feat: feat(leaked_credentials_check): Add GET endpoint for leaked_credentials_check/detections

stainless-app[bot] · stainless-app[bot] · commit feafd9c466ec · 2025-12-12T17:16:18.000Z
* feat(leaked_credentials_check): Add GET endpoint for leaked_credentials_check/detections
diff --git a/.stats.yml b/.stats.yml
@@ -1,4 +1,4 @@
-configured_endpoints: 1922
+configured_endpoints: 1923
 openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-5fc91fe703941755eabe8e53f6d53056d31c38bff2f098dfa2389512e52b586f.yml
 openapi_spec_hash: 7d4707f46e5b07408d6a083bfe164f51
-config_hash: d300d915a7b88f436c0498af4048e337
+config_hash: 93c66810e920a180099213f0e36aacbd
diff --git a/examples/data-sources/cloudflare_leaked_credential_check_rule/data-source.tf b/examples/data-sources/cloudflare_leaked_credential_check_rule/data-source.tf
@@ -0,0 +1,4 @@
+data "cloudflare_leaked_credential_check_rule" "example_leaked_credential_check_rule" {
+  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
+  detection_id = "18a14bafaa8eb1df04ce683ec18c765e"
+}
diff --git a/examples/resources/cloudflare_leaked_credential_check_rule/import.sh b/examples/resources/cloudflare_leaked_credential_check_rule/import.sh
@@ -0,0 +1 @@
+$ terraform import cloudflare_leaked_credential_check_rule.example '<zone_id>/<detection_id>'
diff --git a/go.mod b/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.34
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.63.0
 	github.com/cloudflare/cloudflare-go v0.115.0
-	github.com/cloudflare/cloudflare-go/v6 v6.4.1-0.20251211200320-23fdbc69d399
+	github.com/cloudflare/cloudflare-go/v6 v6.4.1-0.20251212171349-2c4f6f5f09e5
 	github.com/davecgh/go-spew v1.1.1
 	github.com/hashicorp/go-uuid v1.0.3
 	github.com/hashicorp/terraform-plugin-docs v0.21.0
diff --git a/go.sum b/go.sum
@@ -67,8 +67,8 @@ github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ
 github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
 github.com/cloudflare/cloudflare-go v0.115.0 h1:84/dxeeXweCc0PN5Cto44iTA8AkG1fyT11yPO5ZB7sM=
 github.com/cloudflare/cloudflare-go v0.115.0/go.mod h1:Ds6urDwn/TF2uIU24mu7H91xkKP8gSAHxQ44DSZgVmU=
-github.com/cloudflare/cloudflare-go/v6 v6.4.1-0.20251211200320-23fdbc69d399 h1:aTfo/eJsQ07vlURIPDmhOMJIlqWuVGA//fqcAKtP5wk=
-github.com/cloudflare/cloudflare-go/v6 v6.4.1-0.20251211200320-23fdbc69d399/go.mod h1:Lj3MUqjvKctXRpdRhLQxZYRrNZHuRs0XYuH8JtQGyoI=
+github.com/cloudflare/cloudflare-go/v6 v6.4.1-0.20251212171349-2c4f6f5f09e5 h1:D2uVWjB6EpsZtvepMsA4L57NF+MMP+/29MGhygTYhMk=
+github.com/cloudflare/cloudflare-go/v6 v6.4.1-0.20251212171349-2c4f6f5f09e5/go.mod h1:Lj3MUqjvKctXRpdRhLQxZYRrNZHuRs0XYuH8JtQGyoI=
 github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s=
 github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
diff --git a/internal/provider.go b/internal/provider.go
@@ -952,6 +952,7 @@ func (p *CloudflareProvider) DataSources(ctx context.Context) []func() datasourc
 		workflow.NewWorkflowDataSource,
 		workflow.NewWorkflowsDataSource,
 		leaked_credential_check.NewLeakedCredentialCheckDataSource,
+		leaked_credential_check_rule.NewLeakedCredentialCheckRuleDataSource,
 		leaked_credential_check_rule.NewLeakedCredentialCheckRulesDataSource,
 		content_scanning.NewContentScanningDataSource,
 		content_scanning_expression.NewContentScanningExpressionsDataSource,
diff --git a/internal/services/leaked_credential_check_rule/data_source.go b/internal/services/leaked_credential_check_rule/data_source.go
@@ -0,0 +1,89 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package leaked_credential_check_rule
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/cloudflare/cloudflare-go/v6"
+	"github.com/cloudflare/cloudflare-go/v6/option"
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/apijson"
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/logging"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+)
+
+type LeakedCredentialCheckRuleDataSource struct {
+	client *cloudflare.Client
+}
+
+var _ datasource.DataSourceWithConfigure = (*LeakedCredentialCheckRuleDataSource)(nil)
+
+func NewLeakedCredentialCheckRuleDataSource() datasource.DataSource {
+	return &LeakedCredentialCheckRuleDataSource{}
+}
+
+func (d *LeakedCredentialCheckRuleDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_leaked_credential_check_rule"
+}
+
+func (d *LeakedCredentialCheckRuleDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(*cloudflare.Client)
+
+	if !ok {
+		resp.Diagnostics.AddError(
+			"unexpected resource configure type",
+			fmt.Sprintf("Expected *cloudflare.Client, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+
+		return
+	}
+
+	d.client = client
+}
+
+func (d *LeakedCredentialCheckRuleDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var data *LeakedCredentialCheckRuleDataSourceModel
+
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	params, diags := data.toReadParams(ctx)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	res := new(http.Response)
+	env := LeakedCredentialCheckRuleResultDataSourceEnvelope{*data}
+	_, err := d.client.LeakedCredentialChecks.Detections.Get(
+		ctx,
+		data.DetectionID.ValueString(),
+		params,
+		option.WithResponseBodyInto(&res),
+		option.WithMiddleware(logging.Middleware(ctx)),
+	)
+	if err != nil {
+		resp.Diagnostics.AddError("failed to make http request", err.Error())
+		return
+	}
+	bytes, _ := io.ReadAll(res.Body)
+	err = apijson.UnmarshalComputed(bytes, &env)
+	if err != nil {
+		resp.Diagnostics.AddError("failed to deserialize http request", err.Error())
+		return
+	}
+	data = &env.Result
+	data.ID = data.DetectionID
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
diff --git a/internal/services/leaked_credential_check_rule/data_source_model.go b/internal/services/leaked_credential_check_rule/data_source_model.go
@@ -0,0 +1,32 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package leaked_credential_check_rule
+
+import (
+	"context"
+
+	"github.com/cloudflare/cloudflare-go/v6"
+	"github.com/cloudflare/cloudflare-go/v6/leaked_credential_checks"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+type LeakedCredentialCheckRuleResultDataSourceEnvelope struct {
+	Result LeakedCredentialCheckRuleDataSourceModel `json:"result,computed"`
+}
+
+type LeakedCredentialCheckRuleDataSourceModel struct {
+	ID          types.String `tfsdk:"id" path:"detection_id,computed"`
+	DetectionID types.String `tfsdk:"detection_id" path:"detection_id,required"`
+	ZoneID      types.String `tfsdk:"zone_id" path:"zone_id,required"`
+	Password    types.String `tfsdk:"password" json:"password,computed"`
+	Username    types.String `tfsdk:"username" json:"username,computed"`
+}
+
+func (m *LeakedCredentialCheckRuleDataSourceModel) toReadParams(_ context.Context) (params leaked_credential_checks.DetectionGetParams, diags diag.Diagnostics) {
+	params = leaked_credential_checks.DetectionGetParams{
+		ZoneID: cloudflare.F(m.ZoneID.ValueString()),
+	}
+
+	return
+}
diff --git a/internal/services/leaked_credential_check_rule/data_source_schema.go b/internal/services/leaked_credential_check_rule/data_source_schema.go
@@ -0,0 +1,47 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package leaked_credential_check_rule
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+)
+
+var _ datasource.DataSourceWithConfigValidators = (*LeakedCredentialCheckRuleDataSource)(nil)
+
+func DataSourceSchema(ctx context.Context) schema.Schema {
+	return schema.Schema{
+		Attributes: map[string]schema.Attribute{
+			"id": schema.StringAttribute{
+				Description: "Defines the unique ID for this custom detection.",
+				Computed:    true,
+			},
+			"detection_id": schema.StringAttribute{
+				Description: "Defines the unique ID for this custom detection.",
+				Required:    true,
+			},
+			"zone_id": schema.StringAttribute{
+				Description: "Defines an identifier.",
+				Required:    true,
+			},
+			"password": schema.StringAttribute{
+				Description: "Defines ehe ruleset expression to use in matching the password in a request.",
+				Computed:    true,
+			},
+			"username": schema.StringAttribute{
+				Description: "Defines the ruleset expression to use in matching the username in a request.",
+				Computed:    true,
+			},
+		},
+	}
+}
+
+func (d *LeakedCredentialCheckRuleDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = DataSourceSchema(ctx)
+}
+
+func (d *LeakedCredentialCheckRuleDataSource) ConfigValidators(_ context.Context) []datasource.ConfigValidator {
+	return []datasource.ConfigValidator{}
+}
diff --git a/internal/services/leaked_credential_check_rule/data_source_schema_test.go b/internal/services/leaked_credential_check_rule/data_source_schema_test.go
@@ -0,0 +1,19 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+package leaked_credential_check_rule_test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/services/leaked_credential_check_rule"
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/test_helpers"
+)
+
+func TestLeakedCredentialCheckRuleDataSourceModelSchemaParity(t *testing.T) {
+	t.Parallel()
+	model := (*leaked_credential_check_rule.LeakedCredentialCheckRuleDataSourceModel)(nil)
+	schema := leaked_credential_check_rule.DataSourceSchema(context.TODO())
+	errs := test_helpers.ValidateDataSourceModelSchemaIntegrity(model, schema)
+	errs.Report(t)
+}
diff --git a/internal/services/leaked_credential_check_rule/resource.go b/internal/services/leaked_credential_check_rule/resource.go
@@ -12,13 +12,16 @@ import (
 	"github.com/cloudflare/cloudflare-go/v6/leaked_credential_checks"
 	"github.com/cloudflare/cloudflare-go/v6/option"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/apijson"
+	"github.com/cloudflare/terraform-provider-cloudflare/internal/importpath"
 	"github.com/cloudflare/terraform-provider-cloudflare/internal/logging"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/types"
 )
 
 // Ensure provider defined types fully satisfy framework interfaces.
 var _ resource.ResourceWithConfigure = (*LeakedCredentialCheckRuleResource)(nil)
 var _ resource.ResourceWithModifyPlan = (*LeakedCredentialCheckRuleResource)(nil)
+var _ resource.ResourceWithImportState = (*LeakedCredentialCheckRuleResource)(nil)
 
 func NewResource() resource.Resource {
 	return &LeakedCredentialCheckRuleResource{}
@@ -142,7 +145,43 @@ func (r *LeakedCredentialCheckRuleResource) Update(ctx context.Context, req reso
 }
 
 func (r *LeakedCredentialCheckRuleResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+	var data *LeakedCredentialCheckRuleModel
+
+	resp.Diagnostics.Append(req.State.Get(ctx, &data)...)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	res := new(http.Response)
+	env := LeakedCredentialCheckRuleResultEnvelope{*data}
+	_, err := r.client.LeakedCredentialChecks.Detections.Get(
+		ctx,
+		data.ID.ValueString(),
+		leaked_credential_checks.DetectionGetParams{
+			ZoneID: cloudflare.F(data.ZoneID.ValueString()),
+		},
+		option.WithResponseBodyInto(&res),
+		option.WithMiddleware(logging.Middleware(ctx)),
+	)
+	if res != nil && res.StatusCode == 404 {
+		resp.Diagnostics.AddWarning("Resource not found", "The resource was not found on the server and will be removed from state.")
+		resp.State.RemoveResource(ctx)
+		return
+	}
+	if err != nil {
+		resp.Diagnostics.AddError("failed to make http request", err.Error())
+		return
+	}
+	bytes, _ := io.ReadAll(res.Body)
+	err = apijson.Unmarshal(bytes, &env)
+	if err != nil {
+		resp.Diagnostics.AddError("failed to deserialize http request", err.Error())
+		return
+	}
+	data = &env.Result
 
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
 }
 
 func (r *LeakedCredentialCheckRuleResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
@@ -170,6 +209,51 @@ func (r *LeakedCredentialCheckRuleResource) Delete(ctx context.Context, req reso
 	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
 }
 
+func (r *LeakedCredentialCheckRuleResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
+	var data = new(LeakedCredentialCheckRuleModel)
+
+	path_zone_id := ""
+	path_detection_id := ""
+	diags := importpath.ParseImportID(
+		req.ID,
+		"<zone_id>/<detection_id>",
+		&path_zone_id,
+		&path_detection_id,
+	)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	data.ZoneID = types.StringValue(path_zone_id)
+	data.ID = types.StringValue(path_detection_id)
+
+	res := new(http.Response)
+	env := LeakedCredentialCheckRuleResultEnvelope{*data}
+	_, err := r.client.LeakedCredentialChecks.Detections.Get(
+		ctx,
+		path_detection_id,
+		leaked_credential_checks.DetectionGetParams{
+			ZoneID: cloudflare.F(path_zone_id),
+		},
+		option.WithResponseBodyInto(&res),
+		option.WithMiddleware(logging.Middleware(ctx)),
+	)
+	if err != nil {
+		resp.Diagnostics.AddError("failed to make http request", err.Error())
+		return
+	}
+	bytes, _ := io.ReadAll(res.Body)
+	err = apijson.Unmarshal(bytes, &env)
+	if err != nil {
+		resp.Diagnostics.AddError("failed to deserialize http request", err.Error())
+		return
+	}
+	data = &env.Result
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
+}
+
 func (r *LeakedCredentialCheckRuleResource) ModifyPlan(_ context.Context, _ resource.ModifyPlanRequest, _ *resource.ModifyPlanResponse) {
 
 }

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+$ terraform import cloudflare_leaked_credential_check_rule.example '<zone_id>/<detection_id>'`
-Original file line number
+Diff line change
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.34
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.63.0
 	github.com/cloudflare/cloudflare-go v0.115.0
 -	github.com/cloudflare/cloudflare-go/v6 v6.4.1-0.20251211200320-23fdbc69d399
 +	github.com/cloudflare/cloudflare-go/v6 v6.4.1-0.20251212171349-2c4f6f5f09e5
 	github.com/davecgh/go-spew v1.1.1
 	github.com/hashicorp/go-uuid v1.0.3
 	github.com/hashicorp/terraform-plugin-docs v0.21.0