com.pulumi.cloudflare.kotlin.AccessRuleArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-cloudflare-kotlin Show documentation
Show all versions of pulumi-cloudflare-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
The newest version!
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.cloudflare.kotlin
import com.pulumi.cloudflare.AccessRuleArgs.builder
import com.pulumi.cloudflare.kotlin.inputs.AccessRuleConfigurationArgs
import com.pulumi.cloudflare.kotlin.inputs.AccessRuleConfigurationArgsBuilder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.jvm.JvmName
/**
* Provides a Cloudflare IP Firewall Access Rule resource. Access
* control can be applied on basis of IP addresses, IP ranges, AS
* numbers or countries.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as cloudflare from "@pulumi/cloudflare";
* // Challenge requests coming from known Tor exit nodes.
* const torExitNodes = new cloudflare.AccessRule("tor_exit_nodes", {
* zoneId: "0da42c8d2132a9ddaf714f9e7c920711",
* notes: "Requests coming from known Tor exit nodes",
* mode: "challenge",
* configuration: {
* target: "country",
* value: "T1",
* },
* });
* // Allowlist requests coming from Antarctica, but only for single zone.
* const antarctica = new cloudflare.AccessRule("antarctica", {
* zoneId: "0da42c8d2132a9ddaf714f9e7c920711",
* notes: "Requests coming from Antarctica",
* mode: "whitelist",
* configuration: {
* target: "country",
* value: "AQ",
* },
* });
* const config = new pulumi.Config();
* const myOffice = config.getObject>("myOffice") || [
* "192.0.2.0/24",
* "198.51.100.0/24",
* "2001:db8::/56",
* ];
* const officeNetwork: cloudflare.AccessRule[] = [];
* for (const range = {value: 0}; range.value < myOffice.length; range.value++) {
* officeNetwork.push(new cloudflare.AccessRule(`office_network-${range.value}`, {
* accountId: "f037e56e89293a057740de681ac9abbe",
* notes: "Requests coming from office network",
* mode: "whitelist",
* configuration: {
* target: "ip_range",
* value: myOffice[range.value],
* },
* }));
* }
* ```
* ```python
* import pulumi
* import pulumi_cloudflare as cloudflare
* # Challenge requests coming from known Tor exit nodes.
* tor_exit_nodes = cloudflare.AccessRule("tor_exit_nodes",
* zone_id="0da42c8d2132a9ddaf714f9e7c920711",
* notes="Requests coming from known Tor exit nodes",
* mode="challenge",
* configuration={
* "target": "country",
* "value": "T1",
* })
* # Allowlist requests coming from Antarctica, but only for single zone.
* antarctica = cloudflare.AccessRule("antarctica",
* zone_id="0da42c8d2132a9ddaf714f9e7c920711",
* notes="Requests coming from Antarctica",
* mode="whitelist",
* configuration={
* "target": "country",
* "value": "AQ",
* })
* config = pulumi.Config()
* my_office = config.get_object("myOffice")
* if my_office is None:
* my_office = [
* "192.0.2.0/24",
* "198.51.100.0/24",
* "2001:db8::/56",
* ]
* office_network = []
* for range in [{"value": i} for i in range(0, len(my_office))]:
* office_network.append(cloudflare.AccessRule(f"office_network-{range['value']}",
* account_id="f037e56e89293a057740de681ac9abbe",
* notes="Requests coming from office network",
* mode="whitelist",
* configuration={
* "target": "ip_range",
* "value": my_office[range["value"]],
* }))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Cloudflare = Pulumi.Cloudflare;
* return await Deployment.RunAsync(() =>
* {
* // Challenge requests coming from known Tor exit nodes.
* var torExitNodes = new Cloudflare.AccessRule("tor_exit_nodes", new()
* {
* ZoneId = "0da42c8d2132a9ddaf714f9e7c920711",
* Notes = "Requests coming from known Tor exit nodes",
* Mode = "challenge",
* Configuration = new Cloudflare.Inputs.AccessRuleConfigurationArgs
* {
* Target = "country",
* Value = "T1",
* },
* });
* // Allowlist requests coming from Antarctica, but only for single zone.
* var antarctica = new Cloudflare.AccessRule("antarctica", new()
* {
* ZoneId = "0da42c8d2132a9ddaf714f9e7c920711",
* Notes = "Requests coming from Antarctica",
* Mode = "whitelist",
* Configuration = new Cloudflare.Inputs.AccessRuleConfigurationArgs
* {
* Target = "country",
* Value = "AQ",
* },
* });
* var config = new Config();
* var myOffice = config.GetObject("myOffice") ?? new[]
* {
* "192.0.2.0/24",
* "198.51.100.0/24",
* "2001:db8::/56",
* };
* var officeNetwork = new List();
* for (var rangeIndex = 0; rangeIndex < myOffice.Length; rangeIndex++)
* {
* var range = new { Value = rangeIndex };
* officeNetwork.Add(new Cloudflare.AccessRule($"office_network-{range.Value}", new()
* {
* AccountId = "f037e56e89293a057740de681ac9abbe",
* Notes = "Requests coming from office network",
* Mode = "whitelist",
* Configuration = new Cloudflare.Inputs.AccessRuleConfigurationArgs
* {
* Target = "ip_range",
* Value = myOffice[range.Value],
* },
* }));
* }
* });
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.cloudflare.AccessRule;
* import com.pulumi.cloudflare.AccessRuleArgs;
* import com.pulumi.cloudflare.inputs.AccessRuleConfigurationArgs;
* import com.pulumi.codegen.internal.KeyedValue;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var config = ctx.config();
* // Challenge requests coming from known Tor exit nodes.
* var torExitNodes = new AccessRule("torExitNodes", AccessRuleArgs.builder()
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .notes("Requests coming from known Tor exit nodes")
* .mode("challenge")
* .configuration(AccessRuleConfigurationArgs.builder()
* .target("country")
* .value("T1")
* .build())
* .build());
* // Allowlist requests coming from Antarctica, but only for single zone.
* var antarctica = new AccessRule("antarctica", AccessRuleArgs.builder()
* .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
* .notes("Requests coming from Antarctica")
* .mode("whitelist")
* .configuration(AccessRuleConfigurationArgs.builder()
* .target("country")
* .value("AQ")
* .build())
* .build());
* final var myOffice = config.get("myOffice").orElse(
* "192.0.2.0/24",
* "198.51.100.0/24",
* "2001:db8::/56");
* for (var i = 0; i < myOffice.length(); i++) {
* new AccessRule("officeNetwork-" + i, AccessRuleArgs.builder()
* .accountId("f037e56e89293a057740de681ac9abbe")
* .notes("Requests coming from office network")
* .mode("whitelist")
* .configuration(AccessRuleConfigurationArgs.builder()
* .target("ip_range")
* .value(myOffice[range.value()])
* .build())
* .build());
* }
* }
* }
* ```
* ```yaml
* configuration:
* # Allowlist office's network IP ranges on all account zones (or other lists of
* # resources).
* myOffice:
* type: list(string)
* default:
* - 192.0.2.0/24
* - 198.51.100.0/24
* - 2001:db8::/56
* resources:
* # Challenge requests coming from known Tor exit nodes.
* torExitNodes:
* type: cloudflare:AccessRule
* name: tor_exit_nodes
* properties:
* zoneId: 0da42c8d2132a9ddaf714f9e7c920711
* notes: Requests coming from known Tor exit nodes
* mode: challenge
* configuration:
* target: country
* value: T1
* # Allowlist requests coming from Antarctica, but only for single zone.
* antarctica:
* type: cloudflare:AccessRule
* properties:
* zoneId: 0da42c8d2132a9ddaf714f9e7c920711
* notes: Requests coming from Antarctica
* mode: whitelist
* configuration:
* target: country
* value: AQ
* officeNetwork:
* type: cloudflare:AccessRule
* name: office_network
* properties:
* accountId: f037e56e89293a057740de681ac9abbe
* notes: Requests coming from office network
* mode: whitelist
* configuration:
* target: ip_range
* value:
* fn::select:
* - ${range.value}
* - ${myOffice}
* options: {}
* ```
*
* ## Import
* User level access rule import.
* ```sh
* $ pulumi import cloudflare:index/accessRule:AccessRule default user//
* ```
* Zone level access rule import.
* ```sh
* $ pulumi import cloudflare:index/accessRule:AccessRule default zone//
* ```
* Account level access rule import.
* ```sh
* $ pulumi import cloudflare:index/accessRule:AccessRule default account//
* ```
* @property accountId The account identifier to target for the resource. Must provide only one of `account_id`, `zone_id`. **Modifying this attribute will force creation of a new resource.**
* @property configuration Rule configuration to apply to a matched request. **Modifying this attribute will force creation of a new resource.**
* @property mode The action to apply to a matched request. Available values: `block`, `challenge`, `whitelist`, `js_challenge`, `managed_challenge`.
* @property notes A personal note about the rule. Typically used as a reminder or explanation for the rule.
* @property zoneId The zone identifier to target for the resource. Must provide only one of `account_id`, `zone_id`. **Modifying this attribute will force creation of a new resource.**
*/
public data class AccessRuleArgs(
public val accountId: Output? = null,
public val configuration: Output? = null,
public val mode: Output? = null,
public val notes: Output? = null,
public val zoneId: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.cloudflare.AccessRuleArgs =
com.pulumi.cloudflare.AccessRuleArgs.builder()
.accountId(accountId?.applyValue({ args0 -> args0 }))
.configuration(configuration?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
.mode(mode?.applyValue({ args0 -> args0 }))
.notes(notes?.applyValue({ args0 -> args0 }))
.zoneId(zoneId?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [AccessRuleArgs].
*/
@PulumiTagMarker
public class AccessRuleArgsBuilder internal constructor() {
private var accountId: Output? = null
private var configuration: Output? = null
private var mode: Output? = null
private var notes: Output? = null
private var zoneId: Output? = null
/**
* @param value The account identifier to target for the resource. Must provide only one of `account_id`, `zone_id`. **Modifying this attribute will force creation of a new resource.**
*/
@JvmName("gmpjwsvbytsjtqdt")
public suspend fun accountId(`value`: Output) {
this.accountId = value
}
/**
* @param value Rule configuration to apply to a matched request. **Modifying this attribute will force creation of a new resource.**
*/
@JvmName("hubjolxredmubmad")
public suspend fun configuration(`value`: Output) {
this.configuration = value
}
/**
* @param value The action to apply to a matched request. Available values: `block`, `challenge`, `whitelist`, `js_challenge`, `managed_challenge`.
*/
@JvmName("wsxqwoolmqdesfyj")
public suspend fun mode(`value`: Output) {
this.mode = value
}
/**
* @param value A personal note about the rule. Typically used as a reminder or explanation for the rule.
*/
@JvmName("carthxhpdupfbwjh")
public suspend fun notes(`value`: Output) {
this.notes = value
}
/**
* @param value The zone identifier to target for the resource. Must provide only one of `account_id`, `zone_id`. **Modifying this attribute will force creation of a new resource.**
*/
@JvmName("klgijmdeghtjiixi")
public suspend fun zoneId(`value`: Output) {
this.zoneId = value
}
/**
* @param value The account identifier to target for the resource. Must provide only one of `account_id`, `zone_id`. **Modifying this attribute will force creation of a new resource.**
*/
@JvmName("mmimhqnbtapoasgc")
public suspend fun accountId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.accountId = mapped
}
/**
* @param value Rule configuration to apply to a matched request. **Modifying this attribute will force creation of a new resource.**
*/
@JvmName("frfhntbyfywnybii")
public suspend fun configuration(`value`: AccessRuleConfigurationArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.configuration = mapped
}
/**
* @param argument Rule configuration to apply to a matched request. **Modifying this attribute will force creation of a new resource.**
*/
@JvmName("jltuihgxpfnxbktf")
public suspend fun configuration(argument: suspend AccessRuleConfigurationArgsBuilder.() -> Unit) {
val toBeMapped = AccessRuleConfigurationArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.configuration = mapped
}
/**
* @param value The action to apply to a matched request. Available values: `block`, `challenge`, `whitelist`, `js_challenge`, `managed_challenge`.
*/
@JvmName("favoblptjoltptme")
public suspend fun mode(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.mode = mapped
}
/**
* @param value A personal note about the rule. Typically used as a reminder or explanation for the rule.
*/
@JvmName("pgexgomkfxuvtblo")
public suspend fun notes(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.notes = mapped
}
/**
* @param value The zone identifier to target for the resource. Must provide only one of `account_id`, `zone_id`. **Modifying this attribute will force creation of a new resource.**
*/
@JvmName("fqecwwupoowknetj")
public suspend fun zoneId(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.zoneId = mapped
}
internal fun build(): AccessRuleArgs = AccessRuleArgs(
accountId = accountId,
configuration = configuration,
mode = mode,
notes = notes,
zoneId = zoneId,
)
}