All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.cloudflare.kotlin.Ruleset.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 5.40.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.cloudflare.kotlin

import com.pulumi.cloudflare.kotlin.outputs.RulesetRule
import com.pulumi.cloudflare.kotlin.outputs.RulesetRule.Companion.toKotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List

/**
 * Builder for [Ruleset].
 */
@PulumiTagMarker
public class RulesetResourceBuilder internal constructor() {
    public var name: String? = null

    public var args: RulesetArgs = RulesetArgs()

    public var opts: CustomResourceOptions = CustomResourceOptions()

    /**
     * @param name The _unique_ name of the resulting resource.
     */
    public fun name(`value`: String) {
        this.name = value
    }

    /**
     * @param block The arguments to use to populate this resource's properties.
     */
    public suspend fun args(block: suspend RulesetArgsBuilder.() -> Unit) {
        val builder = RulesetArgsBuilder()
        block(builder)
        this.args = builder.build()
    }

    /**
     * @param block A bag of options that control this resource's behavior.
     */
    public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
        this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
    }

    internal fun build(): Ruleset {
        val builtJavaResource = com.pulumi.cloudflare.Ruleset(
            this.name,
            this.args.toJava(),
            this.opts.toJava(),
        )
        return Ruleset(builtJavaResource)
    }
}

/**
 * The [Cloudflare Ruleset Engine](https://developers.cloudflare.com/firewall/cf-rulesets)
 * allows you to create and deploy rules and rulesets.
 * The engine syntax, inspired by the Wireshark Display Filter language, is the
 * same syntax used in custom Firewall Rules. Cloudflare uses the Ruleset Engine
 * in different products, allowing you to configure several products using the same
 * basic syntax.
 * ## Example Usage
 * 
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.cloudflare.Ruleset;
 * import com.pulumi.cloudflare.RulesetArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersOverridesArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriPathArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersUriQueryArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleRatelimitArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersOriginArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersEdgeTtlArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersBrowserTtlArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersServeStaleArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyUserArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersCacheKeyCustomKeyHostArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromListArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromValueArgs;
 * import com.pulumi.cloudflare.inputs.RulesetRuleActionParametersFromValueTargetUrlArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         // Magic Transit
 *         var magicTransitExample = new Ruleset("magicTransitExample", RulesetArgs.builder()
 *             .accountId("f037e56e89293a057740de681ac9abbe")
 *             .name("account magic transit")
 *             .description("example magic transit ruleset description")
 *             .kind("root")
 *             .phase("magic_transit")
 *             .rules(RulesetRuleArgs.builder()
 *                 .action("allow")
 *                 .expression("tcp.dstport in { 32768..65535 }")
 *                 .description("Allow TCP Ephemeral Ports")
 *                 .build())
 *             .build());
 *         // Zone-level WAF Managed Ruleset
 *         var zoneLevelManagedWaf = new Ruleset("zoneLevelManagedWaf", RulesetArgs.builder()
 *             .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
 *             .name("managed WAF")
 *             .description("managed WAF ruleset description")
 *             .kind("zone")
 *             .phase("http_request_firewall_managed")
 *             .rules(RulesetRuleArgs.builder()
 *                 .action("execute")
 *                 .actionParameters(RulesetRuleActionParametersArgs.builder()
 *                     .id("efb7b8c949ac4650a09736fc376e9aee")
 *                     .build())
 *                 .expression("(http.host eq \"example.host.com\")")
 *                 .description("Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset")
 *                 .enabled(true)
 *                 .build())
 *             .build());
 *         // Zone-level WAF with tag-based overrides
 *         var zoneLevelManagedWafWithCategoryBasedOverrides = new Ruleset("zoneLevelManagedWafWithCategoryBasedOverrides", RulesetArgs.builder()
 *             .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
 *             .name("managed WAF with tag-based overrides")
 *             .description("managed WAF with tag-based overrides ruleset description")
 *             .kind("zone")
 *             .phase("http_request_firewall_managed")
 *             .rules(RulesetRuleArgs.builder()
 *                 .action("execute")
 *                 .actionParameters(RulesetRuleActionParametersArgs.builder()
 *                     .id("efb7b8c949ac4650a09736fc376e9aee")
 *                     .overrides(RulesetRuleActionParametersOverridesArgs.builder()
 *                         .categories(
 *                             RulesetRuleActionParametersOverridesCategoryArgs.builder()
 *                                 .category("wordpress")
 *                                 .action("block")
 *                                 .enabled(true)
 *                                 .build(),
 *                             RulesetRuleActionParametersOverridesCategoryArgs.builder()
 *                                 .category("joomla")
 *                                 .action("block")
 *                                 .enabled(true)
 *                                 .build())
 *                         .build())
 *                     .build())
 *                 .expression("(http.host eq \"example.host.com\")")
 *                 .description("overrides to only enable wordpress rules to block")
 *                 .enabled(false)
 *                 .build())
 *             .build());
 *         // Rewrite the URI path component to a static path
 *         var transformUriRulePath = new Ruleset("transformUriRulePath", RulesetArgs.builder()
 *             .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
 *             .name("transform rule for URI path")
 *             .description("change the URI path to a new static path")
 *             .kind("zone")
 *             .phase("http_request_transform")
 *             .rules(RulesetRuleArgs.builder()
 *                 .action("rewrite")
 *                 .actionParameters(RulesetRuleActionParametersArgs.builder()
 *                     .uri(RulesetRuleActionParametersUriArgs.builder()
 *                         .path(RulesetRuleActionParametersUriPathArgs.builder()
 *                             .value("/my-new-route")
 *                             .build())
 *                         .build())
 *                     .build())
 *                 .expression("(http.host eq \"example.com\" and http.request.uri.path eq \"/old-path\")")
 *                 .description("example URI path transform rule")
 *                 .enabled(true)
 *                 .build())
 *             .build());
 *         // Rewrite the URI query component to a static query
 *         var transformUriRuleQuery = new Ruleset("transformUriRuleQuery", RulesetArgs.builder()
 *             .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
 *             .name("transform rule for URI query parameter")
 *             .description("change the URI query to a new static query")
 *             .kind("zone")
 *             .phase("http_request_transform")
 *             .rules(RulesetRuleArgs.builder()
 *                 .action("rewrite")
 *                 .actionParameters(RulesetRuleActionParametersArgs.builder()
 *                     .uri(RulesetRuleActionParametersUriArgs.builder()
 *                         .query(RulesetRuleActionParametersUriQueryArgs.builder()
 *                             .value("old=new_again")
 *                             .build())
 *                         .build())
 *                     .build())
 *                 .expression("(http.host eq \"example.host.com\")")
 *                 .description("URI transformation query example")
 *                 .enabled(true)
 *                 .build())
 *             .build());
 *         // Rewrite HTTP headers to a modified values
 *         var transformUriHttpHeaders = new Ruleset("transformUriHttpHeaders", RulesetArgs.builder()
 *             .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
 *             .name("transform rule for HTTP headers")
 *             .description("modify HTTP headers before reaching origin")
 *             .kind("zone")
 *             .phase("http_request_late_transform")
 *             .rules(RulesetRuleArgs.builder()
 *                 .action("rewrite")
 *                 .actionParameters(RulesetRuleActionParametersArgs.builder()
 *                     .headers(
 *                         RulesetRuleActionParametersHeaderArgs.builder()
 *                             .name("example-http-header-1")
 *                             .operation("set")
 *                             .value("my-http-header-value-1")
 *                             .build(),
 *                         RulesetRuleActionParametersHeaderArgs.builder()
 *                             .name("example-http-header-2")
 *                             .operation("set")
 *                             .expression("cf.zone.name")
 *                             .build(),
 *                         RulesetRuleActionParametersHeaderArgs.builder()
 *                             .name("example-http-header-3-to-remove")
 *                             .operation("remove")
 *                             .build())
 *                     .build())
 *                 .expression("(http.host eq \"example.host.com\")")
 *                 .description("example request header transform rule")
 *                 .enabled(false)
 *                 .build())
 *             .build());
 *         // HTTP rate limit for an API route
 *         var rateLimitingExample = new Ruleset("rateLimitingExample", RulesetArgs.builder()
 *             .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
 *             .name("restrict API requests count")
 *             .description("apply HTTP rate limiting for a route")
 *             .kind("zone")
 *             .phase("http_ratelimit")
 *             .rules(RulesetRuleArgs.builder()
 *                 .action("block")
 *                 .ratelimit(RulesetRuleRatelimitArgs.builder()
 *                     .characteristics(
 *                         "cf.colo.id",
 *                         "ip.src")
 *                     .period(60)
 *                     .requestsPerPeriod(100)
 *                     .mitigationTimeout(600)
 *                     .build())
 *                 .expression("(http.request.uri.path matches \"^/api/\")")
 *                 .description("rate limit for API")
 *                 .enabled(true)
 *                 .build())
 *             .build());
 *         // Change origin for an API route
 *         var httpOriginExample = new Ruleset("httpOriginExample", RulesetArgs.builder()
 *             .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
 *             .name("Change to some origin")
 *             .description("Change origin for a route")
 *             .kind("zone")
 *             .phase("http_request_origin")
 *             .rules(RulesetRuleArgs.builder()
 *                 .action("route")
 *                 .actionParameters(RulesetRuleActionParametersArgs.builder()
 *                     .hostHeader("some.host")
 *                     .origin(RulesetRuleActionParametersOriginArgs.builder()
 *                         .host("some.host")
 *                         .port(80)
 *                         .build())
 *                     .build())
 *                 .expression("(http.request.uri.path matches \"^/api/\")")
 *                 .description("change origin to some.host")
 *                 .enabled(true)
 *                 .build())
 *             .build());
 *         // Custom fields logging
 *         var customFieldsLoggingExample = new Ruleset("customFieldsLoggingExample", RulesetArgs.builder()
 *             .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
 *             .name("log custom fields")
 *             .description("add custom fields to logging")
 *             .kind("zone")
 *             .phase("http_log_custom_fields")
 *             .rules(RulesetRuleArgs.builder()
 *                 .action("log_custom_field")
 *                 .actionParameters(RulesetRuleActionParametersArgs.builder()
 *                     .requestFields(
 *                         "content-type",
 *                         "x-forwarded-for",
 *                         "host")
 *                     .responseFields(
 *                         "server",
 *                         "content-type",
 *                         "allow")
 *                     .cookieFields(
 *                         "__ga",
 *                         "accountNumber",
 *                         "__cfruid")
 *                     .build())
 *                 .expression("(http.host eq \"example.host.com\")")
 *                 .description("log custom fields rule")
 *                 .enabled(true)
 *                 .build())
 *             .build());
 *         // Custom cache keys + settings
 *         var cacheSettingsExample = new Ruleset("cacheSettingsExample", RulesetArgs.builder()
 *             .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
 *             .name("set cache settings")
 *             .description("set cache settings for the request")
 *             .kind("zone")
 *             .phase("http_request_cache_settings")
 *             .rules(RulesetRuleArgs.builder()
 *                 .action("set_cache_settings")
 *                 .actionParameters(RulesetRuleActionParametersArgs.builder()
 *                     .edgeTtl(RulesetRuleActionParametersEdgeTtlArgs.builder()
 *                         .mode("override_origin")
 *                         .default_(60)
 *                         .statusCodeTtls(
 *                             RulesetRuleActionParametersEdgeTtlStatusCodeTtlArgs.builder()
 *                                 .statusCode(200)
 *                                 .value(50)
 *                                 .build(),
 *                             RulesetRuleActionParametersEdgeTtlStatusCodeTtlArgs.builder()
 *                                 .statusCodeRange(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
 *                                 .value(30)
 *                                 .build())
 *                         .build())
 *                     .browserTtl(RulesetRuleActionParametersBrowserTtlArgs.builder()
 *                         .mode("respect_origin")
 *                         .build())
 *                     .serveStale(RulesetRuleActionParametersServeStaleArgs.builder()
 *                         .disableStaleWhileUpdating(true)
 *                         .build())
 *                     .respectStrongEtags(true)
 *                     .cacheKey(RulesetRuleActionParametersCacheKeyArgs.builder()
 *                         .ignoreQueryStringsOrder(false)
 *                         .cacheDeceptionArmor(true)
 *                         .customKey(RulesetRuleActionParametersCacheKeyCustomKeyArgs.builder()
 *                             .queryString(RulesetRuleActionParametersCacheKeyCustomKeyQueryStringArgs.builder()
 *                                 .excludes("*")
 *                                 .build())
 *                             .header(RulesetRuleActionParametersCacheKeyCustomKeyHeaderArgs.builder()
 *                                 .includes(
 *                                     "habc",
 *                                     "hdef")
 *                                 .checkPresences(
 *                                     "habc_t",
 *                                     "hdef_t")
 *                                 .excludeOrigin(true)
 *                                 .contains(Map.ofEntries(
 *                                     Map.entry("accept",
 *                                         "image/web",
 *                                         "image/png"),
 *                                     Map.entry("accept-encoding",
 *                                         "br",
 *                                         "zstd"),
 *                                     Map.entry("some-header",
 *                                         "some-value",
 *                                         "some-other-value")
 *                                 ))
 *                                 .build())
 *                             .cookie(RulesetRuleActionParametersCacheKeyCustomKeyCookieArgs.builder()
 *                                 .includes(
 *                                     "cabc",
 *                                     "cdef")
 *                                 .checkPresences(
 *                                     "cabc_t",
 *                                     "cdef_t")
 *                                 .build())
 *                             .user(RulesetRuleActionParametersCacheKeyCustomKeyUserArgs.builder()
 *                                 .deviceType(true)
 *                                 .geo(false)
 *                                 .build())
 *                             .host(RulesetRuleActionParametersCacheKeyCustomKeyHostArgs.builder()
 *                                 .resolved(true)
 *                                 .build())
 *                             .build())
 *                         .build())
 *                     .originErrorPagePassthru(false)
 *                     .build())
 *                 .expression("(http.host eq \"example.host.com\")")
 *                 .description("set cache settings rule")
 *                 .enabled(true)
 *                 .build())
 *             .build());
 *         // Redirects based on a List resource
 *         var redirectFromListExample = new Ruleset("redirectFromListExample", RulesetArgs.builder()
 *             .accountId("f037e56e89293a057740de681ac9abbe")
 *             .name("redirects")
 *             .description("Redirect ruleset")
 *             .kind("root")
 *             .phase("http_request_redirect")
 *             .rules(RulesetRuleArgs.builder()
 *                 .action("redirect")
 *                 .actionParameters(RulesetRuleActionParametersArgs.builder()
 *                     .fromList(RulesetRuleActionParametersFromListArgs.builder()
 *                         .name("redirect_list")
 *                         .key("http.request.full_uri")
 *                         .build())
 *                     .build())
 *                 .expression("http.request.full_uri in $redirect_list")
 *                 .description("Apply redirects from redirect_list")
 *                 .enabled(true)
 *                 .build())
 *             .build());
 *         // Dynamic Redirects from value resource
 *         var redirectFromValueExample = new Ruleset("redirectFromValueExample", RulesetArgs.builder()
 *             .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
 *             .name("redirects")
 *             .description("Redirect ruleset")
 *             .kind("zone")
 *             .phase("http_request_dynamic_redirect")
 *             .rules(RulesetRuleArgs.builder()
 *                 .action("redirect")
 *                 .actionParameters(RulesetRuleActionParametersArgs.builder()
 *                     .fromValue(RulesetRuleActionParametersFromValueArgs.builder()
 *                         .statusCode(301)
 *                         .targetUrl(RulesetRuleActionParametersFromValueTargetUrlArgs.builder()
 *                             .value("some_host.com")
 *                             .build())
 *                         .preserveQueryString(true)
 *                         .build())
 *                     .build())
 *                 .expression("(http.request.uri.path matches \"^/api/\")")
 *                 .description("Apply redirect from value")
 *                 .enabled(true)
 *                 .build())
 *             .build());
 *         // Serve some custom error response
 *         var httpCustomErrorExample = new Ruleset("httpCustomErrorExample", RulesetArgs.builder()
 *             .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
 *             .name("Serve some error response")
 *             .description("Serve some error response")
 *             .kind("zone")
 *             .phase("http_custom_errors")
 *             .rules(RulesetRuleArgs.builder()
 *                 .action("serve_error")
 *                 .actionParameters(RulesetRuleActionParametersArgs.builder()
 *                     .content("some error html")
 *                     .contentType("text/html")
 *                     .statusCode("530")
 *                     .build())
 *                 .expression("(http.request.uri.path matches \"^/api/\")")
 *                 .description("serve some error response")
 *                 .enabled(true)
 *                 .build())
 *             .build());
 *         // Set Configuration Rules for an API route
 *         var httpConfigRulesExample = new Ruleset("httpConfigRulesExample", RulesetArgs.builder()
 *             .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
 *             .name("set config rules")
 *             .description("set config rules for request")
 *             .kind("zone")
 *             .phase("http_config_settings")
 *             .rules(RulesetRuleArgs.builder()
 *                 .action("set_config")
 *                 .actionParameters(RulesetRuleActionParametersArgs.builder()
 *                     .emailObfuscation(true)
 *                     .bic(true)
 *                     .build())
 *                 .expression("(http.request.uri.path matches \"^/api/\")")
 *                 .description("set config rules for matching request")
 *                 .enabled(true)
 *                 .build())
 *             .build());
 *         // Set compress algorithm for response.
 *         var responseCompressBrotliHtml = new Ruleset("responseCompressBrotliHtml", RulesetArgs.builder()
 *             .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
 *             .name("Brotli response compression for HTML")
 *             .description("Response compression ruleset")
 *             .kind("zone")
 *             .phase("http_response_compression")
 *             .rules(RulesetRuleArgs.builder()
 *                 .action("compress_response")
 *                 .actionParameters(RulesetRuleActionParametersArgs.builder()
 *                     .algorithms(
 *                         RulesetRuleActionParametersAlgorithmArgs.builder()
 *                             .name("brotli")
 *                             .build(),
 *                         RulesetRuleActionParametersAlgorithmArgs.builder()
 *                             .name("auto")
 *                             .build())
 *                     .build())
 *                 .expression("http.response.content_type.media_type == \"text/html\"")
 *                 .description("Prefer brotli compression for HTML")
 *                 .enabled(true)
 *                 .build())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   # Magic Transit
 *   magicTransitExample:
 *     type: cloudflare:Ruleset
 *     name: magic_transit_example
 *     properties:
 *       accountId: f037e56e89293a057740de681ac9abbe
 *       name: account magic transit
 *       description: example magic transit ruleset description
 *       kind: root
 *       phase: magic_transit
 *       rules:
 *         - action: allow
 *           expression: tcp.dstport in { 32768..65535 }
 *           description: Allow TCP Ephemeral Ports
 *   # Zone-level WAF Managed Ruleset
 *   zoneLevelManagedWaf:
 *     type: cloudflare:Ruleset
 *     name: zone_level_managed_waf
 *     properties:
 *       zoneId: 0da42c8d2132a9ddaf714f9e7c920711
 *       name: managed WAF
 *       description: managed WAF ruleset description
 *       kind: zone
 *       phase: http_request_firewall_managed
 *       rules:
 *         - action: execute
 *           actionParameters:
 *             id: efb7b8c949ac4650a09736fc376e9aee
 *           expression: (http.host eq "example.host.com")
 *           description: Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset
 *           enabled: true
 *   # Zone-level WAF with tag-based overrides
 *   zoneLevelManagedWafWithCategoryBasedOverrides:
 *     type: cloudflare:Ruleset
 *     name: zone_level_managed_waf_with_category_based_overrides
 *     properties:
 *       zoneId: 0da42c8d2132a9ddaf714f9e7c920711
 *       name: managed WAF with tag-based overrides
 *       description: managed WAF with tag-based overrides ruleset description
 *       kind: zone
 *       phase: http_request_firewall_managed
 *       rules:
 *         - action: execute
 *           actionParameters:
 *             id: efb7b8c949ac4650a09736fc376e9aee
 *             overrides:
 *               categories:
 *                 - category: wordpress
 *                   action: block
 *                   enabled: true
 *                 - category: joomla
 *                   action: block
 *                   enabled: true
 *           expression: (http.host eq "example.host.com")
 *           description: overrides to only enable wordpress rules to block
 *           enabled: false
 *   # Rewrite the URI path component to a static path
 *   transformUriRulePath:
 *     type: cloudflare:Ruleset
 *     name: transform_uri_rule_path
 *     properties:
 *       zoneId: 0da42c8d2132a9ddaf714f9e7c920711
 *       name: transform rule for URI path
 *       description: change the URI path to a new static path
 *       kind: zone
 *       phase: http_request_transform
 *       rules:
 *         - action: rewrite
 *           actionParameters:
 *             uri:
 *               path:
 *                 value: /my-new-route
 *           expression: (http.host eq "example.com" and http.request.uri.path eq "/old-path")
 *           description: example URI path transform rule
 *           enabled: true
 *   # Rewrite the URI query component to a static query
 *   transformUriRuleQuery:
 *     type: cloudflare:Ruleset
 *     name: transform_uri_rule_query
 *     properties:
 *       zoneId: 0da42c8d2132a9ddaf714f9e7c920711
 *       name: transform rule for URI query parameter
 *       description: change the URI query to a new static query
 *       kind: zone
 *       phase: http_request_transform
 *       rules:
 *         - action: rewrite
 *           actionParameters:
 *             uri:
 *               query:
 *                 value: old=new_again
 *           expression: (http.host eq "example.host.com")
 *           description: URI transformation query example
 *           enabled: true
 *   # Rewrite HTTP headers to a modified values
 *   transformUriHttpHeaders:
 *     type: cloudflare:Ruleset
 *     name: transform_uri_http_headers
 *     properties:
 *       zoneId: 0da42c8d2132a9ddaf714f9e7c920711
 *       name: transform rule for HTTP headers
 *       description: modify HTTP headers before reaching origin
 *       kind: zone
 *       phase: http_request_late_transform
 *       rules:
 *         - action: rewrite
 *           actionParameters:
 *             headers:
 *               - name: example-http-header-1
 *                 operation: set
 *                 value: my-http-header-value-1
 *               - name: example-http-header-2
 *                 operation: set
 *                 expression: cf.zone.name
 *               - name: example-http-header-3-to-remove
 *                 operation: remove
 *           expression: (http.host eq "example.host.com")
 *           description: example request header transform rule
 *           enabled: false
 *   # HTTP rate limit for an API route
 *   rateLimitingExample:
 *     type: cloudflare:Ruleset
 *     name: rate_limiting_example
 *     properties:
 *       zoneId: 0da42c8d2132a9ddaf714f9e7c920711
 *       name: restrict API requests count
 *       description: apply HTTP rate limiting for a route
 *       kind: zone
 *       phase: http_ratelimit
 *       rules:
 *         - action: block
 *           ratelimit:
 *             characteristics:
 *               - cf.colo.id
 *               - ip.src
 *             period: 60
 *             requestsPerPeriod: 100
 *             mitigationTimeout: 600
 *           expression: (http.request.uri.path matches "^/api/")
 *           description: rate limit for API
 *           enabled: true
 *   # Change origin for an API route
 *   httpOriginExample:
 *     type: cloudflare:Ruleset
 *     name: http_origin_example
 *     properties:
 *       zoneId: 0da42c8d2132a9ddaf714f9e7c920711
 *       name: Change to some origin
 *       description: Change origin for a route
 *       kind: zone
 *       phase: http_request_origin
 *       rules:
 *         - action: route
 *           actionParameters:
 *             hostHeader: some.host
 *             origin:
 *               host: some.host
 *               port: 80
 *           expression: (http.request.uri.path matches "^/api/")
 *           description: change origin to some.host
 *           enabled: true
 *   # Custom fields logging
 *   customFieldsLoggingExample:
 *     type: cloudflare:Ruleset
 *     name: custom_fields_logging_example
 *     properties:
 *       zoneId: 0da42c8d2132a9ddaf714f9e7c920711
 *       name: log custom fields
 *       description: add custom fields to logging
 *       kind: zone
 *       phase: http_log_custom_fields
 *       rules:
 *         - action: log_custom_field
 *           actionParameters:
 *             requestFields:
 *               - content-type
 *               - x-forwarded-for
 *               - host
 *             responseFields:
 *               - server
 *               - content-type
 *               - allow
 *             cookieFields:
 *               - __ga
 *               - accountNumber
 *               - __cfruid
 *           expression: (http.host eq "example.host.com")
 *           description: log custom fields rule
 *           enabled: true
 *   # Custom cache keys + settings
 *   cacheSettingsExample:
 *     type: cloudflare:Ruleset
 *     name: cache_settings_example
 *     properties:
 *       zoneId: 0da42c8d2132a9ddaf714f9e7c920711
 *       name: set cache settings
 *       description: set cache settings for the request
 *       kind: zone
 *       phase: http_request_cache_settings
 *       rules:
 *         - action: set_cache_settings
 *           actionParameters:
 *             edgeTtl:
 *               mode: override_origin
 *               default: 60
 *               statusCodeTtls:
 *                 - statusCode: 200
 *                   value: 50
 *                 - statusCodeRange:
 *                     from: 201
 *                     to: 300
 *                   value: 30
 *             browserTtl:
 *               mode: respect_origin
 *             serveStale:
 *               disableStaleWhileUpdating: true
 *             respectStrongEtags: true
 *             cacheKey:
 *               ignoreQueryStringsOrder: false
 *               cacheDeceptionArmor: true
 *               customKey:
 *                 queryString:
 *                   excludes:
 *                     - '*'
 *                 header:
 *                   includes:
 *                     - habc
 *                     - hdef
 *                   checkPresences:
 *                     - habc_t
 *                     - hdef_t
 *                   excludeOrigin: true
 *                   contains:
 *                     accept:
 *                       - image/web
 *                       - image/png
 *                     accept-encoding:
 *                       - br
 *                       - zstd
 *                     some-header:
 *                       - some-value
 *                       - some-other-value
 *                 cookie:
 *                   includes:
 *                     - cabc
 *                     - cdef
 *                   checkPresences:
 *                     - cabc_t
 *                     - cdef_t
 *                 user:
 *                   deviceType: true
 *                   geo: false
 *                 host:
 *                   resolved: true
 *             originErrorPagePassthru: false
 *           expression: (http.host eq "example.host.com")
 *           description: set cache settings rule
 *           enabled: true
 *   # Redirects based on a List resource
 *   redirectFromListExample:
 *     type: cloudflare:Ruleset
 *     name: redirect_from_list_example
 *     properties:
 *       accountId: f037e56e89293a057740de681ac9abbe
 *       name: redirects
 *       description: Redirect ruleset
 *       kind: root
 *       phase: http_request_redirect
 *       rules:
 *         - action: redirect
 *           actionParameters:
 *             fromList:
 *               name: redirect_list
 *               key: http.request.full_uri
 *           expression: http.request.full_uri in $redirect_list
 *           description: Apply redirects from redirect_list
 *           enabled: true
 *   # Dynamic Redirects from value resource
 *   redirectFromValueExample:
 *     type: cloudflare:Ruleset
 *     name: redirect_from_value_example
 *     properties:
 *       zoneId: 0da42c8d2132a9ddaf714f9e7c920711
 *       name: redirects
 *       description: Redirect ruleset
 *       kind: zone
 *       phase: http_request_dynamic_redirect
 *       rules:
 *         - action: redirect
 *           actionParameters:
 *             fromValue:
 *               statusCode: 301
 *               targetUrl:
 *                 value: some_host.com
 *               preserveQueryString: true
 *           expression: (http.request.uri.path matches "^/api/")
 *           description: Apply redirect from value
 *           enabled: true
 *   # Serve some custom error response
 *   httpCustomErrorExample:
 *     type: cloudflare:Ruleset
 *     name: http_custom_error_example
 *     properties:
 *       zoneId: 0da42c8d2132a9ddaf714f9e7c920711
 *       name: Serve some error response
 *       description: Serve some error response
 *       kind: zone
 *       phase: http_custom_errors
 *       rules:
 *         - action: serve_error
 *           actionParameters:
 *             content: some error html
 *             contentType: text/html
 *             statusCode: '530'
 *           expression: (http.request.uri.path matches "^/api/")
 *           description: serve some error response
 *           enabled: true
 *   # Set Configuration Rules for an API route
 *   httpConfigRulesExample:
 *     type: cloudflare:Ruleset
 *     name: http_config_rules_example
 *     properties:
 *       zoneId: 0da42c8d2132a9ddaf714f9e7c920711
 *       name: set config rules
 *       description: set config rules for request
 *       kind: zone
 *       phase: http_config_settings
 *       rules:
 *         - action: set_config
 *           actionParameters:
 *             emailObfuscation: true
 *             bic: true
 *           expression: (http.request.uri.path matches "^/api/")
 *           description: set config rules for matching request
 *           enabled: true
 *   # Set compress algorithm for response.
 *   responseCompressBrotliHtml:
 *     type: cloudflare:Ruleset
 *     name: response_compress_brotli_html
 *     properties:
 *       zoneId: 0da42c8d2132a9ddaf714f9e7c920711
 *       name: Brotli response compression for HTML
 *       description: Response compression ruleset
 *       kind: zone
 *       phase: http_response_compression
 *       rules:
 *         - action: compress_response
 *           actionParameters:
 *             algorithms:
 *               - name: brotli
 *               - name: auto
 *           expression: http.response.content_type.media_type == "text/html"
 *           description: Prefer brotli compression for HTML
 *           enabled: true
 * ```
 * 
 * ## Import
 * Import an account scoped Ruleset configuration.
 * ```sh
 * $ pulumi import cloudflare:index/ruleset:Ruleset example account//
 * ```
 * Import a zone scoped Ruleset configuration.
 * ```sh
 * $ pulumi import cloudflare:index/ruleset:Ruleset example zone//
 * ```
 */
public class Ruleset internal constructor(
    override val javaResource: com.pulumi.cloudflare.Ruleset,
) : KotlinCustomResource(javaResource, RulesetMapper) {
    /**
     * The account identifier to target for the resource.
     */
    public val accountId: Output?
        get() = javaResource.accountId().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })

    /**
     * Brief summary of the ruleset and its intended use.
     */
    public val description: Output
        get() = javaResource.description().applyValue({ args0 -> args0 })

    /**
     * Type of Ruleset to create. Available values: `custom`, `managed`, `root`, `zone`.
     */
    public val kind: Output
        get() = javaResource.kind().applyValue({ args0 -> args0 })

    /**
     * Name of the ruleset.
     */
    public val name: Output
        get() = javaResource.name().applyValue({ args0 -> args0 })

    /**
     * Point in the request/response lifecycle where the ruleset will be created. Available values: `ddos_l4`, `ddos_l7`, `http_config_settings`, `http_custom_errors`, `http_log_custom_fields`, `http_ratelimit`, `http_request_cache_settings`, `http_request_dynamic_redirect`, `http_request_firewall_custom`, `http_request_firewall_managed`, `http_request_late_transform`, `http_request_origin`, `http_request_redirect`, `http_request_sanitize`, `http_request_sbfm`, `http_request_transform`, `http_response_compression`, `http_response_firewall_managed`, `http_response_headers_transform`, `magic_transit`.
     */
    public val phase: Output
        get() = javaResource.phase().applyValue({ args0 -> args0 })

    /**
     * List of rules to apply to the ruleset.
     */
    public val rules: Output>?
        get() = javaResource.rules().applyValue({ args0 ->
            args0.map({ args0 ->
                args0.map({ args0 ->
                    args0.let({ args0 -> toKotlin(args0) })
                })
            }).orElse(null)
        })

    /**
     * The zone identifier to target for the resource.
     */
    public val zoneId: Output?
        get() = javaResource.zoneId().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
}

public object RulesetMapper : ResourceMapper {
    override fun supportsMappingOfType(javaResource: Resource): Boolean =
        com.pulumi.cloudflare.Ruleset::class == javaResource::class

    override fun map(javaResource: Resource): Ruleset = Ruleset(
        javaResource as
            com.pulumi.cloudflare.Ruleset,
    )
}

/**
 * @see [Ruleset].
 * @param name The _unique_ name of the resulting resource.
 * @param block Builder for [Ruleset].
 */
public suspend fun ruleset(name: String, block: suspend RulesetResourceBuilder.() -> Unit): Ruleset {
    val builder = RulesetResourceBuilder()
    builder.name(name)
    block(builder)
    return builder.build()
}

/**
 * @see [Ruleset].
 * @param name The _unique_ name of the resulting resource.
 */
public fun ruleset(name: String): Ruleset {
    val builder = RulesetResourceBuilder()
    builder.name(name)
    return builder.build()
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy