import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as cloudflare from "@pulumi/cloudflare"; * * const exampleZeroTrustAccessApplication = cloudflare.getZeroTrustAccessApplication({ * appId: "023e105f4ecef8ad9ca31a8372d0c353", * accountId: "account_id", * zoneId: "zone_id", * }); * ``` */ export declare function getZeroTrustAccessApplication(args?: GetZeroTrustAccessApplicationArgs, opts?: pulumi.InvokeOptions): Promise; /** * A collection of arguments for invoking getZeroTrustAccessApplication. */ export interface GetZeroTrustAccessApplicationArgs { /** * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. */ accountId?: string; /** * Identifier. */ appId?: string; filter?: inputs.GetZeroTrustAccessApplicationFilter; /** * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. */ zoneId?: string; } /** * A collection of values returned by getZeroTrustAccessApplication. */ export interface GetZeroTrustAccessApplicationResult { /** * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. */ readonly accountId?: string; /** * When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication. */ readonly allowAuthenticateViaWarp: boolean; /** * Enables loading application content in an iFrame. */ readonly allowIframe: boolean; /** * The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account. */ readonly allowedIdps: string[]; /** * Identifier. */ readonly appId?: string; /** * The image URL of the logo shown in the App Launcher header. */ readonly appLauncherLogoUrl: string; /** * Displays the application in the App Launcher. */ readonly appLauncherVisible: boolean; /** * Audience tag. */ readonly aud: string; /** * When set to `true`, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. */ readonly autoRedirectToIdentity: boolean; /** * The background color of the App Launcher page. */ readonly bgColor: string; readonly corsHeaders: outputs.GetZeroTrustAccessApplicationCorsHeaders; readonly createdAt: string; /** * The custom error message shown to a user when they are denied access to the application. */ readonly customDenyMessage: string; /** * The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules. */ readonly customDenyUrl: string; /** * The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules. */ readonly customNonIdentityDenyUrl: string; /** * The custom pages that will be displayed when applicable for this application */ readonly customPages: string[]; /** * List of destinations secured by Access. This supersedes `selfHostedDomains` to allow for more flexibility in defining different types of domains. If `destinations` are provided, then `selfHostedDomains` will be ignored. */ readonly destinations: outputs.GetZeroTrustAccessApplicationDestination[]; /** * The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher. */ readonly domain: string; /** * Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. */ readonly enableBindingCookie: boolean; readonly filter?: outputs.GetZeroTrustAccessApplicationFilter; /** * The links in the App Launcher footer. */ readonly footerLinks: outputs.GetZeroTrustAccessApplicationFooterLink[]; /** * The background color of the App Launcher header. */ readonly headerBgColor: string; /** * Enables the HttpOnly cookie attribute, which increases security against XSS attacks. */ readonly httpOnlyCookieAttribute: boolean; /** * Identifier. */ readonly id: string; /** * The design of the App Launcher landing page shown to users when they log in. */ readonly landingPageDesign: outputs.GetZeroTrustAccessApplicationLandingPageDesign; /** * The image URL for the logo shown in the App Launcher dashboard. */ readonly logoUrl: string; /** * The name of the application. */ readonly name: string; /** * Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if corsHeaders is set. */ readonly optionsPreflightBypass: boolean; /** * Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default */ readonly pathCookieAttribute: boolean; readonly policies: outputs.GetZeroTrustAccessApplicationPolicy[]; /** * Allows matching Access Service Tokens passed HTTP in a single header with this name. * This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. * The header value will be interpreted as a json object similar to: * { * "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", * "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" * } */ readonly readServiceTokensFromHeader: string; readonly saasApp: outputs.GetZeroTrustAccessApplicationSaasApp; /** * Sets the SameSite cookie setting, which provides increased security against CSRF attacks. */ readonly sameSiteCookieAttribute: string; /** * Configuration for provisioning to this application via SCIM. This is currently in closed beta. */ readonly scimConfig: outputs.GetZeroTrustAccessApplicationScimConfig; /** * List of public domains that Access will secure. This field is deprecated in favor of `destinations` and will be supported until **November 21, 2025.** If `destinations` are provided, then `selfHostedDomains` will be ignored. * * @deprecated This attribute is deprecated. */ readonly selfHostedDomains: string[]; /** * Returns a 401 status code when the request is blocked by a Service Auth policy. */ readonly serviceAuth401Redirect: boolean; /** * The amount of time that tokens issued for this application will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. Note: unsupported for infrastructure type applications. */ readonly sessionDuration: string; /** * Determines when to skip the App Launcher landing page. */ readonly skipAppLauncherLoginPage: boolean; /** * Enables automatic authentication through cloudflared. */ readonly skipInterstitial: boolean; /** * The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard. */ readonly tags: string[]; readonly targetCriterias: outputs.GetZeroTrustAccessApplicationTargetCriteria[]; /** * The application type. */ readonly type: string; readonly updatedAt: string; /** * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. */ readonly zoneId?: string; } /** * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as cloudflare from "@pulumi/cloudflare"; * * const exampleZeroTrustAccessApplication = cloudflare.getZeroTrustAccessApplication({ * appId: "023e105f4ecef8ad9ca31a8372d0c353", * accountId: "account_id", * zoneId: "zone_id", * }); * ``` */ export declare function getZeroTrustAccessApplicationOutput(args?: GetZeroTrustAccessApplicationOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output; /** * A collection of arguments for invoking getZeroTrustAccessApplication. */ export interface GetZeroTrustAccessApplicationOutputArgs { /** * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. */ accountId?: pulumi.Input; /** * Identifier. */ appId?: pulumi.Input; filter?: pulumi.Input; /** * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. */ zoneId?: pulumi.Input; }