import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * ## Example Usage * * ## Import * * ```sh * $ pulumi import cloudflare:index/zeroTrustAccessApplication:ZeroTrustAccessApplication example '<{accounts|zones}/{account_id|zone_id}>/' * ``` */ export declare class ZeroTrustAccessApplication extends pulumi.CustomResource { /** * Get an existing ZeroTrustAccessApplication resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ZeroTrustAccessApplicationState, opts?: pulumi.CustomResourceOptions): ZeroTrustAccessApplication; /** * Returns true if the given object is an instance of ZeroTrustAccessApplication. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ZeroTrustAccessApplication; /** * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. */ readonly accountId: pulumi.Output; /** * When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication. */ readonly allowAuthenticateViaWarp: pulumi.Output; /** * Enables loading application content in an iFrame. */ readonly allowIframe: pulumi.Output; /** * The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account. */ readonly allowedIdps: pulumi.Output; /** * The image URL of the logo shown in the App Launcher header. */ readonly appLauncherLogoUrl: pulumi.Output; /** * Displays the application in the App Launcher. */ readonly appLauncherVisible: pulumi.Output; /** * Audience tag. */ readonly aud: pulumi.Output; /** * When set to `true`, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. */ readonly autoRedirectToIdentity: pulumi.Output; /** * The background color of the App Launcher page. */ readonly bgColor: pulumi.Output; readonly corsHeaders: pulumi.Output; readonly createdAt: pulumi.Output; /** * The custom error message shown to a user when they are denied access to the application. */ readonly customDenyMessage: pulumi.Output; /** * The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules. */ readonly customDenyUrl: pulumi.Output; /** * The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules. */ readonly customNonIdentityDenyUrl: pulumi.Output; /** * The custom pages that will be displayed when applicable for this application */ readonly customPages: pulumi.Output; /** * List of destinations secured by Access. This supersedes `selfHostedDomains` to allow for more flexibility in defining different types of domains. If `destinations` are provided, then `selfHostedDomains` will be ignored. */ readonly destinations: pulumi.Output; /** * The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher. */ readonly domain: pulumi.Output; /** * Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. */ readonly enableBindingCookie: pulumi.Output; /** * The links in the App Launcher footer. */ readonly footerLinks: pulumi.Output; /** * The background color of the App Launcher header. */ readonly headerBgColor: pulumi.Output; /** * Enables the HttpOnly cookie attribute, which increases security against XSS attacks. */ readonly httpOnlyCookieAttribute: pulumi.Output; /** * The design of the App Launcher landing page shown to users when they log in. */ readonly landingPageDesign: pulumi.Output; /** * The image URL for the logo shown in the App Launcher dashboard. */ readonly logoUrl: pulumi.Output; /** * The name of the application. */ readonly name: pulumi.Output; /** * Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if corsHeaders is set. */ readonly optionsPreflightBypass: pulumi.Output; /** * Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default */ readonly pathCookieAttribute: pulumi.Output; /** * The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application. */ readonly policies: pulumi.Output; /** * Allows matching Access Service Tokens passed HTTP in a single header with this name. * This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. * The header value will be interpreted as a json object similar to: * { * "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", * "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" * } */ readonly readServiceTokensFromHeader: pulumi.Output; readonly saasApp: pulumi.Output; /** * Sets the SameSite cookie setting, which provides increased security against CSRF attacks. */ readonly sameSiteCookieAttribute: pulumi.Output; /** * Configuration for provisioning to this application via SCIM. This is currently in closed beta. */ readonly scimConfig: pulumi.Output; /** * List of public domains that Access will secure. This field is deprecated in favor of `destinations` and will be supported until **November 21, 2025.** If `destinations` are provided, then `selfHostedDomains` will be ignored. * * @deprecated This attribute is deprecated. */ readonly selfHostedDomains: pulumi.Output; /** * Returns a 401 status code when the request is blocked by a Service Auth policy. */ readonly serviceAuth401Redirect: pulumi.Output; /** * The amount of time that tokens issued for this application will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. Note: unsupported for infrastructure type applications. */ readonly sessionDuration: pulumi.Output; /** * Determines when to skip the App Launcher landing page. */ readonly skipAppLauncherLoginPage: pulumi.Output; /** * Enables automatic authentication through cloudflared. */ readonly skipInterstitial: pulumi.Output; /** * The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard. */ readonly tags: pulumi.Output; readonly targetCriterias: pulumi.Output; /** * The application type. */ readonly type: pulumi.Output; readonly updatedAt: pulumi.Output; /** * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. */ readonly zoneId: pulumi.Output; /** * Create a ZeroTrustAccessApplication resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: ZeroTrustAccessApplicationArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ZeroTrustAccessApplication resources. */ export interface ZeroTrustAccessApplicationState { /** * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. */ accountId?: pulumi.Input; /** * When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication. */ allowAuthenticateViaWarp?: pulumi.Input; /** * Enables loading application content in an iFrame. */ allowIframe?: pulumi.Input; /** * The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account. */ allowedIdps?: pulumi.Input[]>; /** * The image URL of the logo shown in the App Launcher header. */ appLauncherLogoUrl?: pulumi.Input; /** * Displays the application in the App Launcher. */ appLauncherVisible?: pulumi.Input; /** * Audience tag. */ aud?: pulumi.Input; /** * When set to `true`, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. */ autoRedirectToIdentity?: pulumi.Input; /** * The background color of the App Launcher page. */ bgColor?: pulumi.Input; corsHeaders?: pulumi.Input; createdAt?: pulumi.Input; /** * The custom error message shown to a user when they are denied access to the application. */ customDenyMessage?: pulumi.Input; /** * The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules. */ customDenyUrl?: pulumi.Input; /** * The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules. */ customNonIdentityDenyUrl?: pulumi.Input; /** * The custom pages that will be displayed when applicable for this application */ customPages?: pulumi.Input[]>; /** * List of destinations secured by Access. This supersedes `selfHostedDomains` to allow for more flexibility in defining different types of domains. If `destinations` are provided, then `selfHostedDomains` will be ignored. */ destinations?: pulumi.Input[]>; /** * The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher. */ domain?: pulumi.Input; /** * Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. */ enableBindingCookie?: pulumi.Input; /** * The links in the App Launcher footer. */ footerLinks?: pulumi.Input[]>; /** * The background color of the App Launcher header. */ headerBgColor?: pulumi.Input; /** * Enables the HttpOnly cookie attribute, which increases security against XSS attacks. */ httpOnlyCookieAttribute?: pulumi.Input; /** * The design of the App Launcher landing page shown to users when they log in. */ landingPageDesign?: pulumi.Input; /** * The image URL for the logo shown in the App Launcher dashboard. */ logoUrl?: pulumi.Input; /** * The name of the application. */ name?: pulumi.Input; /** * Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if corsHeaders is set. */ optionsPreflightBypass?: pulumi.Input; /** * Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default */ pathCookieAttribute?: pulumi.Input; /** * The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application. */ policies?: pulumi.Input[]>; /** * Allows matching Access Service Tokens passed HTTP in a single header with this name. * This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. * The header value will be interpreted as a json object similar to: * { * "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", * "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" * } */ readServiceTokensFromHeader?: pulumi.Input; saasApp?: pulumi.Input; /** * Sets the SameSite cookie setting, which provides increased security against CSRF attacks. */ sameSiteCookieAttribute?: pulumi.Input; /** * Configuration for provisioning to this application via SCIM. This is currently in closed beta. */ scimConfig?: pulumi.Input; /** * List of public domains that Access will secure. This field is deprecated in favor of `destinations` and will be supported until **November 21, 2025.** If `destinations` are provided, then `selfHostedDomains` will be ignored. * * @deprecated This attribute is deprecated. */ selfHostedDomains?: pulumi.Input[]>; /** * Returns a 401 status code when the request is blocked by a Service Auth policy. */ serviceAuth401Redirect?: pulumi.Input; /** * The amount of time that tokens issued for this application will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. Note: unsupported for infrastructure type applications. */ sessionDuration?: pulumi.Input; /** * Determines when to skip the App Launcher landing page. */ skipAppLauncherLoginPage?: pulumi.Input; /** * Enables automatic authentication through cloudflared. */ skipInterstitial?: pulumi.Input; /** * The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard. */ tags?: pulumi.Input[]>; targetCriterias?: pulumi.Input[]>; /** * The application type. */ type?: pulumi.Input; updatedAt?: pulumi.Input; /** * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. */ zoneId?: pulumi.Input; } /** * The set of arguments for constructing a ZeroTrustAccessApplication resource. */ export interface ZeroTrustAccessApplicationArgs { /** * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. */ accountId?: pulumi.Input; /** * When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication. */ allowAuthenticateViaWarp?: pulumi.Input; /** * Enables loading application content in an iFrame. */ allowIframe?: pulumi.Input; /** * The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account. */ allowedIdps?: pulumi.Input[]>; /** * The image URL of the logo shown in the App Launcher header. */ appLauncherLogoUrl?: pulumi.Input; /** * Displays the application in the App Launcher. */ appLauncherVisible?: pulumi.Input; /** * When set to `true`, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. */ autoRedirectToIdentity?: pulumi.Input; /** * The background color of the App Launcher page. */ bgColor?: pulumi.Input; corsHeaders?: pulumi.Input; /** * The custom error message shown to a user when they are denied access to the application. */ customDenyMessage?: pulumi.Input; /** * The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules. */ customDenyUrl?: pulumi.Input; /** * The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules. */ customNonIdentityDenyUrl?: pulumi.Input; /** * The custom pages that will be displayed when applicable for this application */ customPages?: pulumi.Input[]>; /** * List of destinations secured by Access. This supersedes `selfHostedDomains` to allow for more flexibility in defining different types of domains. If `destinations` are provided, then `selfHostedDomains` will be ignored. */ destinations?: pulumi.Input[]>; /** * The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher. */ domain?: pulumi.Input; /** * Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. */ enableBindingCookie?: pulumi.Input; /** * The links in the App Launcher footer. */ footerLinks?: pulumi.Input[]>; /** * The background color of the App Launcher header. */ headerBgColor?: pulumi.Input; /** * Enables the HttpOnly cookie attribute, which increases security against XSS attacks. */ httpOnlyCookieAttribute?: pulumi.Input; /** * The design of the App Launcher landing page shown to users when they log in. */ landingPageDesign?: pulumi.Input; /** * The image URL for the logo shown in the App Launcher dashboard. */ logoUrl?: pulumi.Input; /** * The name of the application. */ name?: pulumi.Input; /** * Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if corsHeaders is set. */ optionsPreflightBypass?: pulumi.Input; /** * Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default */ pathCookieAttribute?: pulumi.Input; /** * The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application. */ policies?: pulumi.Input[]>; /** * Allows matching Access Service Tokens passed HTTP in a single header with this name. * This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. * The header value will be interpreted as a json object similar to: * { * "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com", * "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5" * } */ readServiceTokensFromHeader?: pulumi.Input; saasApp?: pulumi.Input; /** * Sets the SameSite cookie setting, which provides increased security against CSRF attacks. */ sameSiteCookieAttribute?: pulumi.Input; /** * Configuration for provisioning to this application via SCIM. This is currently in closed beta. */ scimConfig?: pulumi.Input; /** * List of public domains that Access will secure. This field is deprecated in favor of `destinations` and will be supported until **November 21, 2025.** If `destinations` are provided, then `selfHostedDomains` will be ignored. * * @deprecated This attribute is deprecated. */ selfHostedDomains?: pulumi.Input[]>; /** * Returns a 401 status code when the request is blocked by a Service Auth policy. */ serviceAuth401Redirect?: pulumi.Input; /** * The amount of time that tokens issued for this application will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. Note: unsupported for infrastructure type applications. */ sessionDuration?: pulumi.Input; /** * Determines when to skip the App Launcher landing page. */ skipAppLauncherLoginPage?: pulumi.Input; /** * Enables automatic authentication through cloudflared. */ skipInterstitial?: pulumi.Input; /** * The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard. */ tags?: pulumi.Input[]>; targetCriterias?: pulumi.Input[]>; /** * The application type. */ type?: pulumi.Input; /** * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. */ zoneId?: pulumi.Input; }