All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.cloudflare.kotlin.AccessPolicyArgs.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 5.40.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.cloudflare.kotlin

import com.pulumi.cloudflare.AccessPolicyArgs.builder
import com.pulumi.cloudflare.kotlin.inputs.AccessPolicyApprovalGroupArgs
import com.pulumi.cloudflare.kotlin.inputs.AccessPolicyApprovalGroupArgsBuilder
import com.pulumi.cloudflare.kotlin.inputs.AccessPolicyExcludeArgs
import com.pulumi.cloudflare.kotlin.inputs.AccessPolicyExcludeArgsBuilder
import com.pulumi.cloudflare.kotlin.inputs.AccessPolicyIncludeArgs
import com.pulumi.cloudflare.kotlin.inputs.AccessPolicyIncludeArgsBuilder
import com.pulumi.cloudflare.kotlin.inputs.AccessPolicyRequireArgs
import com.pulumi.cloudflare.kotlin.inputs.AccessPolicyRequireArgsBuilder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName

/**
 * Provides a Cloudflare Access Policy resource. Access Policies are
 * used in conjunction with Access Applications to restrict access to
 * a particular resource.
 * > It's required that an `account_id` or `zone_id` is provided and in most cases using either is fine.
 *    However, if you're using a scoped access token, you must provide the argument that matches the token's
 *    scope. For example, an access token that is scoped to the "example.com" zone needs to use the `zone_id` argument.
 *    If 'application_id' is omitted, the policy created can be reused by multiple access applications.
 *    Any cloudflare.AccessApplication resource can reference reusable policies through its `policies` argument.
 *    To destroy a reusable policy and remove it from all applications' policies lists on the same apply, preemptively set the
 *    lifecycle option `create_before_destroy` to true on the 'cloudflare_access_policy' resource.
 * ## Import
 * ```sh
 * $ pulumi import cloudflare:index/accessPolicy:AccessPolicy example account///
 * ```
 * @property accountId The account identifier to target for the resource. Conflicts with `zone_id`. **Modifying this attribute will force creation of a new resource.**
 * @property applicationId The ID of the application the policy is associated with. Required when using `precedence`. **Modifying this attribute will force creation of a new resource.**
 * @property approvalGroups
 * @property approvalRequired
 * @property decision Defines the action Access will take if the policy matches the user. Available values: `allow`, `deny`, `non_identity`, `bypass`.
 * @property excludes A series of access conditions, see Access Groups.
 * @property includes A series of access conditions, see Access Groups.
 * @property isolationRequired Require this application to be served in an isolated browser for users matching this policy.
 * @property name Friendly name of the Access Policy.
 * @property precedence The unique precedence for policies on a single application. Required when using `application_id`.
 * @property purposeJustificationPrompt The prompt to display to the user for a justification for accessing the resource. Required when using `purpose_justification_required`.
 * @property purposeJustificationRequired Whether to prompt the user for a justification for accessing the resource.
 * @property requires A series of access conditions, see Access Groups.
 * @property sessionDuration How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`.
 * @property zoneId The zone identifier to target for the resource. Conflicts with `account_id`. **Modifying this attribute will force creation of a new resource.**
 */
public data class AccessPolicyArgs(
    public val accountId: Output? = null,
    public val applicationId: Output? = null,
    public val approvalGroups: Output>? = null,
    public val approvalRequired: Output? = null,
    public val decision: Output? = null,
    public val excludes: Output>? = null,
    public val includes: Output>? = null,
    public val isolationRequired: Output? = null,
    public val name: Output? = null,
    public val precedence: Output? = null,
    public val purposeJustificationPrompt: Output? = null,
    public val purposeJustificationRequired: Output? = null,
    public val requires: Output>? = null,
    public val sessionDuration: Output? = null,
    public val zoneId: Output? = null,
) : ConvertibleToJava {
    override fun toJava(): com.pulumi.cloudflare.AccessPolicyArgs =
        com.pulumi.cloudflare.AccessPolicyArgs.builder()
            .accountId(accountId?.applyValue({ args0 -> args0 }))
            .applicationId(applicationId?.applyValue({ args0 -> args0 }))
            .approvalGroups(
                approvalGroups?.applyValue({ args0 ->
                    args0.map({ args0 ->
                        args0.let({ args0 ->
                            args0.toJava()
                        })
                    })
                }),
            )
            .approvalRequired(approvalRequired?.applyValue({ args0 -> args0 }))
            .decision(decision?.applyValue({ args0 -> args0 }))
            .excludes(
                excludes?.applyValue({ args0 ->
                    args0.map({ args0 ->
                        args0.let({ args0 ->
                            args0.toJava()
                        })
                    })
                }),
            )
            .includes(
                includes?.applyValue({ args0 ->
                    args0.map({ args0 ->
                        args0.let({ args0 ->
                            args0.toJava()
                        })
                    })
                }),
            )
            .isolationRequired(isolationRequired?.applyValue({ args0 -> args0 }))
            .name(name?.applyValue({ args0 -> args0 }))
            .precedence(precedence?.applyValue({ args0 -> args0 }))
            .purposeJustificationPrompt(purposeJustificationPrompt?.applyValue({ args0 -> args0 }))
            .purposeJustificationRequired(purposeJustificationRequired?.applyValue({ args0 -> args0 }))
            .requires(
                requires?.applyValue({ args0 ->
                    args0.map({ args0 ->
                        args0.let({ args0 ->
                            args0.toJava()
                        })
                    })
                }),
            )
            .sessionDuration(sessionDuration?.applyValue({ args0 -> args0 }))
            .zoneId(zoneId?.applyValue({ args0 -> args0 })).build()
}

/**
 * Builder for [AccessPolicyArgs].
 */
@PulumiTagMarker
public class AccessPolicyArgsBuilder internal constructor() {
    private var accountId: Output? = null

    private var applicationId: Output? = null

    private var approvalGroups: Output>? = null

    private var approvalRequired: Output? = null

    private var decision: Output? = null

    private var excludes: Output>? = null

    private var includes: Output>? = null

    private var isolationRequired: Output? = null

    private var name: Output? = null

    private var precedence: Output? = null

    private var purposeJustificationPrompt: Output? = null

    private var purposeJustificationRequired: Output? = null

    private var requires: Output>? = null

    private var sessionDuration: Output? = null

    private var zoneId: Output? = null

    /**
     * @param value The account identifier to target for the resource. Conflicts with `zone_id`. **Modifying this attribute will force creation of a new resource.**
     */
    @JvmName("mwqavlffpbnswkmi")
    public suspend fun accountId(`value`: Output) {
        this.accountId = value
    }

    /**
     * @param value The ID of the application the policy is associated with. Required when using `precedence`. **Modifying this attribute will force creation of a new resource.**
     */
    @JvmName("qsyqyxlpukjfgybv")
    public suspend fun applicationId(`value`: Output) {
        this.applicationId = value
    }

    /**
     * @param value
     */
    @JvmName("ppdqooedydbsdjrh")
    public suspend fun approvalGroups(`value`: Output>) {
        this.approvalGroups = value
    }

    @JvmName("eguvuabbherupqfc")
    public suspend fun approvalGroups(vararg values: Output) {
        this.approvalGroups = Output.all(values.asList())
    }

    /**
     * @param values
     */
    @JvmName("pkianswyaftaolrp")
    public suspend fun approvalGroups(values: List>) {
        this.approvalGroups = Output.all(values)
    }

    /**
     * @param value
     */
    @JvmName("qxamdrjltcymmbtx")
    public suspend fun approvalRequired(`value`: Output) {
        this.approvalRequired = value
    }

    /**
     * @param value Defines the action Access will take if the policy matches the user. Available values: `allow`, `deny`, `non_identity`, `bypass`.
     */
    @JvmName("qyntkjrjnukwcesr")
    public suspend fun decision(`value`: Output) {
        this.decision = value
    }

    /**
     * @param value A series of access conditions, see Access Groups.
     */
    @JvmName("efmgfcbyebosdraa")
    public suspend fun excludes(`value`: Output>) {
        this.excludes = value
    }

    @JvmName("wfakpadgrmweaaxu")
    public suspend fun excludes(vararg values: Output) {
        this.excludes = Output.all(values.asList())
    }

    /**
     * @param values A series of access conditions, see Access Groups.
     */
    @JvmName("nvpesotyfauotkxh")
    public suspend fun excludes(values: List>) {
        this.excludes = Output.all(values)
    }

    /**
     * @param value A series of access conditions, see Access Groups.
     */
    @JvmName("becwvouwvxqkukuu")
    public suspend fun includes(`value`: Output>) {
        this.includes = value
    }

    @JvmName("ejtvbsemhtlywiaw")
    public suspend fun includes(vararg values: Output) {
        this.includes = Output.all(values.asList())
    }

    /**
     * @param values A series of access conditions, see Access Groups.
     */
    @JvmName("jofpapcxpwyuufdw")
    public suspend fun includes(values: List>) {
        this.includes = Output.all(values)
    }

    /**
     * @param value Require this application to be served in an isolated browser for users matching this policy.
     */
    @JvmName("idxkerrbcnwdlenq")
    public suspend fun isolationRequired(`value`: Output) {
        this.isolationRequired = value
    }

    /**
     * @param value Friendly name of the Access Policy.
     */
    @JvmName("xocimitomvhgglmf")
    public suspend fun name(`value`: Output) {
        this.name = value
    }

    /**
     * @param value The unique precedence for policies on a single application. Required when using `application_id`.
     */
    @JvmName("ergjstwqldnalsrn")
    public suspend fun precedence(`value`: Output) {
        this.precedence = value
    }

    /**
     * @param value The prompt to display to the user for a justification for accessing the resource. Required when using `purpose_justification_required`.
     */
    @JvmName("nrgfxukbgrasexvs")
    public suspend fun purposeJustificationPrompt(`value`: Output) {
        this.purposeJustificationPrompt = value
    }

    /**
     * @param value Whether to prompt the user for a justification for accessing the resource.
     */
    @JvmName("laabchhnuskovdrr")
    public suspend fun purposeJustificationRequired(`value`: Output) {
        this.purposeJustificationRequired = value
    }

    /**
     * @param value A series of access conditions, see Access Groups.
     */
    @JvmName("yvwrvkbrxnhsvqbo")
    public suspend fun requires(`value`: Output>) {
        this.requires = value
    }

    @JvmName("ibbepnuprghmjirn")
    public suspend fun requires(vararg values: Output) {
        this.requires = Output.all(values.asList())
    }

    /**
     * @param values A series of access conditions, see Access Groups.
     */
    @JvmName("tagpohtixiaujbed")
    public suspend fun requires(values: List>) {
        this.requires = Output.all(values)
    }

    /**
     * @param value How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`.
     */
    @JvmName("oicomumykpuhmqau")
    public suspend fun sessionDuration(`value`: Output) {
        this.sessionDuration = value
    }

    /**
     * @param value The zone identifier to target for the resource. Conflicts with `account_id`. **Modifying this attribute will force creation of a new resource.**
     */
    @JvmName("wmhbmsxxinwmmugn")
    public suspend fun zoneId(`value`: Output) {
        this.zoneId = value
    }

    /**
     * @param value The account identifier to target for the resource. Conflicts with `zone_id`. **Modifying this attribute will force creation of a new resource.**
     */
    @JvmName("esiuwxqgdvdsufnn")
    public suspend fun accountId(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.accountId = mapped
    }

    /**
     * @param value The ID of the application the policy is associated with. Required when using `precedence`. **Modifying this attribute will force creation of a new resource.**
     */
    @JvmName("yeraunjjolfkywnh")
    public suspend fun applicationId(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.applicationId = mapped
    }

    /**
     * @param value
     */
    @JvmName("jpjkcstiesvchsmp")
    public suspend fun approvalGroups(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.approvalGroups = mapped
    }

    /**
     * @param argument
     */
    @JvmName("blwjcinsdlknuuuh")
    public suspend fun approvalGroups(argument: List Unit>) {
        val toBeMapped = argument.toList().map {
            AccessPolicyApprovalGroupArgsBuilder().applySuspend {
                it()
            }.build()
        }
        val mapped = of(toBeMapped)
        this.approvalGroups = mapped
    }

    /**
     * @param argument
     */
    @JvmName("yjqcvvmfxfcuyikq")
    public suspend fun approvalGroups(vararg argument: suspend AccessPolicyApprovalGroupArgsBuilder.() -> Unit) {
        val toBeMapped = argument.toList().map {
            AccessPolicyApprovalGroupArgsBuilder().applySuspend {
                it()
            }.build()
        }
        val mapped = of(toBeMapped)
        this.approvalGroups = mapped
    }

    /**
     * @param argument
     */
    @JvmName("blsedpkpxxgmuoeg")
    public suspend fun approvalGroups(argument: suspend AccessPolicyApprovalGroupArgsBuilder.() -> Unit) {
        val toBeMapped = listOf(
            AccessPolicyApprovalGroupArgsBuilder().applySuspend {
                argument()
            }.build(),
        )
        val mapped = of(toBeMapped)
        this.approvalGroups = mapped
    }

    /**
     * @param values
     */
    @JvmName("dktiicdsehdxsosl")
    public suspend fun approvalGroups(vararg values: AccessPolicyApprovalGroupArgs) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.approvalGroups = mapped
    }

    /**
     * @param value
     */
    @JvmName("ljlsaxoqntbqrrhp")
    public suspend fun approvalRequired(`value`: Boolean?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.approvalRequired = mapped
    }

    /**
     * @param value Defines the action Access will take if the policy matches the user. Available values: `allow`, `deny`, `non_identity`, `bypass`.
     */
    @JvmName("kevrqgbnsfnoadck")
    public suspend fun decision(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.decision = mapped
    }

    /**
     * @param value A series of access conditions, see Access Groups.
     */
    @JvmName("josxhchcksrumtem")
    public suspend fun excludes(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.excludes = mapped
    }

    /**
     * @param argument A series of access conditions, see Access Groups.
     */
    @JvmName("jmrxlwgnvjjcqwnc")
    public suspend fun excludes(argument: List Unit>) {
        val toBeMapped = argument.toList().map {
            AccessPolicyExcludeArgsBuilder().applySuspend {
                it()
            }.build()
        }
        val mapped = of(toBeMapped)
        this.excludes = mapped
    }

    /**
     * @param argument A series of access conditions, see Access Groups.
     */
    @JvmName("ihfuhkamjkkpydak")
    public suspend fun excludes(vararg argument: suspend AccessPolicyExcludeArgsBuilder.() -> Unit) {
        val toBeMapped = argument.toList().map {
            AccessPolicyExcludeArgsBuilder().applySuspend {
                it()
            }.build()
        }
        val mapped = of(toBeMapped)
        this.excludes = mapped
    }

    /**
     * @param argument A series of access conditions, see Access Groups.
     */
    @JvmName("ytaxwdasytvalwav")
    public suspend fun excludes(argument: suspend AccessPolicyExcludeArgsBuilder.() -> Unit) {
        val toBeMapped = listOf(AccessPolicyExcludeArgsBuilder().applySuspend { argument() }.build())
        val mapped = of(toBeMapped)
        this.excludes = mapped
    }

    /**
     * @param values A series of access conditions, see Access Groups.
     */
    @JvmName("bajxlkfuehfhilcy")
    public suspend fun excludes(vararg values: AccessPolicyExcludeArgs) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.excludes = mapped
    }

    /**
     * @param value A series of access conditions, see Access Groups.
     */
    @JvmName("mlxdohywsvnkjmgc")
    public suspend fun includes(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.includes = mapped
    }

    /**
     * @param argument A series of access conditions, see Access Groups.
     */
    @JvmName("qngwwhtpptdhjbss")
    public suspend fun includes(argument: List Unit>) {
        val toBeMapped = argument.toList().map {
            AccessPolicyIncludeArgsBuilder().applySuspend {
                it()
            }.build()
        }
        val mapped = of(toBeMapped)
        this.includes = mapped
    }

    /**
     * @param argument A series of access conditions, see Access Groups.
     */
    @JvmName("bjmkmujpktcreyns")
    public suspend fun includes(vararg argument: suspend AccessPolicyIncludeArgsBuilder.() -> Unit) {
        val toBeMapped = argument.toList().map {
            AccessPolicyIncludeArgsBuilder().applySuspend {
                it()
            }.build()
        }
        val mapped = of(toBeMapped)
        this.includes = mapped
    }

    /**
     * @param argument A series of access conditions, see Access Groups.
     */
    @JvmName("dikhdrfdwunptjqp")
    public suspend fun includes(argument: suspend AccessPolicyIncludeArgsBuilder.() -> Unit) {
        val toBeMapped = listOf(AccessPolicyIncludeArgsBuilder().applySuspend { argument() }.build())
        val mapped = of(toBeMapped)
        this.includes = mapped
    }

    /**
     * @param values A series of access conditions, see Access Groups.
     */
    @JvmName("oirsoqhjcggxfagc")
    public suspend fun includes(vararg values: AccessPolicyIncludeArgs) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.includes = mapped
    }

    /**
     * @param value Require this application to be served in an isolated browser for users matching this policy.
     */
    @JvmName("bjmegmhkvhvieeiw")
    public suspend fun isolationRequired(`value`: Boolean?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.isolationRequired = mapped
    }

    /**
     * @param value Friendly name of the Access Policy.
     */
    @JvmName("hgpmcpqrcrqpiuur")
    public suspend fun name(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.name = mapped
    }

    /**
     * @param value The unique precedence for policies on a single application. Required when using `application_id`.
     */
    @JvmName("cmlriyctxndvxisq")
    public suspend fun precedence(`value`: Int?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.precedence = mapped
    }

    /**
     * @param value The prompt to display to the user for a justification for accessing the resource. Required when using `purpose_justification_required`.
     */
    @JvmName("vlluyrffwllikuej")
    public suspend fun purposeJustificationPrompt(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.purposeJustificationPrompt = mapped
    }

    /**
     * @param value Whether to prompt the user for a justification for accessing the resource.
     */
    @JvmName("hylfigxabkmvkdqy")
    public suspend fun purposeJustificationRequired(`value`: Boolean?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.purposeJustificationRequired = mapped
    }

    /**
     * @param value A series of access conditions, see Access Groups.
     */
    @JvmName("psmsivpvwcaigqlw")
    public suspend fun requires(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.requires = mapped
    }

    /**
     * @param argument A series of access conditions, see Access Groups.
     */
    @JvmName("qiijnnmhlyviubpy")
    public suspend fun requires(argument: List Unit>) {
        val toBeMapped = argument.toList().map {
            AccessPolicyRequireArgsBuilder().applySuspend {
                it()
            }.build()
        }
        val mapped = of(toBeMapped)
        this.requires = mapped
    }

    /**
     * @param argument A series of access conditions, see Access Groups.
     */
    @JvmName("lnjcwymqpbpnkehh")
    public suspend fun requires(vararg argument: suspend AccessPolicyRequireArgsBuilder.() -> Unit) {
        val toBeMapped = argument.toList().map {
            AccessPolicyRequireArgsBuilder().applySuspend {
                it()
            }.build()
        }
        val mapped = of(toBeMapped)
        this.requires = mapped
    }

    /**
     * @param argument A series of access conditions, see Access Groups.
     */
    @JvmName("rinkycqpqhwlmmyf")
    public suspend fun requires(argument: suspend AccessPolicyRequireArgsBuilder.() -> Unit) {
        val toBeMapped = listOf(AccessPolicyRequireArgsBuilder().applySuspend { argument() }.build())
        val mapped = of(toBeMapped)
        this.requires = mapped
    }

    /**
     * @param values A series of access conditions, see Access Groups.
     */
    @JvmName("ipuwfnbvtasegotx")
    public suspend fun requires(vararg values: AccessPolicyRequireArgs) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.requires = mapped
    }

    /**
     * @param value How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`.
     */
    @JvmName("abqrjormgkvpfwvp")
    public suspend fun sessionDuration(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.sessionDuration = mapped
    }

    /**
     * @param value The zone identifier to target for the resource. Conflicts with `account_id`. **Modifying this attribute will force creation of a new resource.**
     */
    @JvmName("sksdfxnhigqpxgab")
    public suspend fun zoneId(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.zoneId = mapped
    }

    internal fun build(): AccessPolicyArgs = AccessPolicyArgs(
        accountId = accountId,
        applicationId = applicationId,
        approvalGroups = approvalGroups,
        approvalRequired = approvalRequired,
        decision = decision,
        excludes = excludes,
        includes = includes,
        isolationRequired = isolationRequired,
        name = name,
        precedence = precedence,
        purposeJustificationPrompt = purposeJustificationPrompt,
        purposeJustificationRequired = purposeJustificationRequired,
        requires = requires,
        sessionDuration = sessionDuration,
        zoneId = zoneId,
    )
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy