com.pulumi.cloudflare.kotlin.AccessRule.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-cloudflare-kotlin Show documentation
Show all versions of pulumi-cloudflare-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.cloudflare.kotlin
import com.pulumi.cloudflare.kotlin.outputs.AccessRuleConfiguration
import com.pulumi.cloudflare.kotlin.outputs.AccessRuleConfiguration.Companion.toKotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
/**
* Builder for [AccessRule].
*/
@PulumiTagMarker
public class AccessRuleResourceBuilder internal constructor() {
public var name: String? = null
public var args: AccessRuleArgs = AccessRuleArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend AccessRuleArgsBuilder.() -> Unit) {
val builder = AccessRuleArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): AccessRule {
val builtJavaResource = com.pulumi.cloudflare.AccessRule(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return AccessRule(builtJavaResource)
}
}
/**
* Provides a Cloudflare IP Firewall Access Rule resource. Access
* control can be applied on basis of IP addresses, IP ranges, AS
* numbers or countries.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as cloudflare from "@pulumi/cloudflare";
* // Challenge requests coming from known Tor exit nodes.
* const torExitNodes = new cloudflare.AccessRule("tor_exit_nodes", {
* zoneId: "0da42c8d2132a9ddaf714f9e7c920711",
* notes: "Requests coming from known Tor exit nodes",
* mode: "challenge",
* configuration: {
* target: "country",
* value: "T1",
* },
* });
* // Allowlist requests coming from Antarctica, but only for single zone.
* const antarctica = new cloudflare.AccessRule("antarctica", {
* zoneId: "0da42c8d2132a9ddaf714f9e7c920711",
* notes: "Requests coming from Antarctica",
* mode: "whitelist",
* configuration: {
* target: "country",
* value: "AQ",
* },
* });
* const config = new pulumi.Config();
* const myOffice = config.getObject>("myOffice") || [
* "192.0.2.0/24",
* "198.51.100.0/24",
* "2001:db8::/56",
* ];
* const officeNetwork: cloudflare.AccessRule[] = [];
* for (const range = {value: 0}; range.value < myOffice.length; range.value++) {
* officeNetwork.push(new cloudflare.AccessRule(`office_network-${range.value}`, {
* accountId: "f037e56e89293a057740de681ac9abbe",
* notes: "Requests coming from office network",
* mode: "whitelist",
* configuration: {
* target: "ip_range",
* value: myOffice[range.value],
* },
* }));
* }
* ```
* ```python
* import pulumi
* import pulumi_cloudflare as cloudflare
* # Challenge requests coming from known Tor exit nodes.
* tor_exit_nodes = cloudflare.AccessRule("tor_exit_nodes",
* zone_id="0da42c8d2132a9ddaf714f9e7c920711",
* notes="Requests coming from known Tor exit nodes",
* mode="challenge",
* configuration={
* "target": "country",
* "value": "T1",
* })
* # Allowlist requests coming from Antarctica, but only for single zone.
* antarctica = cloudflare.AccessRule("antarctica",
* zone_id="0da42c8d2132a9ddaf714f9e7c920711",
* notes="Requests coming from Antarctica",
* mode="whitelist",
* configuration={
* "target": "country",
* "value": "AQ",
* })
* config = pulumi.Config()
* my_office = config.get_object("myOffice")
* if my_office is None:
* my_office = [
* "192.0.2.0/24",
* "198.51.100.0/24",
* "2001:db8::/56",
* ]
* office_network = []
* for range in [{"value": i} for i in range(0, len(my_office))]:
* office_network.append(cloudflare.AccessRule(f"office_network-{range['value']}",
* account_id="f037e56e89293a057740de681ac9abbe",
* notes="Requests coming from office network",
* mode="whitelist",
* configuration={
* "target": "ip_range",
* "value": my_office[range["value"]],
* }))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Cloudflare = Pulumi.Cloudflare;
* return await Deployment.RunAsync(() =>
* {
* // Challenge requests coming from known Tor exit nodes.
* var torExitNodes = new Cloudflare.AccessRule("tor_exit_nodes", new()
* {
* ZoneId = "0da42c8d2132a9ddaf714f9e7c920711",
* Notes = "Requests coming from known Tor exit nodes",
* Mode = "challenge",
* Configuration = new Cloudflare.Inputs.AccessRuleConfigurationArgs
* {
* Target = "country",
* Value = "T1",
* },
* });
* // Allowlist requests coming from Antarctica, but only for single zone.
* var antarctica = new Cloudflare.AccessRule("antarctica", new()
* {
* ZoneId = "0da42c8d2132a9ddaf714f9e7c920711",
* Notes = "Requests coming from Antarctica",
* Mode = "whitelist",
* Configuration = new Cloudflare.Inputs.AccessRuleConfigurationArgs
* {
* Target = "country",
* Value = "AQ",
* },
* });
* var config = new Config();
* var myOffice = config.GetObject("myOffice") ?? new[]
* {
* "192.0.2.0/24",
* "198.51.100.0/24",
* "2001:db8::/56",
* };
* var officeNetwork = new List();
* for (var rangeIndex = 0; rangeIndex < myOffice.Length; rangeIndex++)
* {
* var range = new { Value = rangeIndex };
* officeNetwork.Add(new Cloudflare.AccessRule($"office_network-{range.Value}", new()
* {
* AccountId = "f037e56e89293a057740de681ac9abbe",
* Notes = "Requests coming from office network",
* Mode = "whitelist",
* Configuration = new Cloudflare.Inputs.AccessRuleConfigurationArgs
* {
* Target = "ip_range",
* Value = myOffice[range.Value],
* },
* }));
* }
* });
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.cloudflare.AccessRule;
* import com.pulumi.cloudflare.AccessRuleArgs;
* import com.pulumi.cloudflare.inputs.AccessRuleConfigurationArgs;
* import com.pulumi.codegen.internal.KeyedValue;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var config = ctx.config();
* // Challenge requests coming from known Tor exit nodes.
* var torExitNodes = new AccessRule("torExitNodes", AccessRuleArgs.builder()
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .notes("Requests coming from known Tor exit nodes")
* .mode("challenge")
* .configuration(AccessRuleConfigurationArgs.builder()
* .target("country")
* .value("T1")
* .build())
* .build());
* // Allowlist requests coming from Antarctica, but only for single zone.
* var antarctica = new AccessRule("antarctica", AccessRuleArgs.builder()
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .notes("Requests coming from Antarctica")
* .mode("whitelist")
* .configuration(AccessRuleConfigurationArgs.builder()
* .target("country")
* .value("AQ")
* .build())
* .build());
* final var myOffice = config.get("myOffice").orElse(
* "192.0.2.0/24",
* "198.51.100.0/24",
* "2001:db8::/56");
* for (var i = 0; i < myOffice.length(); i++) {
* new AccessRule("officeNetwork-" + i, AccessRuleArgs.builder()
* .accountId("f037e56e89293a057740de681ac9abbe")
* .notes("Requests coming from office network")
* .mode("whitelist")
* .configuration(AccessRuleConfigurationArgs.builder()
* .target("ip_range")
* .value(myOffice[range.value()])
* .build())
* .build());
* }
* }
* }
* ```
* ```yaml
* configuration:
* # Allowlist office's network IP ranges on all account zones (or other lists of
* # resources).
* myOffice:
* type: list(string)
* default:
* - 192.0.2.0/24
* - 198.51.100.0/24
* - 2001:db8::/56
* resources:
* # Challenge requests coming from known Tor exit nodes.
* torExitNodes:
* type: cloudflare:AccessRule
* name: tor_exit_nodes
* properties:
* zoneId: 0da42c8d2132a9ddaf714f9e7c920711
* notes: Requests coming from known Tor exit nodes
* mode: challenge
* configuration:
* target: country
* value: T1
* # Allowlist requests coming from Antarctica, but only for single zone.
* antarctica:
* type: cloudflare:AccessRule
* properties:
* zoneId: 0da42c8d2132a9ddaf714f9e7c920711
* notes: Requests coming from Antarctica
* mode: whitelist
* configuration:
* target: country
* value: AQ
* officeNetwork:
* type: cloudflare:AccessRule
* name: office_network
* properties:
* accountId: f037e56e89293a057740de681ac9abbe
* notes: Requests coming from office network
* mode: whitelist
* configuration:
* target: ip_range
* value:
* fn::select:
* - ${range.value}
* - ${myOffice}
* options: {}
* ```
*
* ## Import
* User level access rule import.
* ```sh
* $ pulumi import cloudflare:index/accessRule:AccessRule default user//
* ```
* Zone level access rule import.
* ```sh
* $ pulumi import cloudflare:index/accessRule:AccessRule default zone//
* ```
* Account level access rule import.
* ```sh
* $ pulumi import cloudflare:index/accessRule:AccessRule default account//
* ```
*/
public class AccessRule internal constructor(
override val javaResource: com.pulumi.cloudflare.AccessRule,
) : KotlinCustomResource(javaResource, AccessRuleMapper) {
/**
* The account identifier to target for the resource. Must provide only one of `account_id`, `zone_id`. **Modifying this attribute will force creation of a new resource.**
*/
public val accountId: Output
get() = javaResource.accountId().applyValue({ args0 -> args0 })
/**
* Rule configuration to apply to a matched request. **Modifying this attribute will force creation of a new resource.**
*/
public val configuration: Output
get() = javaResource.configuration().applyValue({ args0 ->
args0.let({ args0 ->
toKotlin(args0)
})
})
/**
* The action to apply to a matched request. Available values: `block`, `challenge`, `whitelist`, `js_challenge`, `managed_challenge`.
*/
public val mode: Output
get() = javaResource.mode().applyValue({ args0 -> args0 })
/**
* A personal note about the rule. Typically used as a reminder or explanation for the rule.
*/
public val notes: Output?
get() = javaResource.notes().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* The zone identifier to target for the resource. Must provide only one of `account_id`, `zone_id`. **Modifying this attribute will force creation of a new resource.**
*/
public val zoneId: Output
get() = javaResource.zoneId().applyValue({ args0 -> args0 })
}
public object AccessRuleMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.cloudflare.AccessRule::class == javaResource::class
override fun map(javaResource: Resource): AccessRule = AccessRule(
javaResource as
com.pulumi.cloudflare.AccessRule,
)
}
/**
* @see [AccessRule].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [AccessRule].
*/
public suspend fun accessRule(name: String, block: suspend AccessRuleResourceBuilder.() -> Unit): AccessRule {
val builder = AccessRuleResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [AccessRule].
* @param name The _unique_ name of the resulting resource.
*/
public fun accessRule(name: String): AccessRule {
val builder = AccessRuleResourceBuilder()
builder.name(name)
return builder.build()
}