com.pulumi.cloudflare.Ruleset Maven / Gradle / Ivy
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.cloudflare;
import com.pulumi.cloudflare.RulesetArgs;
import com.pulumi.cloudflare.Utilities;
import com.pulumi.cloudflare.inputs.RulesetState;
import com.pulumi.cloudflare.outputs.RulesetRule;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Export;
import com.pulumi.core.annotations.ResourceType;
import com.pulumi.core.internal.Codegen;
import java.lang.String;
import java.util.List;
import java.util.Optional;
import javax.annotation.Nullable;
/**
* ## Example Usage
*
* ```java
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.cloudflare.Ruleset;
* import com.pulumi.cloudflare.RulesetArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersOverridesArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriPathArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriQueryArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleRatelimitArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersOriginArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersBrowserTtlArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyHostArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyUserArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersEdgeTtlArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersServeStaleArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromListArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromValueArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromValueTargetUrlArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var magicTransitExample = new Ruleset("magicTransitExample", RulesetArgs.builder()
* .accountId("f037e56e89293a057740de681ac9abbe")
* .description("example magic transit ruleset description")
* .kind("root")
* .name("account magic transit")
* .phase("magic_transit")
* .rules(RulesetRuleArgs.builder()
* .action("allow")
* .description("Allow TCP Ephemeral Ports")
* .expression("tcp.dstport in { 32768..65535 }")
* .build())
* .build());
*
* var zoneLevelManagedWaf = new Ruleset("zoneLevelManagedWaf", RulesetArgs.builder()
* .description("managed WAF ruleset description")
* .kind("zone")
* .name("managed WAF")
* .phase("http_request_firewall_managed")
* .rules(RulesetRuleArgs.builder()
* .action("execute")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .id("efb7b8c949ac4650a09736fc376e9aee")
* .build())
* .description("Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset")
* .enabled(true)
* .expression("(http.host eq \"example.host.com\")")
* .build())
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .build());
*
* var zoneLevelManagedWafWithCategoryBasedOverrides = new Ruleset("zoneLevelManagedWafWithCategoryBasedOverrides", RulesetArgs.builder()
* .description("managed WAF with tag-based overrides ruleset description")
* .kind("zone")
* .name("managed WAF with tag-based overrides")
* .phase("http_request_firewall_managed")
* .rules(RulesetRuleArgs.builder()
* .action("execute")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .id("efb7b8c949ac4650a09736fc376e9aee")
* .overrides(RulesetRuleActionParametersOverridesArgs.builder()
* .categories(
* RulesetRuleActionParametersOverridesCategoryArgs.builder()
* .action("block")
* .category("wordpress")
* .status("enabled")
* .build(),
* RulesetRuleActionParametersOverridesCategoryArgs.builder()
* .action("block")
* .category("joomla")
* .status("enabled")
* .build())
* .build())
* .build())
* .description("overrides to only enable wordpress rules to block")
* .enabled(false)
* .expression("(http.host eq \"example.host.com\")")
* .build())
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .build());
*
* var transformUriRulePath = new Ruleset("transformUriRulePath", RulesetArgs.builder()
* .description("change the URI path to a new static path")
* .kind("zone")
* .name("transform rule for URI path")
* .phase("http_request_transform")
* .rules(RulesetRuleArgs.builder()
* .action("rewrite")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .uri(RulesetRuleActionParametersUriArgs.builder()
* .path(RulesetRuleActionParametersUriPathArgs.builder()
* .value("/my-new-route")
* .build())
* .build())
* .build())
* .description("example URI path transform rule")
* .enabled(true)
* .expression("(http.host eq \"example.com\" and http.request.uri.path eq \"/old-path\")")
* .build())
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .build());
*
* var transformUriRuleQuery = new Ruleset("transformUriRuleQuery", RulesetArgs.builder()
* .description("change the URI query to a new static query")
* .kind("zone")
* .name("transform rule for URI query parameter")
* .phase("http_request_transform")
* .rules(RulesetRuleArgs.builder()
* .action("rewrite")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .uri(RulesetRuleActionParametersUriArgs.builder()
* .query(RulesetRuleActionParametersUriQueryArgs.builder()
* .value("old=new_again")
* .build())
* .build())
* .build())
* .description("URI transformation query example")
* .enabled(true)
* .expression("(http.host eq \"example.host.com\")")
* .build())
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .build());
*
* var transformUriHttpHeaders = new Ruleset("transformUriHttpHeaders", RulesetArgs.builder()
* .description("modify HTTP headers before reaching origin")
* .kind("zone")
* .name("transform rule for HTTP headers")
* .phase("http_request_late_transform")
* .rules(RulesetRuleArgs.builder()
* .action("rewrite")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .headers(
* RulesetRuleActionParametersHeaderArgs.builder()
* .name("example-http-header-1")
* .operation("set")
* .value("my-http-header-value-1")
* .build(),
* RulesetRuleActionParametersHeaderArgs.builder()
* .expression("cf.zone.name")
* .name("example-http-header-2")
* .operation("set")
* .build(),
* RulesetRuleActionParametersHeaderArgs.builder()
* .name("example-http-header-3-to-remove")
* .operation("remove")
* .build())
* .build())
* .description("example request header transform rule")
* .enabled(false)
* .expression("(http.host eq \"example.host.com\")")
* .build())
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .build());
*
* var rateLimitingExample = new Ruleset("rateLimitingExample", RulesetArgs.builder()
* .description("apply HTTP rate limiting for a route")
* .kind("zone")
* .name("restrict API requests count")
* .phase("http_ratelimit")
* .rules(RulesetRuleArgs.builder()
* .action("block")
* .description("rate limit for API")
* .enabled(true)
* .expression("(http.request.uri.path matches \"^/api/\")")
* .ratelimit(RulesetRuleRatelimitArgs.builder()
* .characteristics(
* "cf.colo.id",
* "ip.src")
* .mitigationTimeout(600)
* .period(60)
* .requestsPerPeriod(100)
* .build())
* .build())
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .build());
*
* var httpOriginExample = new Ruleset("httpOriginExample", RulesetArgs.builder()
* .description("Change origin for a route")
* .kind("zone")
* .name("Change to some origin")
* .phase("http_request_origin")
* .rules(RulesetRuleArgs.builder()
* .action("route")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .hostHeader("some.host")
* .origin(RulesetRuleActionParametersOriginArgs.builder()
* .host("some.host")
* .port(80)
* .build())
* .build())
* .description("change origin to some.host")
* .enabled(true)
* .expression("(http.request.uri.path matches \"^/api/\")")
* .build())
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .build());
*
* var customFieldsLoggingExample = new Ruleset("customFieldsLoggingExample", RulesetArgs.builder()
* .description("add custom fields to logging")
* .kind("zone")
* .name("log custom fields")
* .phase("http_log_custom_fields")
* .rules(RulesetRuleArgs.builder()
* .action("log_custom_field")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .cookieFields(
* "__ga",
* "accountNumber",
* "__cfruid")
* .requestFields(
* "content-type",
* "x-forwarded-for",
* "host")
* .responseFields(
* "server",
* "content-type",
* "allow")
* .build())
* .description("log custom fields rule")
* .enabled(true)
* .expression("(http.host eq \"example.host.com\")")
* .build())
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .build());
*
* var cacheSettingsExample = new Ruleset("cacheSettingsExample", RulesetArgs.builder()
* .description("set cache settings for the request")
* .kind("zone")
* .name("set cache settings")
* .phase("http_request_cache_settings")
* .rules(RulesetRuleArgs.builder()
* .action("set_cache_settings")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .browserTtl(RulesetRuleActionParametersBrowserTtlArgs.builder()
* .mode("respect_origin")
* .build())
* .cacheKey(RulesetRuleActionParametersCacheKeyArgs.builder()
* .cacheDeceptionArmor(true)
* .customKey(RulesetRuleActionParametersCacheKeyCustomKeyArgs.builder()
* .cookie(RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs.builder()
* .checkPresence(
* "cabc_t",
* "cdef_t")
* .include(
* "cabc",
* "cdef")
* .build())
* .header(RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs.builder()
* .checkPresence(
* "habc_t",
* "hdef_t")
* .excludeOrigin(true)
* .include(
* "habc",
* "hdef")
* .build())
* .host(RulesetRuleActionParametersCacheKeyCustomKeyHostArgs.builder()
* .resolved(true)
* .build())
* .queryString(RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs.builder()
* .exclude("*")
* .build())
* .user(RulesetRuleActionParametersCacheKeyCustomKeyUserArgs.builder()
* .deviceType(true)
* .geo(false)
* .build())
* .build())
* .ignoreQueryStringsOrder(false)
* .build())
* .edgeTtl(RulesetRuleActionParametersEdgeTtlArgs.builder()
* .default_(60)
* .mode("override_origin")
* .statusCodeTtl(
* %!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference),
* %!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
* .build())
* .originErrorPagePassthru(false)
* .respectStrongEtags(true)
* .serveStale(RulesetRuleActionParametersServeStaleArgs.builder()
* .disableStaleWhileUpdating(true)
* .build())
* .build())
* .description("set cache settings rule")
* .enabled(true)
* .expression("(http.host eq \"example.host.com\")")
* .build())
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .build());
*
* var redirectFromListExample = new Ruleset("redirectFromListExample", RulesetArgs.builder()
* .accountId("f037e56e89293a057740de681ac9abbe")
* .description("Redirect ruleset")
* .kind("root")
* .name("redirects")
* .phase("http_request_redirect")
* .rules(RulesetRuleArgs.builder()
* .action("redirect")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .fromList(RulesetRuleActionParametersFromListArgs.builder()
* .key("http.request.full_uri")
* .name("redirect_list")
* .build())
* .build())
* .description("Apply redirects from redirect_list")
* .enabled(true)
* .expression("http.request.full_uri in $redirect_list")
* .build())
* .build());
*
* var redirectFromValueExample = new Ruleset("redirectFromValueExample", RulesetArgs.builder()
* .description("Redirect ruleset")
* .kind("root")
* .name("redirects")
* .phase("http_request_dynamic_redirect")
* .rules(RulesetRuleArgs.builder()
* .action("redirect")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .fromValue(RulesetRuleActionParametersFromValueArgs.builder()
* .preserveQueryString(true)
* .statusCode(301)
* .targetUrl(RulesetRuleActionParametersFromValueTargetUrlArgs.builder()
* .value("some_host.com")
* .build())
* .build())
* .build())
* .description("Apply redirect from value")
* .enabled(true)
* .expression("(http.request.uri.path matches \"^/api/\")")
* .build())
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .build());
*
* var httpCustomErrorExample = new Ruleset("httpCustomErrorExample", RulesetArgs.builder()
* .description("Serve some error response")
* .kind("zone")
* .name("Serve some error response")
* .phase("http_custom_errors")
* .rules(RulesetRuleArgs.builder()
* .action("serve_error")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .content("some error html")
* .contentType("text/html")
* .statusCode("530")
* .build())
* .description("serve some error response")
* .enabled(true)
* .expression("(http.request.uri.path matches \"^/api/\")")
* .build())
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .build());
*
* var httpConfigRulesExample = new Ruleset("httpConfigRulesExample", RulesetArgs.builder()
* .description("set config rules for request")
* .kind("zone")
* .name("set config rules")
* .phase("http_config_settings")
* .rules(RulesetRuleArgs.builder()
* .action("set_config")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .bic(true)
* .emailObfuscation(true)
* .build())
* .description("set config rules for matching request")
* .enabled(true)
* .expression("(http.request.uri.path matches \"^/api/\")")
* .build())
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .build());
*
* }
* }
* ```
*
* ## Import
*
* Import an account scoped Ruleset configuration.
*
* ```sh
* $ pulumi import cloudflare:index/ruleset:Ruleset example account/<account_id>/<ruleset_id>
* ```
*
* Import a zone scoped Ruleset configuration.
*
* ```sh
* $ pulumi import cloudflare:index/ruleset:Ruleset example zone/<zone_id>/<ruleset_id>
* ```
*
*/
@ResourceType(type="cloudflare:index/ruleset:Ruleset")
public class Ruleset extends com.pulumi.resources.CustomResource {
/**
* The account identifier to target for the resource. Conflicts with `zone_id`.
*
*/
@Export(name="accountId", type=String.class, parameters={})
private Output accountId;
/**
* @return The account identifier to target for the resource. Conflicts with `zone_id`.
*
*/
public Output> accountId() {
return Codegen.optional(this.accountId);
}
/**
* Brief summary of the ruleset and its intended use.
*
*/
@Export(name="description", type=String.class, parameters={})
private Output description;
/**
* @return Brief summary of the ruleset and its intended use.
*
*/
public Output> description() {
return Codegen.optional(this.description);
}
/**
* Type of Ruleset to create. Available values: `custom`, `managed`, `root`, `schema`, `zone`.
*
*/
@Export(name="kind", type=String.class, parameters={})
private Output kind;
/**
* @return Type of Ruleset to create. Available values: `custom`, `managed`, `root`, `schema`, `zone`.
*
*/
public Output kind() {
return this.kind;
}
/**
* Name of the ruleset. **Modifying this attribute will force creation of a new resource.**
*
*/
@Export(name="name", type=String.class, parameters={})
private Output name;
/**
* @return Name of the ruleset. **Modifying this attribute will force creation of a new resource.**
*
*/
public Output name() {
return this.name;
}
/**
* Point in the request/response lifecycle where the ruleset will be created. Available values: `ddos_l4`, `ddos_l7`, `http_custom_errors`, `http_log_custom_fields`, `http_request_cache_settings`, `http_request_firewall_custom`, `http_request_firewall_managed`, `http_request_late_transform`, `http_request_late_transform_managed`, `http_request_main`, `http_request_origin`, `http_request_dynamic_redirect`, `http_request_redirect`, `http_request_sanitize`, `http_request_transform`, `http_response_firewall_managed`, `http_response_headers_transform`, `http_response_headers_transform_managed`, `magic_transit`, `http_ratelimit`, `http_request_sbfm`, `http_config_settings`.
*
*/
@Export(name="phase", type=String.class, parameters={})
private Output phase;
/**
* @return Point in the request/response lifecycle where the ruleset will be created. Available values: `ddos_l4`, `ddos_l7`, `http_custom_errors`, `http_log_custom_fields`, `http_request_cache_settings`, `http_request_firewall_custom`, `http_request_firewall_managed`, `http_request_late_transform`, `http_request_late_transform_managed`, `http_request_main`, `http_request_origin`, `http_request_dynamic_redirect`, `http_request_redirect`, `http_request_sanitize`, `http_request_transform`, `http_response_firewall_managed`, `http_response_headers_transform`, `http_response_headers_transform_managed`, `magic_transit`, `http_ratelimit`, `http_request_sbfm`, `http_config_settings`.
*
*/
public Output phase() {
return this.phase;
}
/**
* List of rules to apply to the ruleset.
*
*/
@Export(name="rules", type=List.class, parameters={RulesetRule.class})
private Output> rules;
/**
* @return List of rules to apply to the ruleset.
*
*/
public Output>> rules() {
return Codegen.optional(this.rules);
}
/**
* Name of entitlement that is shareable between entities.
*
*/
@Export(name="shareableEntitlementName", type=String.class, parameters={})
private Output shareableEntitlementName;
/**
* @return Name of entitlement that is shareable between entities.
*
*/
public Output> shareableEntitlementName() {
return Codegen.optional(this.shareableEntitlementName);
}
/**
* The zone identifier to target for the resource. Conflicts with `account_id`.
*
*/
@Export(name="zoneId", type=String.class, parameters={})
private Output zoneId;
/**
* @return The zone identifier to target for the resource. Conflicts with `account_id`.
*
*/
public Output> zoneId() {
return Codegen.optional(this.zoneId);
}
/**
*
* @param name The _unique_ name of the resulting resource.
*/
public Ruleset(String name) {
this(name, RulesetArgs.Empty);
}
/**
*
* @param name The _unique_ name of the resulting resource.
* @param args The arguments to use to populate this resource's properties.
*/
public Ruleset(String name, RulesetArgs args) {
this(name, args, null);
}
/**
*
* @param name The _unique_ name of the resulting resource.
* @param args The arguments to use to populate this resource's properties.
* @param options A bag of options that control this resource's behavior.
*/
public Ruleset(String name, RulesetArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
super("cloudflare:index/ruleset:Ruleset", name, args == null ? RulesetArgs.Empty : args, makeResourceOptions(options, Codegen.empty()));
}
private Ruleset(String name, Output id, @Nullable RulesetState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
super("cloudflare:index/ruleset:Ruleset", name, state, makeResourceOptions(options, id));
}
private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) {
var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder()
.version(Utilities.getVersion())
.build();
return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id);
}
/**
* Get an existing Host resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state
* @param options Optional settings to control the behavior of the CustomResource.
*/
public static Ruleset get(String name, Output id, @Nullable RulesetState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
return new Ruleset(name, id, state, options);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy