import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as cloudflare from "@pulumi/cloudflare"; * * const exampleZeroTrustGatewayPolicy = new cloudflare.ZeroTrustGatewayPolicy("example_zero_trust_gateway_policy", { * accountId: "699d98642c564d2e855e9661899b7252", * action: "allow", * name: "block bad websites", * description: "Block bad websites based on their host name.", * devicePosture: "any(device_posture.checks.passed[*] in {\"1308749e-fcfb-4ebc-b051-fe022b632644\"})", * enabled: true, * expiration: { * expiresAt: "2014-01-01T05:20:20Z", * duration: 10, * }, * filters: ["http"], * identity: "any(identity.groups.name[*] in {\"finance\"})", * precedence: 0, * ruleSettings: { * addHeaders: { * "My-Next-Header": [ * "foo", * "bar", * ], * "X-Custom-Header-Name": ["somecustomvalue"], * }, * allowChildBypass: false, * auditSsh: { * commandLogging: false, * }, * bisoAdminControls: { * copy: "remote_only", * dcp: true, * dd: true, * dk: true, * download: "enabled", * dp: false, * du: true, * keyboard: "enabled", * paste: "enabled", * printing: "enabled", * upload: "enabled", * version: "v1", * }, * blockPage: { * targetUri: "https://example.com", * includeContext: true, * }, * blockPageEnabled: true, * blockReason: "This website is a security risk", * bypassParentRule: false, * checkSession: { * duration: "300s", * enforce: true, * }, * dnsResolvers: { * ipv4s: [{ * ip: "2.2.2.2", * port: 5053, * routeThroughPrivateNetwork: true, * vnetId: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", * }], * ipv6s: [{ * ip: "2001:DB8::", * port: 5053, * routeThroughPrivateNetwork: true, * vnetId: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", * }], * }, * egress: { * ipv4: "192.0.2.2", * ipv4Fallback: "192.0.2.3", * ipv6: "2001:DB8::/64", * }, * forensicCopy: { * enabled: true, * }, * ignoreCnameCategoryMatches: true, * insecureDisableDnssecValidation: false, * ipCategories: true, * ipIndicatorFeeds: true, * l4override: { * ip: "1.1.1.1", * port: 0, * }, * notificationSettings: { * enabled: true, * includeContext: true, * msg: "msg", * supportUrl: "support_url", * }, * overrideHost: "example.com", * overrideIps: [ * "1.1.1.1", * "2.2.2.2", * ], * payloadLog: { * enabled: true, * }, * quarantine: { * fileTypes: ["exe"], * }, * redirect: { * targetUri: "https://example.com", * includeContext: true, * preservePathAndQuery: true, * }, * resolveDnsInternally: { * fallback: "none", * viewId: "view_id", * }, * resolveDnsThroughCloudflare: true, * untrustedCert: { * action: "error", * }, * }, * schedule: { * fri: "08:00-12:30,13:30-17:00", * mon: "08:00-12:30,13:30-17:00", * sat: "08:00-12:30,13:30-17:00", * sun: "08:00-12:30,13:30-17:00", * thu: "08:00-12:30,13:30-17:00", * timeZone: "America/New York", * tue: "08:00-12:30,13:30-17:00", * wed: "08:00-12:30,13:30-17:00", * }, * traffic: "http.request.uri matches \".*a/partial/uri.*\" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10", * }); * ``` * * ## Import * * ```sh * $ pulumi import cloudflare:index/teamsRule:TeamsRule example '/' * ``` * * @deprecated cloudflare.index/teamsrule.TeamsRule has been deprecated in favor of cloudflare.index/zerotrustgatewaypolicy.ZeroTrustGatewayPolicy */ export declare class TeamsRule extends pulumi.CustomResource { /** * Get an existing TeamsRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: TeamsRuleState, opts?: pulumi.CustomResourceOptions): TeamsRule; /** * Returns true if the given object is an instance of TeamsRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is TeamsRule; readonly accountId: pulumi.Output; /** * Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to `true`. * Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4Override", "egress", "resolve", "quarantine", "redirect". */ readonly action: pulumi.Output; readonly createdAt: pulumi.Output; /** * Indicate the date of deletion, if any. */ readonly deletedAt: pulumi.Output; /** * Specify the rule description. */ readonly description: pulumi.Output; /** * Specify the wirefilter expression used for device posture check. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response. */ readonly devicePosture: pulumi.Output; /** * Specify whether the rule is enabled. */ readonly enabled: pulumi.Output; /** * Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's `schedule` configuration, if any. This does not apply to HTTP or network policies. Settable only for `dns` rules. */ readonly expiration: pulumi.Output; /** * Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions. Can only contain a single value. */ readonly filters: pulumi.Output; /** * Specify the wirefilter expression used for identity matching. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response. */ readonly identity: pulumi.Output; /** * Specify the rule name. */ readonly name: pulumi.Output; /** * Set the order of your rules. Lower values indicate higher precedence. At each processing phase, evaluate applicable rules in ascending order of this value. Refer to Order of enforcement to manage precedence via Terraform. */ readonly precedence: pulumi.Output; /** * Indicate that this rule is shared via the Orgs API and read only. */ readonly readOnly: pulumi.Output; /** * Defines settings for this rule. Settings apply only to specific rule types and must use compatible selectors. If Terraform detects drift, confirm the setting supports your rule type and check whether the API modifies the value. Use API-returned values in your configuration to prevent drift. */ readonly ruleSettings: pulumi.Output; /** * Defines the schedule for activating DNS policies. Settable only for `dns` and `dnsResolver` rules. */ readonly schedule: pulumi.Output; /** * Indicate that this rule is sharable via the Orgs API. */ readonly sharable: pulumi.Output; /** * Provide the account tag of the account that created the rule. */ readonly sourceAccount: pulumi.Output; /** * Specify the wirefilter expression used for traffic matching. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response. */ readonly traffic: pulumi.Output; readonly updatedAt: pulumi.Output; /** * Indicate the version number of the rule(read-only). */ readonly version: pulumi.Output; /** * Indicate a warning for a misconfigured rule, if any. */ readonly warningStatus: pulumi.Output; /** * Create a TeamsRule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ /** @deprecated cloudflare.index/teamsrule.TeamsRule has been deprecated in favor of cloudflare.index/zerotrustgatewaypolicy.ZeroTrustGatewayPolicy */ constructor(name: string, args: TeamsRuleArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering TeamsRule resources. */ export interface TeamsRuleState { accountId?: pulumi.Input; /** * Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to `true`. * Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4Override", "egress", "resolve", "quarantine", "redirect". */ action?: pulumi.Input; createdAt?: pulumi.Input; /** * Indicate the date of deletion, if any. */ deletedAt?: pulumi.Input; /** * Specify the rule description. */ description?: pulumi.Input; /** * Specify the wirefilter expression used for device posture check. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response. */ devicePosture?: pulumi.Input; /** * Specify whether the rule is enabled. */ enabled?: pulumi.Input; /** * Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's `schedule` configuration, if any. This does not apply to HTTP or network policies. Settable only for `dns` rules. */ expiration?: pulumi.Input; /** * Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions. Can only contain a single value. */ filters?: pulumi.Input[]>; /** * Specify the wirefilter expression used for identity matching. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response. */ identity?: pulumi.Input; /** * Specify the rule name. */ name?: pulumi.Input; /** * Set the order of your rules. Lower values indicate higher precedence. At each processing phase, evaluate applicable rules in ascending order of this value. Refer to Order of enforcement to manage precedence via Terraform. */ precedence?: pulumi.Input; /** * Indicate that this rule is shared via the Orgs API and read only. */ readOnly?: pulumi.Input; /** * Defines settings for this rule. Settings apply only to specific rule types and must use compatible selectors. If Terraform detects drift, confirm the setting supports your rule type and check whether the API modifies the value. Use API-returned values in your configuration to prevent drift. */ ruleSettings?: pulumi.Input; /** * Defines the schedule for activating DNS policies. Settable only for `dns` and `dnsResolver` rules. */ schedule?: pulumi.Input; /** * Indicate that this rule is sharable via the Orgs API. */ sharable?: pulumi.Input; /** * Provide the account tag of the account that created the rule. */ sourceAccount?: pulumi.Input; /** * Specify the wirefilter expression used for traffic matching. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response. */ traffic?: pulumi.Input; updatedAt?: pulumi.Input; /** * Indicate the version number of the rule(read-only). */ version?: pulumi.Input; /** * Indicate a warning for a misconfigured rule, if any. */ warningStatus?: pulumi.Input; } /** * The set of arguments for constructing a TeamsRule resource. */ export interface TeamsRuleArgs { accountId: pulumi.Input; /** * Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to `true`. * Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", "l4Override", "egress", "resolve", "quarantine", "redirect". */ action: pulumi.Input; /** * Specify the rule description. */ description?: pulumi.Input; /** * Specify the wirefilter expression used for device posture check. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response. */ devicePosture?: pulumi.Input; /** * Specify whether the rule is enabled. */ enabled?: pulumi.Input; /** * Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's `schedule` configuration, if any. This does not apply to HTTP or network policies. Settable only for `dns` rules. */ expiration?: pulumi.Input; /** * Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions. Can only contain a single value. */ filters?: pulumi.Input[]>; /** * Specify the wirefilter expression used for identity matching. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response. */ identity?: pulumi.Input; /** * Specify the rule name. */ name: pulumi.Input; /** * Set the order of your rules. Lower values indicate higher precedence. At each processing phase, evaluate applicable rules in ascending order of this value. Refer to Order of enforcement to manage precedence via Terraform. */ precedence?: pulumi.Input; /** * Defines settings for this rule. Settings apply only to specific rule types and must use compatible selectors. If Terraform detects drift, confirm the setting supports your rule type and check whether the API modifies the value. Use API-returned values in your configuration to prevent drift. */ ruleSettings?: pulumi.Input; /** * Defines the schedule for activating DNS policies. Settable only for `dns` and `dnsResolver` rules. */ schedule?: pulumi.Input; /** * Specify the wirefilter expression used for traffic matching. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response. */ traffic?: pulumi.Input; }