Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: add support for DNS filtering #573

Merged
merged 24 commits into from
Aug 19, 2024
Merged

Feature: add support for DNS filtering #573

Show file tree
Hide file tree
Changes from 22 commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
42c4c47
wip
vmanilo Jul 15, 2024
eea87b2
Merge remote-tracking branch 'upstream/main' into feature/add-support…
vmanilo Jul 17, 2024
faeb790
wip
vmanilo Jul 20, 2024
b4eb1cf
wip
vmanilo Aug 5, 2024
09ed480
wip
vmanilo Aug 5, 2024
a34233c
Merge remote-tracking branch 'upstream/main' into feature/add-support…
vmanilo Aug 5, 2024
d739af8
wip
vmanilo Aug 5, 2024
4156fed
wip
vmanilo Aug 7, 2024
dd35599
wip
vmanilo Aug 9, 2024
d520d78
wip
vmanilo Aug 11, 2024
82a2c08
added DNS filtering profile
vmanilo Aug 12, 2024
0d7d084
enable tests
vmanilo Aug 12, 2024
bd2d469
fix docs
vmanilo Aug 12, 2024
083536d
update tests
vmanilo Aug 12, 2024
bf4cc4d
fix test
vmanilo Aug 12, 2024
37bc7f3
set rand profile name
vmanilo Aug 12, 2024
da63653
disable parallel tests
vmanilo Aug 12, 2024
4e7d5db
Merge remote-tracking branch 'upstream/main' into feature/add-support…
vmanilo Aug 12, 2024
13c8f70
enable parallel tests
vmanilo Aug 13, 2024
5393f33
run parallel tests
vmanilo Aug 13, 2024
9d2fd6d
remove feature branch from CI
vmanilo Aug 13, 2024
c5b696e
updated docs
vmanilo Aug 17, 2024
7011c3c
update docs
vmanilo Aug 19, 2024
6390afd
Merge branch 'main' into feature/add-support-for-DNS-filtering
bertekintw Aug 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
100 changes: 100 additions & 0 deletions docs/data-sources/dns_filtering_profile.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "twingate_dns_filtering_profile Data Source - terraform-provider-twingate"
subcategory: ""
description: |-
DNS filtering gives you the ability to control what websites your users can access. DNS filtering is only available on certain plans. For more information, see Twingate's documentation https://www.twingate.com/docs/dns-filtering.
---

# twingate_dns_filtering_profile (Data Source)

DNS filtering gives you the ability to control what websites your users can access. DNS filtering is only available on certain plans. For more information, see Twingate's [documentation](https://www.twingate.com/docs/dns-filtering).
bertekintw marked this conversation as resolved.
Show resolved Hide resolved

## Example Usage

```terraform
provider "twingate" {
api_token = "1234567890abcdef"
network = "mynetwork"
}

data "twingate_dns_filtering_profile" "example" {
id = "<your dns profile's id>"
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `id` (String) The DNS filtering profile's ID.

### Read-Only

- `allowed_domains` (Block, Read-only) A block with the following attributes. (see [below for nested schema](#nestedblock--allowed_domains))
- `content_categories` (Block, Read-only) A block with the following attributes. (see [below for nested schema](#nestedblock--content_categories))
- `denied_domains` (Block, Read-only) A block with the following attributes. (see [below for nested schema](#nestedblock--denied_domains))
- `fallback_method` (String) The DNS filtering profile's fallback method. One of AUTOMATIC or STRICT.
- `groups` (Set of String) A set of group IDs that have this as their DNS filtering profile. Defaults to an empty set.
- `name` (String) The DNS filtering profile's name.
- `priority` (Number) A floating point number representing the profile's priority.
- `privacy_categories` (Block, Read-only) A block with the following attributes. (see [below for nested schema](#nestedblock--privacy_categories))
- `security_categories` (Block, Read-only) A block with the following attributes. (see [below for nested schema](#nestedblock--security_categories))

<a id="nestedblock--allowed_domains"></a>
### Nested Schema for `allowed_domains`

Read-Only:

- `domains` (Set of String) A set of allowed domains.


<a id="nestedblock--content_categories"></a>
### Nested Schema for `content_categories`

Read-Only:

- `block_adult_content` (Boolean) Whether to block adult content.
- `block_dating` (Boolean) Whether to block dating content.
- `block_gambling` (Boolean) Whether to block gambling content.
- `block_games` (Boolean) Whether to block games.
- `block_piracy` (Boolean) Whether to block piracy sites.
- `block_social_media` (Boolean) Whether to block social media.
- `block_streaming` (Boolean) Whether to block streaming content.
- `enable_safesearch` (Boolean) Whether to force safe search.
- `enable_youtube_restricted_mode` (Boolean) Whether to force YouTube to use restricted mode.


<a id="nestedblock--denied_domains"></a>
### Nested Schema for `denied_domains`

Read-Only:

- `domains` (Set of String) A set of denied domains.


<a id="nestedblock--privacy_categories"></a>
### Nested Schema for `privacy_categories`

Read-Only:

- `block_ads_and_trackers` (Boolean) Whether to block ads and trackers.
- `block_affiliate_links` (Boolean) Whether to block affiliate links.
- `block_disguised_trackers` (Boolean) Whether to block disguised third party trackers.


<a id="nestedblock--security_categories"></a>
### Nested Schema for `security_categories`

Read-Only:

- `block_cryptojacking` (Boolean) Whether to block cryptojacking sites.
- `block_dns_rebinding` (Boolean) Blocks public DNS entries from returning private IP addresses.
- `block_domain_generation_algorithms` (Boolean) Blocks DGA domains.
- `block_idn_homoglyph` (Boolean) Whether to block homoglyph attacks.
- `block_newly_registered_domains` (Boolean) Blocks newly registered domains.
- `block_parked_domains` (Boolean) Block parked domains.
- `block_typosquatting` (Boolean) Blocks typosquatted domains.
- `enable_google_safe_browsing` (Boolean) Whether to use Google Safe browsing lists to block content.
- `enable_threat_intelligence_feeds` (Boolean) Whether to filter content using threat intelligence feeds.
151 changes: 151 additions & 0 deletions docs/resources/dns_filtering_profile.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,151 @@
---
bertekintw marked this conversation as resolved.
Show resolved Hide resolved
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "twingate_dns_filtering_profile Resource - terraform-provider-twingate"
subcategory: ""
description: |-
DNS filtering gives you the ability to control what websites your users can access. DNS filtering is only available on certain plans. For more information, see Twingate's documentation https://www.twingate.com/docs/dns-filtering.
---

# twingate_dns_filtering_profile (Resource)

DNS filtering gives you the ability to control what websites your users can access. DNS filtering is only available on certain plans. For more information, see Twingate's [documentation](https://www.twingate.com/docs/dns-filtering).
bertekintw marked this conversation as resolved.
Show resolved Hide resolved

## Example Usage

```terraform
provider "twingate" {
api_token = "1234567890abcdef"
network = "mynetwork"
}

resource "twingate_group" "example1" {
name = "example_1"
}

resource "twingate_group" "example2" {
name = "example_2"
}

data "twingate_groups" "example" {
name_prefix = "example"

depends_on = [twingate_group.example1, twingate_group.example2]
}

resource "twingate_dns_filtering_profile" "example" {
name = "Example DNS Filtering Profile"
priority = 2
fallback_method = "AUTO"
groups = toset(data.twingate_groups.example.groups[*].id)

allowed_domains {
is_authoritative = false
domains = [
"twingate.com",
"zoom.us"
]
}

denied_domains {
is_authoritative = true
domains = [
"evil.example"
]
}

content_categories {
block_adult_content = true
}

security_categories {
block_dns_rebinding = false
block_newly_registered_domains = false
}

privacy_categories {
block_disguised_trackers = true
}

}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `name` (String) The DNS filtering profile's name.
- `priority` (Number) A floating point number representing the profile's priority.

### Optional

- `allowed_domains` (Block, Optional) A block with the following attributes. (see [below for nested schema](#nestedblock--allowed_domains))
- `content_categories` (Block, Optional) A block with the following attributes. (see [below for nested schema](#nestedblock--content_categories))
- `denied_domains` (Block, Optional) A block with the following attributes. (see [below for nested schema](#nestedblock--denied_domains))
- `fallback_method` (String) The DNS filtering profile's fallback method. One of "AUTO" or "STRICT". Defaults to "STRICT".
- `groups` (Set of String) A set of group IDs that have this as their DNS filtering profile. Defaults to an empty set.
- `privacy_categories` (Block, Optional) A block with the following attributes. (see [below for nested schema](#nestedblock--privacy_categories))
- `security_categories` (Block, Optional) A block with the following attributes. (see [below for nested schema](#nestedblock--security_categories))

### Read-Only

- `id` (String) Autogenerated ID of the DNS filtering profile.

<a id="nestedblock--allowed_domains"></a>
### Nested Schema for `allowed_domains`

Optional:

- `domains` (Set of String) A set of allowed domains. Defaults to an empty set.
- `is_authoritative` (Boolean) Whether Terraform should override changes made outside of Terraform. Defaults to true.


<a id="nestedblock--content_categories"></a>
### Nested Schema for `content_categories`

Optional:

- `block_adult_content` (Boolean) Whether to block adult content. Defaults to false.
- `block_dating` (Boolean) Whether to block dating content. Defaults to false.
- `block_gambling` (Boolean) Whether to block gambling content. Defaults to false.
- `block_games` (Boolean) Whether to block games. Defaults to false.
- `block_piracy` (Boolean) Whether to block piracy sites. Defaults to false.
- `block_social_media` (Boolean) Whether to block social media. Defaults to false.
- `block_streaming` (Boolean) Whether to block streaming content. Defaults to false.
- `enable_safesearch` (Boolean) Whether to force safe search. Defaults to false.
- `enable_youtube_restricted_mode` (Boolean) Whether to force YouTube to use restricted mode. Defaults to false.


<a id="nestedblock--denied_domains"></a>
### Nested Schema for `denied_domains`

Optional:

- `domains` (Set of String) A set of denied domains. Defaults to an empty set.
- `is_authoritative` (Boolean) Whether Terraform should override changes made outside of Terraform. Defaults to true.


<a id="nestedblock--privacy_categories"></a>
### Nested Schema for `privacy_categories`

Optional:

- `block_ads_and_trackers` (Boolean) Whether to block ads and trackers. Defaults to false.
- `block_affiliate_links` (Boolean) Whether to block affiliate links. Defaults to false.
- `block_disguised_trackers` (Boolean) Whether to block disguised third party trackers. Defaults to false.


<a id="nestedblock--security_categories"></a>
### Nested Schema for `security_categories`

Optional:

- `block_cryptojacking` (Boolean) Whether to block cryptojacking sites. Defaults to true.
- `block_dns_rebinding` (Boolean) Blocks public DNS entries from returning private IP addresses. Defaults to true.
- `block_domain_generation_algorithms` (Boolean) Blocks DGA domains. Defaults to true.
- `block_idn_homoglyph` (Boolean) Whether to block homoglyph attacks. Defaults to true.
- `block_newly_registered_domains` (Boolean) Blocks newly registered domains. Defaults to true.
- `block_parked_domains` (Boolean) Block parked domains. Defaults to true.
- `block_typosquatting` (Boolean) Blocks typosquatted domains. Defaults to true.
- `enable_google_safe_browsing` (Boolean) Whether to use Google Safe browsing lists to block content. Defaults to true.
- `enable_threat_intelligence_feeds` (Boolean) Whether to filter content using threat intelligence feeds. Defaults to true.
9 changes: 9 additions & 0 deletions examples/data-sources/twingate_dns_filtering_profile/data-source.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
provider "twingate" {
api_token = "1234567890abcdef"
network = "mynetwork"
}

data "twingate_dns_filtering_profile" "example" {
id = "<your dns profile's id>"
}

55 changes: 55 additions & 0 deletions examples/resources/twingate_dns_filtering_profile/resource.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
provider "twingate" {
api_token = "1234567890abcdef"
network = "mynetwork"
}

resource "twingate_group" "example1" {
name = "example_1"
}

resource "twingate_group" "example2" {
name = "example_2"
}

data "twingate_groups" "example" {
name_prefix = "example"

depends_on = [twingate_group.example1, twingate_group.example2]
}

resource "twingate_dns_filtering_profile" "example" {
name = "Example DNS Filtering Profile"
priority = 2
fallback_method = "AUTO"
groups = toset(data.twingate_groups.example.groups[*].id)

allowed_domains {
is_authoritative = false
domains = [
"twingate.com",
"zoom.us"
]
}

denied_domains {
is_authoritative = true
domains = [
"evil.example"
]
}

content_categories {
block_adult_content = true
}

security_categories {
block_dns_rebinding = false
block_newly_registered_domains = false
}

privacy_categories {
block_disguised_trackers = true
}

}

33 changes: 33 additions & 0 deletions twingate/internal/attr/dns-filtering-profile.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
package attr

const (
Priority = "priority"
FallbackMethod = "fallback_method"
AllowedDomains = "allowed_domains"
DeniedDomains = "denied_domains"
Domains = "domains"
PrivacyCategories = "privacy_categories"
BlockAffiliateLinks = "block_affiliate_links"
BlockDisguisedTrackers = "block_disguised_trackers"
BlockAdsAndTrackers = "block_ads_and_trackers"
SecurityCategories = "security_categories"
EnableThreatIntelligenceFeeds = "enable_threat_intelligence_feeds"
EnableGoogleSafeBrowsing = "enable_google_safe_browsing"
BlockCryptojacking = "block_cryptojacking"
BlockIdnHomoglyph = "block_idn_homoglyph"
BlockTyposquatting = "block_typosquatting"
BlockDNSRebinding = "block_dns_rebinding"
BlockNewlyRegisteredDomains = "block_newly_registered_domains"
BlockDomainGenerationAlgorithms = "block_domain_generation_algorithms"
BlockParkedDomains = "block_parked_domains"
ContentCategories = "content_categories"
BlockGambling = "block_gambling"
BlockDating = "block_dating"
BlockAdultContent = "block_adult_content"
BlockSocialMedia = "block_social_media"
BlockGames = "block_games"
BlockStreaming = "block_streaming"
BlockPiracy = "block_piracy"
EnableYoutubeRestrictedMode = "enable_youtube_restricted_mode"
EnableSafesearch = "enable_safesearch"
)
Loading