diff --git a/.changelog/1415.txt b/.changelog/1415.txt new file mode 100644 index 00000000000..fb5222d8e60 --- /dev/null +++ b/.changelog/1415.txt @@ -0,0 +1,4 @@ +```release-note:enhancement +access_organization: Add support for session_duration +access_policy: Add support for session_duration +``` diff --git a/access_organization.go b/access_organization.go index ef48e2f22bc..bb02b1ca46d 100644 --- a/access_organization.go +++ b/access_organization.go @@ -20,6 +20,7 @@ type AccessOrganization struct { UIReadOnlyToggleReason string `json:"ui_read_only_toggle_reason,omitempty"` UserSeatExpirationInactiveTime string `json:"user_seat_expiration_inactive_time,omitempty"` AutoRedirectToIdentity *bool `json:"auto_redirect_to_identity,omitempty"` + SessionDuration *string `json:"session_duration,omitempty"` CustomPages AccessOrganizationCustomPages `json:"custom_pages,omitempty"` } @@ -64,6 +65,7 @@ type CreateAccessOrganizationParams struct { UIReadOnlyToggleReason string `json:"ui_read_only_toggle_reason,omitempty"` UserSeatExpirationInactiveTime string `json:"user_seat_expiration_inactive_time,omitempty"` AutoRedirectToIdentity *bool `json:"auto_redirect_to_identity,omitempty"` + SessionDuration *string `json:"session_duration,omitempty"` CustomPages AccessOrganizationCustomPages `json:"custom_pages,omitempty"` } @@ -75,6 +77,7 @@ type UpdateAccessOrganizationParams struct { UIReadOnlyToggleReason string `json:"ui_read_only_toggle_reason,omitempty"` UserSeatExpirationInactiveTime string `json:"user_seat_expiration_inactive_time,omitempty"` AutoRedirectToIdentity *bool `json:"auto_redirect_to_identity,omitempty"` + SessionDuration *string `json:"session_duration,omitempty"` CustomPages AccessOrganizationCustomPages `json:"custom_pages,omitempty"` } diff --git a/access_organization_test.go b/access_organization_test.go index 1407eb7a9cd..49eed89f8e0 100644 --- a/access_organization_test.go +++ b/access_organization_test.go @@ -29,6 +29,7 @@ func TestAccessOrganization(t *testing.T) { "is_ui_read_only": false, "user_seat_expiration_inactive_time": "720h", "auto_redirect_to_identity": true, + "session_duration": "12h", "login_design": { "background_color": "#c5ed1b", "logo_path": "https://example.com/logo.png", @@ -43,7 +44,7 @@ func TestAccessOrganization(t *testing.T) { createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z") updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z") - + sessionDuration := "12h" want := AccessOrganization{ Name: "Widget Corps Internal Applications", CreatedAt: &createdAt, @@ -57,6 +58,7 @@ func TestAccessOrganization(t *testing.T) { FooterText: "© Widget Corp", }, IsUIReadOnly: BoolPtr(false), + SessionDuration: &sessionDuration, UserSeatExpirationInactiveTime: "720h", AutoRedirectToIdentity: BoolPtr(true), } @@ -95,6 +97,7 @@ func TestCreateAccessOrganization(t *testing.T) { "name": "Widget Corps Internal Applications", "auth_domain": "test.cloudflareaccess.com", "is_ui_read_only": true, + "session_duration": "12h", "login_design": { "background_color": "#c5ed1b", "logo_path": "https://example.com/logo.png", @@ -109,6 +112,7 @@ func TestCreateAccessOrganization(t *testing.T) { createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z") updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z") + sessionDuration := "12h" want := AccessOrganization{ CreatedAt: &createdAt, @@ -122,7 +126,8 @@ func TestCreateAccessOrganization(t *testing.T) { HeaderText: "Widget Corp", FooterText: "© Widget Corp", }, - IsUIReadOnly: BoolPtr(true), + IsUIReadOnly: BoolPtr(true), + SessionDuration: &sessionDuration, } mux.HandleFunc("/accounts/"+testAccountID+"/access/organizations", handler) @@ -137,7 +142,8 @@ func TestCreateAccessOrganization(t *testing.T) { HeaderText: "Widget Corp", FooterText: "© Widget Corp", }, - IsUIReadOnly: BoolPtr(true), + IsUIReadOnly: BoolPtr(true), + SessionDuration: &sessionDuration, }) if assert.NoError(t, err) { @@ -156,7 +162,8 @@ func TestCreateAccessOrganization(t *testing.T) { HeaderText: "Widget Corp", FooterText: "© Widget Corp", }, - IsUIReadOnly: BoolPtr(true), + IsUIReadOnly: BoolPtr(true), + SessionDuration: &sessionDuration, }) if assert.NoError(t, err) { @@ -188,7 +195,8 @@ func TestUpdateAccessOrganization(t *testing.T) { "footer_text": "© Widget Corp" }, "is_ui_read_only": false, - "ui_read_only_toggle_reason": "this is my reason" + "ui_read_only_toggle_reason": "this is my reason", + "sessionDuration": "12h" } } `) @@ -196,6 +204,7 @@ func TestUpdateAccessOrganization(t *testing.T) { createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z") updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z") + sessionDuration := "12h" want := AccessOrganization{ CreatedAt: &createdAt, @@ -211,6 +220,7 @@ func TestUpdateAccessOrganization(t *testing.T) { }, IsUIReadOnly: BoolPtr(false), UIReadOnlyToggleReason: "this is my reason", + SessionDuration: &sessionDuration, } mux.HandleFunc("/accounts/"+testAccountID+"/access/organizations", handler) @@ -226,6 +236,7 @@ func TestUpdateAccessOrganization(t *testing.T) { FooterText: "© Widget Corp", }, IsUIReadOnly: BoolPtr(false), + SessionDuration: &sessionDuration, UIReadOnlyToggleReason: "this is my reason", }) @@ -247,6 +258,7 @@ func TestUpdateAccessOrganization(t *testing.T) { }, IsUIReadOnly: BoolPtr(false), UIReadOnlyToggleReason: "this is my reason", + SessionDuration: &sessionDuration, }) if assert.NoError(t, err) { diff --git a/access_policy.go b/access_policy.go index 4219446f24e..0e1ae41c6d2 100644 --- a/access_policy.go +++ b/access_policy.go @@ -31,6 +31,7 @@ type AccessPolicy struct { Name string `json:"name"` IsolationRequired *bool `json:"isolation_required,omitempty"` + SessionDuration *string `json:"session_duration,omitempty"` PurposeJustificationRequired *bool `json:"purpose_justification_required,omitempty"` PurposeJustificationPrompt *string `json:"purpose_justification_prompt,omitempty"` ApprovalRequired *bool `json:"approval_required,omitempty"` @@ -84,6 +85,7 @@ type CreateAccessPolicyParams struct { Name string `json:"name"` IsolationRequired *bool `json:"isolation_required,omitempty"` + SessionDuration *string `json:"session_duration,omitempty"` PurposeJustificationRequired *bool `json:"purpose_justification_required,omitempty"` PurposeJustificationPrompt *string `json:"purpose_justification_prompt,omitempty"` ApprovalRequired *bool `json:"approval_required,omitempty"` @@ -111,6 +113,7 @@ type UpdateAccessPolicyParams struct { Name string `json:"name"` IsolationRequired *bool `json:"isolation_required,omitempty"` + SessionDuration *string `json:"session_duration,omitempty"` PurposeJustificationRequired *bool `json:"purpose_justification_required,omitempty"` PurposeJustificationPrompt *string `json:"purpose_justification_prompt,omitempty"` ApprovalRequired *bool `json:"approval_required,omitempty"` diff --git a/access_policy_test.go b/access_policy_test.go index 045c4533787..7c745a244bb 100644 --- a/access_policy_test.go +++ b/access_policy_test.go @@ -19,6 +19,7 @@ var ( updatedAt, _ = time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z") expiresAt, _ = time.Parse(time.RFC3339, "2015-01-01T05:20:00.12345Z") + sessionDuration = "12h" isolationRequired = true purposeJustificationRequired = true purposeJustificationPrompt = "Please provide a business reason for your need to access before continuing." @@ -41,6 +42,7 @@ var ( map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}}, }, IsolationRequired: &isolationRequired, + SessionDuration: &sessionDuration, PurposeJustificationRequired: &purposeJustificationRequired, ApprovalRequired: &approvalRequired, PurposeJustificationPrompt: &purposeJustificationPrompt, @@ -101,6 +103,7 @@ func TestAccessPolicies(t *testing.T) { "purpose_justification_required": true, "purpose_justification_prompt": "Please provide a business reason for your need to access before continuing.", "approval_required": true, + "session_duration": "12h", "approval_groups": [ { "email_list_uuid": "2413b6d7-bbe5-48bd-8fbb-e52069c85561", @@ -185,6 +188,7 @@ func TestAccessPolicy(t *testing.T) { "purpose_justification_required": true, "purpose_justification_prompt": "Please provide a business reason for your need to access before continuing.", "approval_required": true, + "session_duration": "12h", "approval_groups": [ { "email_list_uuid": "2413b6d7-bbe5-48bd-8fbb-e52069c85561", @@ -260,6 +264,7 @@ func TestCreateAccessPolicy(t *testing.T) { "purpose_justification_required": true, "purpose_justification_prompt": "Please provide a business reason for your need to access before continuing.", "approval_required": true, + "session_duration": "12h", "approval_groups": [ { "email_list_uuid": "2413b6d7-bbe5-48bd-8fbb-e52069c85561", @@ -296,6 +301,7 @@ func TestCreateAccessPolicy(t *testing.T) { Decision: "allow", PurposeJustificationRequired: &purposeJustificationRequired, PurposeJustificationPrompt: &purposeJustificationPrompt, + SessionDuration: &sessionDuration, ApprovalGroups: []AccessApprovalGroup{ { EmailListUuid: "2413b6d7-bbe5-48bd-8fbb-e52069c85561", @@ -328,6 +334,8 @@ func TestCreateAccessPolicy(t *testing.T) { func TestCreateAccessPolicyAuthContextRule(t *testing.T) { setup() defer teardown() + + sessionDuration := "12h" expectedAccessPolicyAuthContext := AccessPolicy{ ID: "699d98642c564d2e855e9661899b7252", Precedence: 1, @@ -346,6 +354,7 @@ func TestCreateAccessPolicyAuthContextRule(t *testing.T) { PurposeJustificationRequired: &purposeJustificationRequired, ApprovalRequired: &approvalRequired, PurposeJustificationPrompt: &purposeJustificationPrompt, + SessionDuration: &sessionDuration, ApprovalGroups: []AccessApprovalGroup{ { EmailListUuid: "2413b6d7-bbe5-48bd-8fbb-e52069c85561", @@ -393,6 +402,7 @@ func TestCreateAccessPolicyAuthContextRule(t *testing.T) { "purpose_justification_required": true, "purpose_justification_prompt": "Please provide a business reason for your need to access before continuing.", "approval_required": true, + "session_duration": "12h", "approval_groups": [ { "email_list_uuid": "2413b6d7-bbe5-48bd-8fbb-e52069c85561", @@ -464,6 +474,7 @@ func TestUpdateAccessPolicy(t *testing.T) { setup() defer teardown() + sessionDuration := "12h" accessPolicy := UpdateAccessPolicyParams{ ApplicationID: accessApplicationID, PolicyID: accessPolicyID, @@ -483,6 +494,7 @@ func TestUpdateAccessPolicy(t *testing.T) { PurposeJustificationRequired: &purposeJustificationRequired, ApprovalRequired: &approvalRequired, PurposeJustificationPrompt: &purposeJustificationPrompt, + SessionDuration: &sessionDuration, ApprovalGroups: []AccessApprovalGroup{ { EmailListUuid: "2413b6d7-bbe5-48bd-8fbb-e52069c85561", @@ -508,6 +520,7 @@ func TestUpdateAccessPolicy(t *testing.T) { "created_at": "2014-01-01T05:20:00.12345Z", "updated_at": "2014-01-01T05:20:00.12345Z", "name": "Allow devs", + "session_duration": "12h", "include": [ { "email": {