com.pulumi.cloudflare.kotlin.Ruleset.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-cloudflare-kotlin Show documentation
Show all versions of pulumi-cloudflare-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.cloudflare.kotlin
import com.pulumi.cloudflare.kotlin.outputs.RulesetRule
import com.pulumi.cloudflare.kotlin.outputs.RulesetRule.Companion.toKotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
/**
* Builder for [Ruleset].
*/
@PulumiTagMarker
public class RulesetResourceBuilder internal constructor() {
public var name: String? = null
public var args: RulesetArgs = RulesetArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend RulesetArgsBuilder.() -> Unit) {
val builder = RulesetArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): Ruleset {
val builtJavaResource = com.pulumi.cloudflare.Ruleset(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return Ruleset(builtJavaResource)
}
}
/**
* The [Cloudflare Ruleset Engine](https://developers.cloudflare.com/firewall/cf-rulesets)
* allows you to create and deploy rules and rulesets.
* The engine syntax, inspired by the Wireshark Display Filter language, is the
* same syntax used in custom Firewall Rules. Cloudflare uses the Ruleset Engine
* in different products, allowing you to configure several products using the same
* basic syntax.
* ## Example Usage
*
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.cloudflare.Ruleset;
* import com.pulumi.cloudflare.RulesetArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersOverridesArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriPathArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriQueryArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleRatelimitArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersOriginArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersEdgeTtlArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersBrowserTtlArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersServeStaleArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyUserArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyHostArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromListArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromValueArgs;
* import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromValueTargetUrlArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* // Magic Transit
* var magicTransitExample = new Ruleset("magicTransitExample", RulesetArgs.builder()
* .accountId("f037e56e89293a057740de681ac9abbe")
* .name("account magic transit")
* .description("example magic transit ruleset description")
* .kind("root")
* .phase("magic_transit")
* .rules(RulesetRuleArgs.builder()
* .action("allow")
* .expression("tcp.dstport in { 32768..65535 }")
* .description("Allow TCP Ephemeral Ports")
* .build())
* .build());
* // Zone-level WAF Managed Ruleset
* var zoneLevelManagedWaf = new Ruleset("zoneLevelManagedWaf", RulesetArgs.builder()
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .name("managed WAF")
* .description("managed WAF ruleset description")
* .kind("zone")
* .phase("http_request_firewall_managed")
* .rules(RulesetRuleArgs.builder()
* .action("execute")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .id("efb7b8c949ac4650a09736fc376e9aee")
* .build())
* .expression("(http.host eq \"example.host.com\")")
* .description("Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset")
* .enabled(true)
* .build())
* .build());
* // Zone-level WAF with tag-based overrides
* var zoneLevelManagedWafWithCategoryBasedOverrides = new Ruleset("zoneLevelManagedWafWithCategoryBasedOverrides", RulesetArgs.builder()
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .name("managed WAF with tag-based overrides")
* .description("managed WAF with tag-based overrides ruleset description")
* .kind("zone")
* .phase("http_request_firewall_managed")
* .rules(RulesetRuleArgs.builder()
* .action("execute")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .id("efb7b8c949ac4650a09736fc376e9aee")
* .overrides(RulesetRuleActionParametersOverridesArgs.builder()
* .categories(
* RulesetRuleActionParametersOverridesCategoryArgs.builder()
* .category("wordpress")
* .action("block")
* .enabled(true)
* .build(),
* RulesetRuleActionParametersOverridesCategoryArgs.builder()
* .category("joomla")
* .action("block")
* .enabled(true)
* .build())
* .build())
* .build())
* .expression("(http.host eq \"example.host.com\")")
* .description("overrides to only enable wordpress rules to block")
* .enabled(false)
* .build())
* .build());
* // Rewrite the URI path component to a static path
* var transformUriRulePath = new Ruleset("transformUriRulePath", RulesetArgs.builder()
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .name("transform rule for URI path")
* .description("change the URI path to a new static path")
* .kind("zone")
* .phase("http_request_transform")
* .rules(RulesetRuleArgs.builder()
* .action("rewrite")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .uri(RulesetRuleActionParametersUriArgs.builder()
* .path(RulesetRuleActionParametersUriPathArgs.builder()
* .value("/my-new-route")
* .build())
* .build())
* .build())
* .expression("(http.host eq \"example.com\" and http.request.uri.path eq \"/old-path\")")
* .description("example URI path transform rule")
* .enabled(true)
* .build())
* .build());
* // Rewrite the URI query component to a static query
* var transformUriRuleQuery = new Ruleset("transformUriRuleQuery", RulesetArgs.builder()
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .name("transform rule for URI query parameter")
* .description("change the URI query to a new static query")
* .kind("zone")
* .phase("http_request_transform")
* .rules(RulesetRuleArgs.builder()
* .action("rewrite")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .uri(RulesetRuleActionParametersUriArgs.builder()
* .query(RulesetRuleActionParametersUriQueryArgs.builder()
* .value("old=new_again")
* .build())
* .build())
* .build())
* .expression("(http.host eq \"example.host.com\")")
* .description("URI transformation query example")
* .enabled(true)
* .build())
* .build());
* // Rewrite HTTP headers to a modified values
* var transformUriHttpHeaders = new Ruleset("transformUriHttpHeaders", RulesetArgs.builder()
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .name("transform rule for HTTP headers")
* .description("modify HTTP headers before reaching origin")
* .kind("zone")
* .phase("http_request_late_transform")
* .rules(RulesetRuleArgs.builder()
* .action("rewrite")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .headers(
* RulesetRuleActionParametersHeaderArgs.builder()
* .name("example-http-header-1")
* .operation("set")
* .value("my-http-header-value-1")
* .build(),
* RulesetRuleActionParametersHeaderArgs.builder()
* .name("example-http-header-2")
* .operation("set")
* .expression("cf.zone.name")
* .build(),
* RulesetRuleActionParametersHeaderArgs.builder()
* .name("example-http-header-3-to-remove")
* .operation("remove")
* .build())
* .build())
* .expression("(http.host eq \"example.host.com\")")
* .description("example request header transform rule")
* .enabled(false)
* .build())
* .build());
* // HTTP rate limit for an API route
* var rateLimitingExample = new Ruleset("rateLimitingExample", RulesetArgs.builder()
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .name("restrict API requests count")
* .description("apply HTTP rate limiting for a route")
* .kind("zone")
* .phase("http_ratelimit")
* .rules(RulesetRuleArgs.builder()
* .action("block")
* .ratelimit(RulesetRuleRatelimitArgs.builder()
* .characteristics(
* "cf.colo.id",
* "ip.src")
* .period(60)
* .requestsPerPeriod(100)
* .mitigationTimeout(600)
* .build())
* .expression("(http.request.uri.path matches \"^/api/\")")
* .description("rate limit for API")
* .enabled(true)
* .build())
* .build());
* // Change origin for an API route
* var httpOriginExample = new Ruleset("httpOriginExample", RulesetArgs.builder()
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .name("Change to some origin")
* .description("Change origin for a route")
* .kind("zone")
* .phase("http_request_origin")
* .rules(RulesetRuleArgs.builder()
* .action("route")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .hostHeader("some.host")
* .origin(RulesetRuleActionParametersOriginArgs.builder()
* .host("some.host")
* .port(80)
* .build())
* .build())
* .expression("(http.request.uri.path matches \"^/api/\")")
* .description("change origin to some.host")
* .enabled(true)
* .build())
* .build());
* // Custom fields logging
* var customFieldsLoggingExample = new Ruleset("customFieldsLoggingExample", RulesetArgs.builder()
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .name("log custom fields")
* .description("add custom fields to logging")
* .kind("zone")
* .phase("http_log_custom_fields")
* .rules(RulesetRuleArgs.builder()
* .action("log_custom_field")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .requestFields(
* "content-type",
* "x-forwarded-for",
* "host")
* .responseFields(
* "server",
* "content-type",
* "allow")
* .cookieFields(
* "__ga",
* "accountNumber",
* "__cfruid")
* .build())
* .expression("(http.host eq \"example.host.com\")")
* .description("log custom fields rule")
* .enabled(true)
* .build())
* .build());
* // Custom cache keys + settings
* var cacheSettingsExample = new Ruleset("cacheSettingsExample", RulesetArgs.builder()
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .name("set cache settings")
* .description("set cache settings for the request")
* .kind("zone")
* .phase("http_request_cache_settings")
* .rules(RulesetRuleArgs.builder()
* .action("set_cache_settings")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .edgeTtl(RulesetRuleActionParametersEdgeTtlArgs.builder()
* .mode("override_origin")
* .default_(60)
* .statusCodeTtls(
* RulesetRuleActionParametersEdgeTtlStatusCodeTtlArgs.builder()
* .statusCode(200)
* .value(50)
* .build(),
* RulesetRuleActionParametersEdgeTtlStatusCodeTtlArgs.builder()
* .statusCodeRange(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
* .value(30)
* .build())
* .build())
* .browserTtl(RulesetRuleActionParametersBrowserTtlArgs.builder()
* .mode("respect_origin")
* .build())
* .serveStale(RulesetRuleActionParametersServeStaleArgs.builder()
* .disableStaleWhileUpdating(true)
* .build())
* .respectStrongEtags(true)
* .cacheKey(RulesetRuleActionParametersCacheKeyArgs.builder()
* .ignoreQueryStringsOrder(false)
* .cacheDeceptionArmor(true)
* .customKey(RulesetRuleActionParametersCacheKeyCustomKeyArgs.builder()
* .queryString(RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs.builder()
* .excludes("*")
* .build())
* .header(RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs.builder()
* .includes(
* "habc",
* "hdef")
* .checkPresences(
* "habc_t",
* "hdef_t")
* .excludeOrigin(true)
* .contains(Map.ofEntries(
* Map.entry("accept",
* "image/web",
* "image/png"),
* Map.entry("accept-encoding",
* "br",
* "zstd"),
* Map.entry("some-header",
* "some-value",
* "some-other-value")
* ))
* .build())
* .cookie(RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs.builder()
* .includes(
* "cabc",
* "cdef")
* .checkPresences(
* "cabc_t",
* "cdef_t")
* .build())
* .user(RulesetRuleActionParametersCacheKeyCustomKeyUserArgs.builder()
* .deviceType(true)
* .geo(false)
* .build())
* .host(RulesetRuleActionParametersCacheKeyCustomKeyHostArgs.builder()
* .resolved(true)
* .build())
* .build())
* .build())
* .originErrorPagePassthru(false)
* .build())
* .expression("(http.host eq \"example.host.com\")")
* .description("set cache settings rule")
* .enabled(true)
* .build())
* .build());
* // Redirects based on a List resource
* var redirectFromListExample = new Ruleset("redirectFromListExample", RulesetArgs.builder()
* .accountId("f037e56e89293a057740de681ac9abbe")
* .name("redirects")
* .description("Redirect ruleset")
* .kind("root")
* .phase("http_request_redirect")
* .rules(RulesetRuleArgs.builder()
* .action("redirect")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .fromList(RulesetRuleActionParametersFromListArgs.builder()
* .name("redirect_list")
* .key("http.request.full_uri")
* .build())
* .build())
* .expression("http.request.full_uri in $redirect_list")
* .description("Apply redirects from redirect_list")
* .enabled(true)
* .build())
* .build());
* // Dynamic Redirects from value resource
* var redirectFromValueExample = new Ruleset("redirectFromValueExample", RulesetArgs.builder()
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .name("redirects")
* .description("Redirect ruleset")
* .kind("zone")
* .phase("http_request_dynamic_redirect")
* .rules(RulesetRuleArgs.builder()
* .action("redirect")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .fromValue(RulesetRuleActionParametersFromValueArgs.builder()
* .statusCode(301)
* .targetUrl(RulesetRuleActionParametersFromValueTargetUrlArgs.builder()
* .value("some_host.com")
* .build())
* .preserveQueryString(true)
* .build())
* .build())
* .expression("(http.request.uri.path matches \"^/api/\")")
* .description("Apply redirect from value")
* .enabled(true)
* .build())
* .build());
* // Serve some custom error response
* var httpCustomErrorExample = new Ruleset("httpCustomErrorExample", RulesetArgs.builder()
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .name("Serve some error response")
* .description("Serve some error response")
* .kind("zone")
* .phase("http_custom_errors")
* .rules(RulesetRuleArgs.builder()
* .action("serve_error")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .content("some error html")
* .contentType("text/html")
* .statusCode("530")
* .build())
* .expression("(http.request.uri.path matches \"^/api/\")")
* .description("serve some error response")
* .enabled(true)
* .build())
* .build());
* // Set Configuration Rules for an API route
* var httpConfigRulesExample = new Ruleset("httpConfigRulesExample", RulesetArgs.builder()
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .name("set config rules")
* .description("set config rules for request")
* .kind("zone")
* .phase("http_config_settings")
* .rules(RulesetRuleArgs.builder()
* .action("set_config")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .emailObfuscation(true)
* .bic(true)
* .build())
* .expression("(http.request.uri.path matches \"^/api/\")")
* .description("set config rules for matching request")
* .enabled(true)
* .build())
* .build());
* // Set compress algorithm for response.
* var responseCompressBrotliHtml = new Ruleset("responseCompressBrotliHtml", RulesetArgs.builder()
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .name("Brotli response compression for HTML")
* .description("Response compression ruleset")
* .kind("zone")
* .phase("http_response_compression")
* .rules(RulesetRuleArgs.builder()
* .action("compress_response")
* .actionParameters(RulesetRuleActionParametersArgs.builder()
* .algorithms(
* RulesetRuleActionParametersAlgorithmArgs.builder()
* .name("brotli")
* .build(),
* RulesetRuleActionParametersAlgorithmArgs.builder()
* .name("auto")
* .build())
* .build())
* .expression("http.response.content_type.media_type == \"text/html\"")
* .description("Prefer brotli compression for HTML")
* .enabled(true)
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* # Magic Transit
* magicTransitExample:
* type: cloudflare:Ruleset
* name: magic_transit_example
* properties:
* accountId: f037e56e89293a057740de681ac9abbe
* name: account magic transit
* description: example magic transit ruleset description
* kind: root
* phase: magic_transit
* rules:
* - action: allow
* expression: tcp.dstport in { 32768..65535 }
* description: Allow TCP Ephemeral Ports
* # Zone-level WAF Managed Ruleset
* zoneLevelManagedWaf:
* type: cloudflare:Ruleset
* name: zone_level_managed_waf
* properties:
* zoneId: 0da42c8d2132a9ddaf714f9e7c920711
* name: managed WAF
* description: managed WAF ruleset description
* kind: zone
* phase: http_request_firewall_managed
* rules:
* - action: execute
* actionParameters:
* id: efb7b8c949ac4650a09736fc376e9aee
* expression: (http.host eq "example.host.com")
* description: Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset
* enabled: true
* # Zone-level WAF with tag-based overrides
* zoneLevelManagedWafWithCategoryBasedOverrides:
* type: cloudflare:Ruleset
* name: zone_level_managed_waf_with_category_based_overrides
* properties:
* zoneId: 0da42c8d2132a9ddaf714f9e7c920711
* name: managed WAF with tag-based overrides
* description: managed WAF with tag-based overrides ruleset description
* kind: zone
* phase: http_request_firewall_managed
* rules:
* - action: execute
* actionParameters:
* id: efb7b8c949ac4650a09736fc376e9aee
* overrides:
* categories:
* - category: wordpress
* action: block
* enabled: true
* - category: joomla
* action: block
* enabled: true
* expression: (http.host eq "example.host.com")
* description: overrides to only enable wordpress rules to block
* enabled: false
* # Rewrite the URI path component to a static path
* transformUriRulePath:
* type: cloudflare:Ruleset
* name: transform_uri_rule_path
* properties:
* zoneId: 0da42c8d2132a9ddaf714f9e7c920711
* name: transform rule for URI path
* description: change the URI path to a new static path
* kind: zone
* phase: http_request_transform
* rules:
* - action: rewrite
* actionParameters:
* uri:
* path:
* value: /my-new-route
* expression: (http.host eq "example.com" and http.request.uri.path eq "/old-path")
* description: example URI path transform rule
* enabled: true
* # Rewrite the URI query component to a static query
* transformUriRuleQuery:
* type: cloudflare:Ruleset
* name: transform_uri_rule_query
* properties:
* zoneId: 0da42c8d2132a9ddaf714f9e7c920711
* name: transform rule for URI query parameter
* description: change the URI query to a new static query
* kind: zone
* phase: http_request_transform
* rules:
* - action: rewrite
* actionParameters:
* uri:
* query:
* value: old=new_again
* expression: (http.host eq "example.host.com")
* description: URI transformation query example
* enabled: true
* # Rewrite HTTP headers to a modified values
* transformUriHttpHeaders:
* type: cloudflare:Ruleset
* name: transform_uri_http_headers
* properties:
* zoneId: 0da42c8d2132a9ddaf714f9e7c920711
* name: transform rule for HTTP headers
* description: modify HTTP headers before reaching origin
* kind: zone
* phase: http_request_late_transform
* rules:
* - action: rewrite
* actionParameters:
* headers:
* - name: example-http-header-1
* operation: set
* value: my-http-header-value-1
* - name: example-http-header-2
* operation: set
* expression: cf.zone.name
* - name: example-http-header-3-to-remove
* operation: remove
* expression: (http.host eq "example.host.com")
* description: example request header transform rule
* enabled: false
* # HTTP rate limit for an API route
* rateLimitingExample:
* type: cloudflare:Ruleset
* name: rate_limiting_example
* properties:
* zoneId: 0da42c8d2132a9ddaf714f9e7c920711
* name: restrict API requests count
* description: apply HTTP rate limiting for a route
* kind: zone
* phase: http_ratelimit
* rules:
* - action: block
* ratelimit:
* characteristics:
* - cf.colo.id
* - ip.src
* period: 60
* requestsPerPeriod: 100
* mitigationTimeout: 600
* expression: (http.request.uri.path matches "^/api/")
* description: rate limit for API
* enabled: true
* # Change origin for an API route
* httpOriginExample:
* type: cloudflare:Ruleset
* name: http_origin_example
* properties:
* zoneId: 0da42c8d2132a9ddaf714f9e7c920711
* name: Change to some origin
* description: Change origin for a route
* kind: zone
* phase: http_request_origin
* rules:
* - action: route
* actionParameters:
* hostHeader: some.host
* origin:
* host: some.host
* port: 80
* expression: (http.request.uri.path matches "^/api/")
* description: change origin to some.host
* enabled: true
* # Custom fields logging
* customFieldsLoggingExample:
* type: cloudflare:Ruleset
* name: custom_fields_logging_example
* properties:
* zoneId: 0da42c8d2132a9ddaf714f9e7c920711
* name: log custom fields
* description: add custom fields to logging
* kind: zone
* phase: http_log_custom_fields
* rules:
* - action: log_custom_field
* actionParameters:
* requestFields:
* - content-type
* - x-forwarded-for
* - host
* responseFields:
* - server
* - content-type
* - allow
* cookieFields:
* - __ga
* - accountNumber
* - __cfruid
* expression: (http.host eq "example.host.com")
* description: log custom fields rule
* enabled: true
* # Custom cache keys + settings
* cacheSettingsExample:
* type: cloudflare:Ruleset
* name: cache_settings_example
* properties:
* zoneId: 0da42c8d2132a9ddaf714f9e7c920711
* name: set cache settings
* description: set cache settings for the request
* kind: zone
* phase: http_request_cache_settings
* rules:
* - action: set_cache_settings
* actionParameters:
* edgeTtl:
* mode: override_origin
* default: 60
* statusCodeTtls:
* - statusCode: 200
* value: 50
* - statusCodeRange:
* from: 201
* to: 300
* value: 30
* browserTtl:
* mode: respect_origin
* serveStale:
* disableStaleWhileUpdating: true
* respectStrongEtags: true
* cacheKey:
* ignoreQueryStringsOrder: false
* cacheDeceptionArmor: true
* customKey:
* queryString:
* excludes:
* - '*'
* header:
* includes:
* - habc
* - hdef
* checkPresences:
* - habc_t
* - hdef_t
* excludeOrigin: true
* contains:
* accept:
* - image/web
* - image/png
* accept-encoding:
* - br
* - zstd
* some-header:
* - some-value
* - some-other-value
* cookie:
* includes:
* - cabc
* - cdef
* checkPresences:
* - cabc_t
* - cdef_t
* user:
* deviceType: true
* geo: false
* host:
* resolved: true
* originErrorPagePassthru: false
* expression: (http.host eq "example.host.com")
* description: set cache settings rule
* enabled: true
* # Redirects based on a List resource
* redirectFromListExample:
* type: cloudflare:Ruleset
* name: redirect_from_list_example
* properties:
* accountId: f037e56e89293a057740de681ac9abbe
* name: redirects
* description: Redirect ruleset
* kind: root
* phase: http_request_redirect
* rules:
* - action: redirect
* actionParameters:
* fromList:
* name: redirect_list
* key: http.request.full_uri
* expression: http.request.full_uri in $redirect_list
* description: Apply redirects from redirect_list
* enabled: true
* # Dynamic Redirects from value resource
* redirectFromValueExample:
* type: cloudflare:Ruleset
* name: redirect_from_value_example
* properties:
* zoneId: 0da42c8d2132a9ddaf714f9e7c920711
* name: redirects
* description: Redirect ruleset
* kind: zone
* phase: http_request_dynamic_redirect
* rules:
* - action: redirect
* actionParameters:
* fromValue:
* statusCode: 301
* targetUrl:
* value: some_host.com
* preserveQueryString: true
* expression: (http.request.uri.path matches "^/api/")
* description: Apply redirect from value
* enabled: true
* # Serve some custom error response
* httpCustomErrorExample:
* type: cloudflare:Ruleset
* name: http_custom_error_example
* properties:
* zoneId: 0da42c8d2132a9ddaf714f9e7c920711
* name: Serve some error response
* description: Serve some error response
* kind: zone
* phase: http_custom_errors
* rules:
* - action: serve_error
* actionParameters:
* content: some error html
* contentType: text/html
* statusCode: '530'
* expression: (http.request.uri.path matches "^/api/")
* description: serve some error response
* enabled: true
* # Set Configuration Rules for an API route
* httpConfigRulesExample:
* type: cloudflare:Ruleset
* name: http_config_rules_example
* properties:
* zoneId: 0da42c8d2132a9ddaf714f9e7c920711
* name: set config rules
* description: set config rules for request
* kind: zone
* phase: http_config_settings
* rules:
* - action: set_config
* actionParameters:
* emailObfuscation: true
* bic: true
* expression: (http.request.uri.path matches "^/api/")
* description: set config rules for matching request
* enabled: true
* # Set compress algorithm for response.
* responseCompressBrotliHtml:
* type: cloudflare:Ruleset
* name: response_compress_brotli_html
* properties:
* zoneId: 0da42c8d2132a9ddaf714f9e7c920711
* name: Brotli response compression for HTML
* description: Response compression ruleset
* kind: zone
* phase: http_response_compression
* rules:
* - action: compress_response
* actionParameters:
* algorithms:
* - name: brotli
* - name: auto
* expression: http.response.content_type.media_type == "text/html"
* description: Prefer brotli compression for HTML
* enabled: true
* ```
*
* ## Import
* Import an account scoped Ruleset configuration.
* ```sh
* $ pulumi import cloudflare:index/ruleset:Ruleset example account//
* ```
* Import a zone scoped Ruleset configuration.
* ```sh
* $ pulumi import cloudflare:index/ruleset:Ruleset example zone//
* ```
*/
public class Ruleset internal constructor(
override val javaResource: com.pulumi.cloudflare.Ruleset,
) : KotlinCustomResource(javaResource, RulesetMapper) {
/**
* The account identifier to target for the resource.
*/
public val accountId: Output?
get() = javaResource.accountId().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Brief summary of the ruleset and its intended use.
*/
public val description: Output
get() = javaResource.description().applyValue({ args0 -> args0 })
/**
* Type of Ruleset to create. Available values: `custom`, `managed`, `root`, `zone`.
*/
public val kind: Output
get() = javaResource.kind().applyValue({ args0 -> args0 })
/**
* Name of the ruleset.
*/
public val name: Output
get() = javaResource.name().applyValue({ args0 -> args0 })
/**
* Point in the request/response lifecycle where the ruleset will be created. Available values: `ddos_l4`, `ddos_l7`, `http_config_settings`, `http_custom_errors`, `http_log_custom_fields`, `http_ratelimit`, `http_request_cache_settings`, `http_request_dynamic_redirect`, `http_request_firewall_custom`, `http_request_firewall_managed`, `http_request_late_transform`, `http_request_origin`, `http_request_redirect`, `http_request_sanitize`, `http_request_sbfm`, `http_request_transform`, `http_response_compression`, `http_response_firewall_managed`, `http_response_headers_transform`, `magic_transit`.
*/
public val phase: Output
get() = javaResource.phase().applyValue({ args0 -> args0 })
/**
* List of rules to apply to the ruleset.
*/
public val rules: Output>?
get() = javaResource.rules().applyValue({ args0 ->
args0.map({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> toKotlin(args0) })
})
}).orElse(null)
})
/**
* The zone identifier to target for the resource.
*/
public val zoneId: Output?
get() = javaResource.zoneId().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
}
public object RulesetMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.cloudflare.Ruleset::class == javaResource::class
override fun map(javaResource: Resource): Ruleset = Ruleset(
javaResource as
com.pulumi.cloudflare.Ruleset,
)
}
/**
* @see [Ruleset].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [Ruleset].
*/
public suspend fun ruleset(name: String, block: suspend RulesetResourceBuilder.() -> Unit): Ruleset {
val builder = RulesetResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [Ruleset].
* @param name The _unique_ name of the resulting resource.
*/
public fun ruleset(name: String): Ruleset {
val builder = RulesetResourceBuilder()
builder.name(name)
return builder.build()
}