import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as cloudflare from "@pulumi/cloudflare"; * * const exampleZeroTrustGatewayPolicy = new cloudflare.ZeroTrustGatewayPolicy("example_zero_trust_gateway_policy", { * accountId: "699d98642c564d2e855e9661899b7252", * action: "allow", * name: "block bad websites", * description: "Block bad websites based on their host name.", * devicePosture: "any(device_posture.checks.passed[*] in {\"1308749e-fcfb-4ebc-b051-fe022b632644\"})", * enabled: true, * expiration: { * expiresAt: "2014-01-01T05:20:20Z", * duration: 10, * }, * filters: ["http"], * identity: "any(identity.groups.name[*] in {\"finance\"})", * precedence: 0, * ruleSettings: { * addHeaders: { * "My-Next-Header": [ * "foo", * "bar", * ], * "X-Custom-Header-Name": ["somecustomvalue"], * }, * allowChildBypass: false, * auditSsh: { * commandLogging: false, * }, * bisoAdminControls: { * copy: "remote_only", * dcp: true, * dd: true, * dk: true, * download: "enabled", * dp: false, * du: true, * keyboard: "enabled", * paste: "enabled", * printing: "enabled", * upload: "enabled", * version: "v1", * }, * blockPage: { * targetUri: "https://example.com", * includeContext: true, * }, * blockPageEnabled: true, * blockReason: "This website is a security risk", * bypassParentRule: false, * checkSession: { * duration: "300s", * enforce: true, * }, * dnsResolvers: { * ipv4s: [{ * ip: "2.2.2.2", * port: 5053, * routeThroughPrivateNetwork: true, * vnetId: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", * }], * ipv6s: [{ * ip: "2001:DB8::", * port: 5053, * routeThroughPrivateNetwork: true, * vnetId: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", * }], * }, * egress: { * ipv4: "192.0.2.2", * ipv4Fallback: "192.0.2.3", * ipv6: "2001:DB8::/64", * }, * forensicCopy: { * enabled: true, * }, * ignoreCnameCategoryMatches: true, * insecureDisableDnssecValidation: false, * ipCategories: true, * ipIndicatorFeeds: true, * l4override: { * ip: "1.1.1.1", * port: 0, * }, * notificationSettings: { * enabled: true, * includeContext: true, * msg: "msg", * supportUrl: "support_url", * }, * overrideHost: "example.com", * overrideIps: [ * "1.1.1.1", * "2.2.2.2", * ], * payloadLog: { * enabled: true, * }, * quarantine: { * fileTypes: ["exe"], * }, * redirect: { * targetUri: "https://example.com", * includeContext: true, * preservePathAndQuery: true, * }, * resolveDnsInternally: { * fallback: "none", * viewId: "view_id", * }, * resolveDnsThroughCloudflare: true, * untrustedCert: { * action: "error", * }, * }, * schedule: { * fri: "08:00-12:30,13:30-17:00", * mon: "08:00-12:30,13:30-17:00", * sat: "08:00-12:30,13:30-17:00", * sun: "08:00-12:30,13:30-17:00", * thu: "08:00-12:30,13:30-17:00", * timeZone: "America/New York", * tue: "08:00-12:30,13:30-17:00", * wed: "08:00-12:30,13:30-17:00", * }, * traffic: "http.request.uri matches \".*a/partial/uri.*\" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10", * }); * ``` * * ## Import * * ```sh * $ pulumi import cloudflare:index/zeroTrustGatewayPolicy:ZeroTrustGatewayPolicy example '/' * ``` */ export declare class ZeroTrustGatewayPolicy extends pulumi.CustomResource { /** * Get an existing ZeroTrustGatewayPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ZeroTrustGatewayPolicyState, opts?: pulumi.CustomResourceOptions): ZeroTrustGatewayPolicy; /** * Returns true if the given object is an instance of ZeroTrustGatewayPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ZeroTrustGatewayPolicy; readonly accountId: pulumi.Output; /** * Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to `true`. * Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4Override", "egress", "resolve", "quarantine", "redirect". */ readonly action: pulumi.Output; readonly createdAt: pulumi.Output; /** * Indicate the date of deletion, if any. */ readonly deletedAt: pulumi.Output; /** * Specify the rule description. */ readonly description: pulumi.Output; readonly devicePosture: pulumi.Output; /** * Specify whether the rule is enabled. */ readonly enabled: pulumi.Output; /** * Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's `schedule` configuration, if any. This does not apply to HTTP or network policies. Settable only for `dns` rules. */ readonly expiration: pulumi.Output; /** * Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions. Can only contain a single value. */ readonly filters: pulumi.Output; readonly identity: pulumi.Output; /** * Specify the rule name. */ readonly name: pulumi.Output; readonly precedence: pulumi.Output; /** * Indicate that this rule is shared via the Orgs API and read only. */ readonly readOnly: pulumi.Output; readonly ruleSettings: pulumi.Output; /** * Defines the schedule for activating DNS policies. Settable only for `dns` and `dnsResolver` rules. */ readonly schedule: pulumi.Output; /** * Indicate that this rule is sharable via the Orgs API. */ readonly sharable: pulumi.Output; /** * Provide the account tag of the account that created the rule. */ readonly sourceAccount: pulumi.Output; readonly traffic: pulumi.Output; readonly updatedAt: pulumi.Output; /** * Indicate the version number of the rule(read-only). */ readonly version: pulumi.Output; /** * Indicate a warning for a misconfigured rule, if any. */ readonly warningStatus: pulumi.Output; /** * Create a ZeroTrustGatewayPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ZeroTrustGatewayPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ZeroTrustGatewayPolicy resources. */ export interface ZeroTrustGatewayPolicyState { accountId?: pulumi.Input; /** * Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to `true`. * Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4Override", "egress", "resolve", "quarantine", "redirect". */ action?: pulumi.Input; createdAt?: pulumi.Input; /** * Indicate the date of deletion, if any. */ deletedAt?: pulumi.Input; /** * Specify the rule description. */ description?: pulumi.Input; devicePosture?: pulumi.Input; /** * Specify whether the rule is enabled. */ enabled?: pulumi.Input; /** * Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's `schedule` configuration, if any. This does not apply to HTTP or network policies. Settable only for `dns` rules. */ expiration?: pulumi.Input; /** * Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions. Can only contain a single value. */ filters?: pulumi.Input[]>; identity?: pulumi.Input; /** * Specify the rule name. */ name?: pulumi.Input; precedence?: pulumi.Input; /** * Indicate that this rule is shared via the Orgs API and read only. */ readOnly?: pulumi.Input; ruleSettings?: pulumi.Input; /** * Defines the schedule for activating DNS policies. Settable only for `dns` and `dnsResolver` rules. */ schedule?: pulumi.Input; /** * Indicate that this rule is sharable via the Orgs API. */ sharable?: pulumi.Input; /** * Provide the account tag of the account that created the rule. */ sourceAccount?: pulumi.Input; traffic?: pulumi.Input; updatedAt?: pulumi.Input; /** * Indicate the version number of the rule(read-only). */ version?: pulumi.Input; /** * Indicate a warning for a misconfigured rule, if any. */ warningStatus?: pulumi.Input; } /** * The set of arguments for constructing a ZeroTrustGatewayPolicy resource. */ export interface ZeroTrustGatewayPolicyArgs { accountId: pulumi.Input; /** * Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to `true`. * Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4Override", "egress", "resolve", "quarantine", "redirect". */ action: pulumi.Input; /** * Specify the rule description. */ description?: pulumi.Input; devicePosture?: pulumi.Input; /** * Specify whether the rule is enabled. */ enabled?: pulumi.Input; /** * Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's `schedule` configuration, if any. This does not apply to HTTP or network policies. Settable only for `dns` rules. */ expiration?: pulumi.Input; /** * Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions. Can only contain a single value. */ filters?: pulumi.Input[]>; identity?: pulumi.Input; /** * Specify the rule name. */ name: pulumi.Input; precedence?: pulumi.Input; ruleSettings?: pulumi.Input; /** * Defines the schedule for activating DNS policies. Settable only for `dns` and `dnsResolver` rules. */ schedule?: pulumi.Input; traffic?: pulumi.Input; }