import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages a Front Door (standard/premium) Rule. * * !> **Note:** The Rules resource **must** include a `dependsOn` meta-argument which references the `azure.cdn.FrontdoorOrigin` and the `azure.cdn.FrontdoorOriginGroup`. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-cdn-frontdoor", * location: "West Europe", * }); * const exampleFrontdoorProfile = new azure.cdn.FrontdoorProfile("example", { * name: "example-profile", * resourceGroupName: example.name, * skuName: "Premium_AzureFrontDoor", * }); * const exampleFrontdoorEndpoint = new azure.cdn.FrontdoorEndpoint("example", { * name: "example-endpoint", * cdnFrontdoorProfileId: exampleFrontdoorProfile.id, * tags: { * endpoint: "contoso.com", * }, * }); * const exampleFrontdoorOriginGroup = new azure.cdn.FrontdoorOriginGroup("example", { * name: "example-originGroup", * cdnFrontdoorProfileId: exampleFrontdoorProfile.id, * sessionAffinityEnabled: true, * restoreTrafficTimeToHealedOrNewEndpointInMinutes: 10, * healthProbe: { * intervalInSeconds: 240, * path: "/healthProbe", * protocol: "Https", * requestType: "GET", * }, * loadBalancing: { * additionalLatencyInMilliseconds: 0, * sampleSize: 16, * successfulSamplesRequired: 3, * }, * }); * const exampleFrontdoorOrigin = new azure.cdn.FrontdoorOrigin("example", { * name: "example-origin", * cdnFrontdoorOriginGroupId: exampleFrontdoorOriginGroup.id, * enabled: true, * certificateNameCheckEnabled: false, * hostName: exampleFrontdoorEndpoint.hostName, * httpPort: 80, * httpsPort: 443, * originHostHeader: "contoso.com", * priority: 1, * weight: 500, * }); * const exampleFrontdoorRuleSet = new azure.cdn.FrontdoorRuleSet("example", { * name: "exampleruleset", * cdnFrontdoorProfileId: exampleFrontdoorProfile.id, * }); * const exampleFrontdoorRule = new azure.cdn.FrontdoorRule("example", { * name: "examplerule", * cdnFrontdoorRuleSetId: exampleFrontdoorRuleSet.id, * order: 1, * behaviorOnMatch: "Continue", * actions: { * routeConfigurationOverrideAction: { * cdnFrontdoorOriginGroupId: exampleFrontdoorOriginGroup.id, * forwardingProtocol: "HttpsOnly", * queryStringCachingBehavior: "IncludeSpecifiedQueryStrings", * queryStringParameters: [ * "foo", * "clientIp={client_ip}", * ], * compressionEnabled: true, * cacheBehavior: "OverrideIfOriginMissing", * cacheDuration: "365.23:59:59", * }, * urlRedirectAction: { * redirectType: "PermanentRedirect", * redirectProtocol: "MatchRequest", * queryString: "clientIp={client_ip}", * destinationPath: "/exampleredirection", * destinationHostname: "contoso.com", * destinationFragment: "UrlRedirect", * }, * }, * conditions: { * hostNameConditions: [{ * operator: "Equal", * negateCondition: false, * matchValues: [ * "www.contoso.com", * "images.contoso.com", * "video.contoso.com", * ], * transforms: [ * "Lowercase", * "Trim", * ], * }], * isDeviceConditions: [{ * operator: "Equal", * negateCondition: false, * matchValues: "Mobile", * }], * postArgsConditions: [{ * postArgsName: "customerName", * operator: "BeginsWith", * matchValues: [ * "J", * "K", * ], * transforms: ["Uppercase"], * }], * requestMethodConditions: [{ * operator: "Equal", * negateCondition: false, * matchValues: ["DELETE"], * }], * urlFilenameConditions: [{ * operator: "Equal", * negateCondition: false, * matchValues: ["media.mp4"], * transforms: [ * "Lowercase", * "RemoveNulls", * "Trim", * ], * }], * }, * }, { * dependsOn: [ * exampleFrontdoorOriginGroup, * exampleFrontdoorOrigin, * ], * }); * ``` * * ## Specifying IP Address Ranges * * When specifying IP address ranges in the `socketAddressCondition` and the `remoteAddressCondition` `matchValues` use the following format: * * Use `CIDR` notation when specifying IP address blocks. This means that the syntax for an IP address block is the base IP address followed by a forward slash and the prefix size For example: * * * `IPv4` example: `5.5.5.64/26` matches any requests that arrive from addresses `5.5.5.64` through `5.5.5.127`. * * `IPv6` example: `1:2:3:/48` matches any requests that arrive from addresses `1:2:3:0:0:0:0:0` through `1:2:3:ffff:ffff:ffff:ffff:ffff`. * * When you specify multiple IP addresses and IP address blocks, `OR` logic is applied. * * * `IPv4` example: if you add two IP addresses `1.2.3.4` and `10.20.30.40`, the condition is matched for any requests that arrive from either address `1.2.3.4` or `10.20.30.40`. * * `IPv6` example: if you add two IP addresses `1:2:3:4:5:6:7:8` and `10:20:30:40:50:60:70:80`, the condition is matched for any requests that arrive from either address `1:2:3:4:5:6:7:8` or `10:20:30:40:50:60:70:80`. * * *** * * ## Action Server Variables * * Rule Set server variables provide access to structured information about the request. You can use server variables to dynamically change the request/response headers or URL rewrite paths/query strings, for example, when a new page load or when a form is posted. * * ### Supported Action Server Variables * * | Variable name | Description | * |---------------|-------------| * | `socketIp` | The IP address of the direct connection to Front Door Profiles edge. If the client used an HTTP proxy or a load balancer to send the request, the value of `socketIp` is the IP address of the proxy or load balancer. | * | `clientIp` | The IP address of the client that made the original request. If there was an `X-Forwarded-For` header in the request, then the client IP address is picked from the header. | * | `clientPort` | The IP port of the client that made the request. | * | `hostname` | The host name in the request from the client. | * | `geoCountry` | Indicates the requester's country/region of origin through its country/region code. | * | `httpMethod` | The method used to make the URL request, such as `GET` or `POST`. | * | `httpVersion` | The request protocol. Usually `HTTP/1.0`, `HTTP/1.1`, or `HTTP/2.0`. | * | `queryString` | The list of variable/value pairs that follows the "?" in the requested URL. For example, in the request `http://contoso.com:8080/article.aspx?id=123&title=fabrikam`, the `queryString` value will be `id=123&title=fabrikam`. | * | `requestScheme` | The request scheme: `http` or `https`. | * | `requestUri` | The full original request URI (with arguments). For example, in the request `http://contoso.com:8080/article.aspx?id=123&title=fabrikam`, the `requestUri` value will be `/article.aspx?id=123&title=fabrikam`. | * | `sslProtocol` | The protocol of an established TLS connection. | * | `serverPort` | The port of the server that accepted a request. | * | `urlPath` | Identifies the specific resource in the host that the web client wants to access. This is the part of the request URI without the arguments. For example, in the request `http://contoso.com:8080/article.aspx?id=123&title=fabrikam`, the `uriPath` value will be `/article.aspx`. | * * ### Action Server Variable Format * * Server variables can be specified using the following formats: * * * `{variable}` - Include the entire server variable. For example, if the client IP address is `111.222.333.444` then the `{client_ip}` token would evaluate to `111.222.333.444`. * * * `{variable:offset}` - Include the server variable after a specific offset, until the end of the variable. The offset is zero-based. For example, if the client IP address is `111.222.333.444` then the `{client_ip:3}` token would evaluate to `.222.333.444`. * * * `{variable:offset:length}` - Include the server variable after a specific offset, up to the specified length. The offset is zero-based. For example, if the client IP address is `111.222.333.444` then the `{client_ip:4:3}` token would evaluate to `222`. * * ### Action Server Variables Support * * Action Server variables are supported on the following actions: * * * `routeConfigurationOverrideAction` * * `requestHeaderAction` * * `responseHeaderAction` * * `urlRedirectAction` * * `urlRewriteAction` * * *** * * ## Condition Operator list * * For rules that accept values from the standard operator list, the following operators are valid: * * | Operator | Description | Condition Value | * |----------------------------|-------------|-----------------| * | Any |Matches when there is any value, regardless of what it is. | Any | * | Equal | Matches when the value exactly matches the specified string. | Equal | * | Contains | Matches when the value contains the specified string. | Contains | * | Less Than | Matches when the length of the value is less than the specified integer. | LessThan | * | Greater Than | Matches when the length of the value is greater than the specified integer. | GreaterThan | * | Less Than or Equal | Matches when the length of the value is less than or equal to the specified integer. | LessThanOrEqual | * | Greater Than or Equal | Matches when the length of the value is greater than or equal to the specified integer. | GreaterThanOrEqual | * | Begins With | Matches when the value begins with the specified string. | BeginsWith | * | Ends With | Matches when the value ends with the specified string. | EndsWith | * | RegEx | Matches when the value matches the specified regular expression. See `Condition Regular Expressions` below for more details. | RegEx | * | Wildcard | Matches when the request path matches a wildcard expression. See `Condition Wildcard Expression` below for more details. | Wildcard | * | Not Any | Matches when there is no value. | Any and negateCondition = true | * | Not Equal | Matches when the value does not match the specified string. | Equal and negateCondition : true | * | Not Contains | Matches when the value does not contain the specified string. | Contains and negateCondition = true | * | Not Less Than | Matches when the length of the value is not less than the specified integer. | LessThan and negateCondition = true | * | Not Greater Than | Matches when the length of the value is not greater than the specified integer. | GreaterThan and negateCondition = true | * | Not Less Than or Equal | Matches when the length of the value is not less than or equal to the specified integer. | LessThanOrEqual and negateCondition = true | * | Not Greater Than or Equals | Matches when the length of the value is not greater than or equal to the specified integer. | GreaterThanOrEqual and negateCondition = true | * | Not Begins With | Matches when the value does not begin with the specified string. | BeginsWith and negateCondition = true | * | Not Ends With | Matches when the value does not end with the specified string. | EndsWith and negateCondition = true | * | Not RegEx | Matches when the value does not match the specified regular expression. See `Condition Regular Expressions` for more details. | RegEx and negateCondition = true | * | Not Wildcard | Matches when the request path does not match a wildcard expression. See `Condition Wildcard Expression` below for more details. | Wildcard and negateCondition = true | * * *** * * ## Condition Regular Expressions * * Regular expressions **don't** support the following operations: * * * Backreferences and capturing subexpressions. * * Arbitrary zero-width assertions. * * Subroutine references and recursive patterns. * * Conditional patterns. * * Backtracking control verbs. * * The `\C` single-byte directive. * * The `\R` newline match directive. * * The `\K` start of match reset directive. * * Callouts and embedded code. * * Atomic grouping and possessive quantifiers. * * ## Condition Wildcard Expression * * A wildcard expression can include the * character to match zero or more characters within the path. For example, the wildcard expression `files/customer*/file.pdf` matches the paths `files/customer1/file.pdf`, `files/customer109/file.pdf`, and `files/customer/file.pdf`, but doesn't match `files/customer2/anotherfile.pdf`. * * *** * * ## Condition Transform List * * For rules that can transform strings, the following transforms are valid: * * | Transform | Description | * |-------------|-------------| * | Lowercase | Converts the string to the lowercase representation. | * | Uppercase | Converts the string to the uppercase representation. | * | Trim | Trims leading and trailing whitespace from the string. | * | RemoveNulls | Removes null values from the string. | * | URLEncode | URL-encodes the string. | * | URLDecode | URL-decodes the string. | * * *** * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.Cdn` - 2024-09-01 * * ## Import * * Front Door Rules can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:cdn/frontdoorRule:FrontdoorRule example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.Cdn/profiles/profile1/ruleSets/ruleSet1/rules/rule1 * ``` */ export declare class FrontdoorRule extends pulumi.CustomResource { /** * Get an existing FrontdoorRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: FrontdoorRuleState, opts?: pulumi.CustomResourceOptions): FrontdoorRule; /** * Returns true if the given object is an instance of FrontdoorRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is FrontdoorRule; /** * An `actions` block as defined below. */ readonly actions: pulumi.Output; /** * If this rule is a match should the rules engine continue processing the remaining rules or stop? Possible values are `Continue` and `Stop`. Defaults to `Continue`. */ readonly behaviorOnMatch: pulumi.Output; /** * The resource ID of the Front Door Rule Set for this Front Door Rule. Changing this forces a new Front Door Rule to be created. */ readonly cdnFrontdoorRuleSetId: pulumi.Output; /** * The name of the Front Door Rule Set containing this Front Door Rule. */ readonly cdnFrontdoorRuleSetName: pulumi.Output; /** * A `conditions` block as defined below. */ readonly conditions: pulumi.Output; /** * The name which should be used for this Front Door Rule. Possible values must be between 1 and 260 characters in length, begin with a letter and may contain only letters and numbers. Changing this forces a new Front Door Rule to be created. */ readonly name: pulumi.Output; /** * The order in which the rules will be applied for the Front Door Endpoint. The order value should be sequential and begin at `1`(e.g. `1`, `2`, `3`...). A Front Door Rule with a lesser order value will be applied before a rule with a greater order value. * * > **Note:** If the Front Door Rule has an order value of `0` they do not require any conditions and the actions will always be applied. */ readonly order: pulumi.Output; /** * Create a FrontdoorRule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: FrontdoorRuleArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering FrontdoorRule resources. */ export interface FrontdoorRuleState { /** * An `actions` block as defined below. */ actions?: pulumi.Input; /** * If this rule is a match should the rules engine continue processing the remaining rules or stop? Possible values are `Continue` and `Stop`. Defaults to `Continue`. */ behaviorOnMatch?: pulumi.Input; /** * The resource ID of the Front Door Rule Set for this Front Door Rule. Changing this forces a new Front Door Rule to be created. */ cdnFrontdoorRuleSetId?: pulumi.Input; /** * The name of the Front Door Rule Set containing this Front Door Rule. */ cdnFrontdoorRuleSetName?: pulumi.Input; /** * A `conditions` block as defined below. */ conditions?: pulumi.Input; /** * The name which should be used for this Front Door Rule. Possible values must be between 1 and 260 characters in length, begin with a letter and may contain only letters and numbers. Changing this forces a new Front Door Rule to be created. */ name?: pulumi.Input; /** * The order in which the rules will be applied for the Front Door Endpoint. The order value should be sequential and begin at `1`(e.g. `1`, `2`, `3`...). A Front Door Rule with a lesser order value will be applied before a rule with a greater order value. * * > **Note:** If the Front Door Rule has an order value of `0` they do not require any conditions and the actions will always be applied. */ order?: pulumi.Input; } /** * The set of arguments for constructing a FrontdoorRule resource. */ export interface FrontdoorRuleArgs { /** * An `actions` block as defined below. */ actions: pulumi.Input; /** * If this rule is a match should the rules engine continue processing the remaining rules or stop? Possible values are `Continue` and `Stop`. Defaults to `Continue`. */ behaviorOnMatch?: pulumi.Input; /** * The resource ID of the Front Door Rule Set for this Front Door Rule. Changing this forces a new Front Door Rule to be created. */ cdnFrontdoorRuleSetId: pulumi.Input; /** * A `conditions` block as defined below. */ conditions?: pulumi.Input; /** * The name which should be used for this Front Door Rule. Possible values must be between 1 and 260 characters in length, begin with a letter and may contain only letters and numbers. Changing this forces a new Front Door Rule to be created. */ name?: pulumi.Input; /** * The order in which the rules will be applied for the Front Door Endpoint. The order value should be sequential and begin at `1`(e.g. `1`, `2`, `3`...). A Front Door Rule with a lesser order value will be applied before a rule with a greater order value. * * > **Note:** If the Front Door Rule has an order value of `0` they do not require any conditions and the actions will always be applied. */ order: pulumi.Input; }