com.pulumi.cloudflare.kotlin.AccessPolicyArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-cloudflare-kotlin Show documentation
Show all versions of pulumi-cloudflare-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
The newest version!
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.cloudflare.kotlin
import com.pulumi.cloudflare.AccessPolicyArgs.builder
import com.pulumi.cloudflare.kotlin.inputs.AccessPolicyApprovalGroupArgs
import com.pulumi.cloudflare.kotlin.inputs.AccessPolicyApprovalGroupArgsBuilder
import com.pulumi.cloudflare.kotlin.inputs.AccessPolicyConnectionRulesArgs
import com.pulumi.cloudflare.kotlin.inputs.AccessPolicyConnectionRulesArgsBuilder
import com.pulumi.cloudflare.kotlin.inputs.AccessPolicyExcludeArgs
import com.pulumi.cloudflare.kotlin.inputs.AccessPolicyExcludeArgsBuilder
import com.pulumi.cloudflare.kotlin.inputs.AccessPolicyIncludeArgs
import com.pulumi.cloudflare.kotlin.inputs.AccessPolicyIncludeArgsBuilder
import com.pulumi.cloudflare.kotlin.inputs.AccessPolicyRequireArgs
import com.pulumi.cloudflare.kotlin.inputs.AccessPolicyRequireArgsBuilder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName
/**
* Provides a Cloudflare Access Policy resource. Access Policies are
* used in conjunction with Access Applications to restrict access to
* a particular resource.
* > It's required that an `account_id` or `zone_id` is provided and in most cases using either is fine.
* However, if you're using a scoped access token, you must provide the argument that matches the token's
* scope. For example, an access token that is scoped to the "example.com" zone needs to use the `zone_id` argument.
* If 'application_id' is omitted, the policy created can be reused by multiple access applications.
* Any cloudflare.AccessApplication resource can reference reusable policies through its `policies` argument.
* To destroy a reusable policy and remove it from all applications' policies lists on the same apply, preemptively set the
* lifecycle option `create_before_destroy` to true on the 'cloudflare_access_policy' resource.
* ## Import
* ```sh
* $ pulumi import cloudflare:index/accessPolicy:AccessPolicy example account///
* ```
* @property accountId The account identifier to target for the resource. Conflicts with `zone_id`.
* @property applicationId The ID of the application the policy is associated with. Required when using `precedence`. **Modifying this attribute will force creation of a new resource.**
* @property approvalGroups
* @property approvalRequired
* @property connectionRules The rules that define how users may connect to the targets secured by your application.
* @property decision Defines the action Access will take if the policy matches the user. Available values: `allow`, `deny`, `non_identity`, `bypass`.
* @property excludes A series of access conditions, see Access Groups.
* @property includes A series of access conditions, see Access Groups.
* @property isolationRequired Require this application to be served in an isolated browser for users matching this policy.
* @property name Friendly name of the Access Policy.
* @property precedence The unique precedence for policies on a single application. Required when using `application_id`.
* @property purposeJustificationPrompt The prompt to display to the user for a justification for accessing the resource. Required when using `purpose_justification_required`.
* @property purposeJustificationRequired Whether to prompt the user for a justification for accessing the resource.
* @property requires A series of access conditions, see Access Groups.
* @property sessionDuration How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`.
* @property zoneId The zone identifier to target for the resource. Conflicts with `account_id`.
*/
public data class AccessPolicyArgs(
public val accountId: Output? = null,
public val applicationId: Output? = null,
public val approvalGroups: Output>? = null,
public val approvalRequired: Output? = null,
public val connectionRules: Output? = null,
public val decision: Output? = null,
public val excludes: Output>? = null,
public val includes: Output>? = null,
public val isolationRequired: Output? = null,
public val name: Output? = null,
public val precedence: Output? = null,
public val purposeJustificationPrompt: Output? = null,
public val purposeJustificationRequired: Output? = null,
public val requires: Output>? = null,
public val sessionDuration: Output? = null,
public val zoneId: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.cloudflare.AccessPolicyArgs =
com.pulumi.cloudflare.AccessPolicyArgs.builder()
.accountId(accountId?.applyValue({ args0 -> args0 }))
.applicationId(applicationId?.applyValue({ args0 -> args0 }))
.approvalGroups(
approvalGroups?.applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
})
}),
)
.approvalRequired(approvalRequired?.applyValue({ args0 -> args0 }))
.connectionRules(connectionRules?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.decision(decision?.applyValue({ args0 -> args0 }))
.excludes(
excludes?.applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
})
}),
)
.includes(
includes?.applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
})
}),
)
.isolationRequired(isolationRequired?.applyValue({ args0 -> args0 }))
.name(name?.applyValue({ args0 -> args0 }))
.precedence(precedence?.applyValue({ args0 -> args0 }))
.purposeJustificationPrompt(purposeJustificationPrompt?.applyValue({ args0 -> args0 }))
.purposeJustificationRequired(purposeJustificationRequired?.applyValue({ args0 -> args0 }))
.requires(
requires?.applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
})
}),
)
.sessionDuration(sessionDuration?.applyValue({ args0 -> args0 }))
.zoneId(zoneId?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [AccessPolicyArgs].
*/
@PulumiTagMarker
public class AccessPolicyArgsBuilder internal constructor() {
private var accountId: Output? = null
private var applicationId: Output? = null
private var approvalGroups: Output>? = null
private var approvalRequired: Output? = null
private var connectionRules: Output? = null
private var decision: Output? = null
private var excludes: Output>? = null
private var includes: Output>? = null
private var isolationRequired: Output? = null
private var name: Output? = null
private var precedence: Output? = null
private var purposeJustificationPrompt: Output? = null
private var purposeJustificationRequired: Output? = null
private var requires: Output>? = null
private var sessionDuration: Output? = null
private var zoneId: Output? = null
/**
* @param value The account identifier to target for the resource. Conflicts with `zone_id`.
*/
@JvmName("glyqoevahgksulrf")
public suspend fun accountId(`value`: Output) {
this.accountId = value
}
/**
* @param value The ID of the application the policy is associated with. Required when using `precedence`. **Modifying this attribute will force creation of a new resource.**
*/
@JvmName("wbuonapoeuwvrmdi")
public suspend fun applicationId(`value`: Output) {
this.applicationId = value
}
/**
* @param value
*/
@JvmName("pxhqwwofecgnuupd")
public suspend fun approvalGroups(`value`: Output>) {
this.approvalGroups = value
}
@JvmName("kubngxyaanipuujq")
public suspend fun approvalGroups(vararg values: Output) {
this.approvalGroups = Output.all(values.asList())
}
/**
* @param values
*/
@JvmName("iucvdgusgkwpbiiy")
public suspend fun approvalGroups(values: List>) {
this.approvalGroups = Output.all(values)
}
/**
* @param value
*/
@JvmName("sojbcybgfswpnicg")
public suspend fun approvalRequired(`value`: Output) {
this.approvalRequired = value
}
/**
* @param value The rules that define how users may connect to the targets secured by your application.
*/
@JvmName("lfmrdtreqdlchmnl")
public suspend fun connectionRules(`value`: Output) {
this.connectionRules = value
}
/**
* @param value Defines the action Access will take if the policy matches the user. Available values: `allow`, `deny`, `non_identity`, `bypass`.
*/
@JvmName("gtqxktauvubrmynh")
public suspend fun decision(`value`: Output) {
this.decision = value
}
/**
* @param value A series of access conditions, see Access Groups.
*/
@JvmName("jqjynhdmhjivsoxr")
public suspend fun excludes(`value`: Output>) {
this.excludes = value
}
@JvmName("yoplekbfspselmxb")
public suspend fun excludes(vararg values: Output) {
this.excludes = Output.all(values.asList())
}
/**
* @param values A series of access conditions, see Access Groups.
*/
@JvmName("utsjahliynflfkvd")
public suspend fun excludes(values: List>) {
this.excludes = Output.all(values)
}
/**
* @param value A series of access conditions, see Access Groups.
*/
@JvmName("nfhiqgkhguvkqqrk")
public suspend fun includes(`value`: Output>) {
this.includes = value
}
@JvmName("qlsdufxfapkrgvxc")
public suspend fun includes(vararg values: Output) {
this.includes = Output.all(values.asList())
}
/**
* @param values A series of access conditions, see Access Groups.
*/
@JvmName("ycvyqcohoosswttl")
public suspend fun includes(values: List>) {
this.includes = Output.all(values)
}
/**
* @param value Require this application to be served in an isolated browser for users matching this policy.
*/
@JvmName("lwlcycbprjpuxbbp")
public suspend fun isolationRequired(`value`: Output) {
this.isolationRequired = value
}
/**
* @param value Friendly name of the Access Policy.
*/
@JvmName("kolvwupwycvvsric")
public suspend fun name(`value`: Output) {
this.name = value
}
/**
* @param value The unique precedence for policies on a single application. Required when using `application_id`.
*/
@JvmName("xjdxgaitnnqaigyw")
public suspend fun precedence(`value`: Output) {
this.precedence = value
}
/**
* @param value The prompt to display to the user for a justification for accessing the resource. Required when using `purpose_justification_required`.
*/
@JvmName("ucsyctmgxivnnhot")
public suspend fun purposeJustificationPrompt(`value`: Output) {
this.purposeJustificationPrompt = value
}
/**
* @param value Whether to prompt the user for a justification for accessing the resource.
*/
@JvmName("jljlysoibwnhbabp")
public suspend fun purposeJustificationRequired(`value`: Output) {
this.purposeJustificationRequired = value
}
/**
* @param value A series of access conditions, see Access Groups.
*/
@JvmName("pyewjhmgposdjknd")
public suspend fun requires(`value`: Output>) {
this.requires = value
}
@JvmName("kueqefjqoxjakyqo")
public suspend fun requires(vararg values: Output) {
this.requires = Output.all(values.asList())
}
/**
* @param values A series of access conditions, see Access Groups.
*/
@JvmName("ibmurkoykgpwudrh")
public suspend fun requires(values: List>) {
this.requires = Output.all(values)
}
/**
* @param value How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`.
*/
@JvmName("djevwyfdqiexwikm")
public suspend fun sessionDuration(`value`: Output) {
this.sessionDuration = value
}
/**
* @param value The zone identifier to target for the resource. Conflicts with `account_id`.
*/
@JvmName("ibbcobkturxiosss")
public suspend fun zoneId(`value`: Output) {
this.zoneId = value
}
/**
* @param value The account identifier to target for the resource. Conflicts with `zone_id`.
*/
@JvmName("poaqmeebybhhwqky")
public suspend fun accountId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.accountId = mapped
}
/**
* @param value The ID of the application the policy is associated with. Required when using `precedence`. **Modifying this attribute will force creation of a new resource.**
*/
@JvmName("xdeskfogorjrrbwk")
public suspend fun applicationId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.applicationId = mapped
}
/**
* @param value
*/
@JvmName("ehjhmseigknwcwnj")
public suspend fun approvalGroups(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.approvalGroups = mapped
}
/**
* @param argument
*/
@JvmName("vrveplxvdyapgkyb")
public suspend fun approvalGroups(argument: List Unit>) {
val toBeMapped = argument.toList().map {
AccessPolicyApprovalGroupArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.approvalGroups = mapped
}
/**
* @param argument
*/
@JvmName("vmifirwchcbfpyhr")
public suspend fun approvalGroups(vararg argument: suspend AccessPolicyApprovalGroupArgsBuilder.() -> Unit) {
val toBeMapped = argument.toList().map {
AccessPolicyApprovalGroupArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.approvalGroups = mapped
}
/**
* @param argument
*/
@JvmName("yhshcykhpbmpffyh")
public suspend fun approvalGroups(argument: suspend AccessPolicyApprovalGroupArgsBuilder.() -> Unit) {
val toBeMapped = listOf(
AccessPolicyApprovalGroupArgsBuilder().applySuspend {
argument()
}.build(),
)
val mapped = of(toBeMapped)
this.approvalGroups = mapped
}
/**
* @param values
*/
@JvmName("mueatfydentsploq")
public suspend fun approvalGroups(vararg values: AccessPolicyApprovalGroupArgs) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.approvalGroups = mapped
}
/**
* @param value
*/
@JvmName("ihircrvckkybhrxj")
public suspend fun approvalRequired(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.approvalRequired = mapped
}
/**
* @param value The rules that define how users may connect to the targets secured by your application.
*/
@JvmName("bwsmfenixbqqnimm")
public suspend fun connectionRules(`value`: AccessPolicyConnectionRulesArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.connectionRules = mapped
}
/**
* @param argument The rules that define how users may connect to the targets secured by your application.
*/
@JvmName("pykitwquoyplslsg")
public suspend fun connectionRules(argument: suspend AccessPolicyConnectionRulesArgsBuilder.() -> Unit) {
val toBeMapped = AccessPolicyConnectionRulesArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.connectionRules = mapped
}
/**
* @param value Defines the action Access will take if the policy matches the user. Available values: `allow`, `deny`, `non_identity`, `bypass`.
*/
@JvmName("yowjliqbucshcxhp")
public suspend fun decision(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.decision = mapped
}
/**
* @param value A series of access conditions, see Access Groups.
*/
@JvmName("bridvwdbskqxrtty")
public suspend fun excludes(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.excludes = mapped
}
/**
* @param argument A series of access conditions, see Access Groups.
*/
@JvmName("rndtmuvbcprhckfh")
public suspend fun excludes(argument: List Unit>) {
val toBeMapped = argument.toList().map {
AccessPolicyExcludeArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.excludes = mapped
}
/**
* @param argument A series of access conditions, see Access Groups.
*/
@JvmName("euvypjavjkeipkop")
public suspend fun excludes(vararg argument: suspend AccessPolicyExcludeArgsBuilder.() -> Unit) {
val toBeMapped = argument.toList().map {
AccessPolicyExcludeArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.excludes = mapped
}
/**
* @param argument A series of access conditions, see Access Groups.
*/
@JvmName("dvtlitnfhyanawgy")
public suspend fun excludes(argument: suspend AccessPolicyExcludeArgsBuilder.() -> Unit) {
val toBeMapped = listOf(AccessPolicyExcludeArgsBuilder().applySuspend { argument() }.build())
val mapped = of(toBeMapped)
this.excludes = mapped
}
/**
* @param values A series of access conditions, see Access Groups.
*/
@JvmName("ccdlgnmsiwaidhdf")
public suspend fun excludes(vararg values: AccessPolicyExcludeArgs) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.excludes = mapped
}
/**
* @param value A series of access conditions, see Access Groups.
*/
@JvmName("kwhgovsdjtlnfcku")
public suspend fun includes(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.includes = mapped
}
/**
* @param argument A series of access conditions, see Access Groups.
*/
@JvmName("rmithkbjfbnwpubb")
public suspend fun includes(argument: List Unit>) {
val toBeMapped = argument.toList().map {
AccessPolicyIncludeArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.includes = mapped
}
/**
* @param argument A series of access conditions, see Access Groups.
*/
@JvmName("fblapslfofybamkb")
public suspend fun includes(vararg argument: suspend AccessPolicyIncludeArgsBuilder.() -> Unit) {
val toBeMapped = argument.toList().map {
AccessPolicyIncludeArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.includes = mapped
}
/**
* @param argument A series of access conditions, see Access Groups.
*/
@JvmName("hgjltbijghujmecd")
public suspend fun includes(argument: suspend AccessPolicyIncludeArgsBuilder.() -> Unit) {
val toBeMapped = listOf(AccessPolicyIncludeArgsBuilder().applySuspend { argument() }.build())
val mapped = of(toBeMapped)
this.includes = mapped
}
/**
* @param values A series of access conditions, see Access Groups.
*/
@JvmName("lfquhcuqqehmnccr")
public suspend fun includes(vararg values: AccessPolicyIncludeArgs) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.includes = mapped
}
/**
* @param value Require this application to be served in an isolated browser for users matching this policy.
*/
@JvmName("ppwjeilbpfwqkssf")
public suspend fun isolationRequired(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.isolationRequired = mapped
}
/**
* @param value Friendly name of the Access Policy.
*/
@JvmName("csduodclclypbryr")
public suspend fun name(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.name = mapped
}
/**
* @param value The unique precedence for policies on a single application. Required when using `application_id`.
*/
@JvmName("vibuylvelixcxodi")
public suspend fun precedence(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.precedence = mapped
}
/**
* @param value The prompt to display to the user for a justification for accessing the resource. Required when using `purpose_justification_required`.
*/
@JvmName("pkvjgddrjxmdbjov")
public suspend fun purposeJustificationPrompt(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.purposeJustificationPrompt = mapped
}
/**
* @param value Whether to prompt the user for a justification for accessing the resource.
*/
@JvmName("vmefhtutuxirqvxp")
public suspend fun purposeJustificationRequired(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.purposeJustificationRequired = mapped
}
/**
* @param value A series of access conditions, see Access Groups.
*/
@JvmName("tfypfptkcyxfpxyk")
public suspend fun requires(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.requires = mapped
}
/**
* @param argument A series of access conditions, see Access Groups.
*/
@JvmName("vuegavkerogmgeik")
public suspend fun requires(argument: List Unit>) {
val toBeMapped = argument.toList().map {
AccessPolicyRequireArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.requires = mapped
}
/**
* @param argument A series of access conditions, see Access Groups.
*/
@JvmName("amihabwfjsodoqnr")
public suspend fun requires(vararg argument: suspend AccessPolicyRequireArgsBuilder.() -> Unit) {
val toBeMapped = argument.toList().map {
AccessPolicyRequireArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.requires = mapped
}
/**
* @param argument A series of access conditions, see Access Groups.
*/
@JvmName("xxxixqmkkdikmwww")
public suspend fun requires(argument: suspend AccessPolicyRequireArgsBuilder.() -> Unit) {
val toBeMapped = listOf(AccessPolicyRequireArgsBuilder().applySuspend { argument() }.build())
val mapped = of(toBeMapped)
this.requires = mapped
}
/**
* @param values A series of access conditions, see Access Groups.
*/
@JvmName("uycyqetkjwwcoijb")
public suspend fun requires(vararg values: AccessPolicyRequireArgs) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.requires = mapped
}
/**
* @param value How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`.
*/
@JvmName("byojcyniaiqsgikl")
public suspend fun sessionDuration(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.sessionDuration = mapped
}
/**
* @param value The zone identifier to target for the resource. Conflicts with `account_id`.
*/
@JvmName("ptnkhunfrkcdsvyy")
public suspend fun zoneId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.zoneId = mapped
}
internal fun build(): AccessPolicyArgs = AccessPolicyArgs(
accountId = accountId,
applicationId = applicationId,
approvalGroups = approvalGroups,
approvalRequired = approvalRequired,
connectionRules = connectionRules,
decision = decision,
excludes = excludes,
includes = includes,
isolationRequired = isolationRequired,
name = name,
precedence = precedence,
purposeJustificationPrompt = purposeJustificationPrompt,
purposeJustificationRequired = purposeJustificationRequired,
requires = requires,
sessionDuration = sessionDuration,
zoneId = zoneId,
)
}