import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as cloudflare from "@pulumi/cloudflare"; * * const exampleZeroTrustAccessPolicy = new cloudflare.ZeroTrustAccessPolicy("example_zero_trust_access_policy", { * accountId: "023e105f4ecef8ad9ca31a8372d0c353", * decision: "allow", * includes: [{ * group: { * id: "aa0a4aab-672b-4bdb-bc33-a59f1130a11f", * }, * }], * name: "Allow devs", * approvalGroups: [ * { * approvalsNeeded: 1, * emailAddresses: [ * "test1@cloudflare.com", * "test2@cloudflare.com", * ], * emailListUuid: "email_list_uuid", * }, * { * approvalsNeeded: 3, * emailAddresses: [ * "test@cloudflare.com", * "test2@cloudflare.com", * ], * emailListUuid: "597147a1-976b-4ef2-9af0-81d5d007fc34", * }, * ], * approvalRequired: true, * excludes: [{ * group: { * id: "aa0a4aab-672b-4bdb-bc33-a59f1130a11f", * }, * }], * isolationRequired: false, * purposeJustificationPrompt: "Please enter a justification for entering this protected domain.", * purposeJustificationRequired: true, * requires: [{ * group: { * id: "aa0a4aab-672b-4bdb-bc33-a59f1130a11f", * }, * }], * sessionDuration: "24h", * }); * ``` * * ## Import * * ```sh * $ pulumi import cloudflare:index/accessPolicy:AccessPolicy example '/' * ``` * * @deprecated cloudflare.index/accesspolicy.AccessPolicy has been deprecated in favor of cloudflare.index/zerotrustaccesspolicy.ZeroTrustAccessPolicy */ export declare class AccessPolicy extends pulumi.CustomResource { /** * Get an existing AccessPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: AccessPolicyState, opts?: pulumi.CustomResourceOptions): AccessPolicy; /** * Returns true if the given object is an instance of AccessPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is AccessPolicy; /** * Identifier. */ readonly accountId: pulumi.Output; /** * Administrators who can approve a temporary authentication request. */ readonly approvalGroups: pulumi.Output; /** * Requires the user to request access from an administrator at the start of each session. */ readonly approvalRequired: pulumi.Output; /** * The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. * Available values: "allow", "deny", "nonIdentity", "bypass". */ readonly decision: pulumi.Output; /** * Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules. */ readonly excludes: pulumi.Output; /** * Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules. */ readonly includes: pulumi.Output; /** * Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature. */ readonly isolationRequired: pulumi.Output; /** * The name of the Access policy. */ readonly name: pulumi.Output; /** * A custom message that will appear on the purpose justification screen. */ readonly purposeJustificationPrompt: pulumi.Output; /** * Require users to enter a justification when they log in to the application. */ readonly purposeJustificationRequired: pulumi.Output; /** * Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules. */ readonly requires: pulumi.Output; /** * The amount of time that tokens issued for the application will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. */ readonly sessionDuration: pulumi.Output; /** * Create a AccessPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ /** @deprecated cloudflare.index/accesspolicy.AccessPolicy has been deprecated in favor of cloudflare.index/zerotrustaccesspolicy.ZeroTrustAccessPolicy */ constructor(name: string, args: AccessPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering AccessPolicy resources. */ export interface AccessPolicyState { /** * Identifier. */ accountId?: pulumi.Input; /** * Administrators who can approve a temporary authentication request. */ approvalGroups?: pulumi.Input[]>; /** * Requires the user to request access from an administrator at the start of each session. */ approvalRequired?: pulumi.Input; /** * The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. * Available values: "allow", "deny", "nonIdentity", "bypass". */ decision?: pulumi.Input; /** * Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules. */ excludes?: pulumi.Input[]>; /** * Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules. */ includes?: pulumi.Input[]>; /** * Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature. */ isolationRequired?: pulumi.Input; /** * The name of the Access policy. */ name?: pulumi.Input; /** * A custom message that will appear on the purpose justification screen. */ purposeJustificationPrompt?: pulumi.Input; /** * Require users to enter a justification when they log in to the application. */ purposeJustificationRequired?: pulumi.Input; /** * Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules. */ requires?: pulumi.Input[]>; /** * The amount of time that tokens issued for the application will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. */ sessionDuration?: pulumi.Input; } /** * The set of arguments for constructing a AccessPolicy resource. */ export interface AccessPolicyArgs { /** * Identifier. */ accountId: pulumi.Input; /** * Administrators who can approve a temporary authentication request. */ approvalGroups?: pulumi.Input[]>; /** * Requires the user to request access from an administrator at the start of each session. */ approvalRequired?: pulumi.Input; /** * The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. * Available values: "allow", "deny", "nonIdentity", "bypass". */ decision: pulumi.Input; /** * Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules. */ excludes?: pulumi.Input[]>; /** * Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules. */ includes?: pulumi.Input[]>; /** * Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature. */ isolationRequired?: pulumi.Input; /** * The name of the Access policy. */ name: pulumi.Input; /** * A custom message that will appear on the purpose justification screen. */ purposeJustificationPrompt?: pulumi.Input; /** * Require users to enter a justification when they log in to the application. */ purposeJustificationRequired?: pulumi.Input; /** * Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules. */ requires?: pulumi.Input[]>; /** * The amount of time that tokens issued for the application will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. */ sessionDuration?: pulumi.Input; }