtube_restricted_mode"
EnableSafesearch = "enable_safesearch"
)
Loading