import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * > If 'application_id' is omitted, the policy created can be reused by multiple access applications. * Any `cloudflare.ZeroTrustAccessApplication` resource can reference reusable policies through its `policies` argument. * To destroy a reusable policy and remove it from all applications' policies lists on the same apply, preemptively set the * lifecycle option `createBeforeDestroy` to true on the 'cloudflare_zero_trust_access_policy' resource. * * ## Import * * ```sh * $ pulumi import cloudflare:index/zeroTrustAccessPolicy:ZeroTrustAccessPolicy example '/' * ``` */ export declare class ZeroTrustAccessPolicy extends pulumi.CustomResource { /** * Get an existing ZeroTrustAccessPolicy resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ZeroTrustAccessPolicyState, opts?: pulumi.CustomResourceOptions): ZeroTrustAccessPolicy; /** * Returns true if the given object is an instance of ZeroTrustAccessPolicy. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ZeroTrustAccessPolicy; /** * Identifier. */ readonly accountId: pulumi.Output; /** * Number of access applications currently using this policy. */ readonly appCount: pulumi.Output; /** * Administrators who can approve a temporary authentication request. */ readonly approvalGroups: pulumi.Output; /** * Requires the user to request access from an administrator at the start of each session. */ readonly approvalRequired: pulumi.Output; readonly createdAt: pulumi.Output; /** * The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. * Available values: "allow", "deny", "nonIdentity", "bypass". */ readonly decision: pulumi.Output; /** * Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules. */ readonly excludes: pulumi.Output; /** * Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules. */ readonly includes: pulumi.Output; /** * Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature. */ readonly isolationRequired: pulumi.Output; /** * The name of the Access policy. */ readonly name: pulumi.Output; /** * A custom message that will appear on the purpose justification screen. */ readonly purposeJustificationPrompt: pulumi.Output; /** * Require users to enter a justification when they log in to the application. */ readonly purposeJustificationRequired: pulumi.Output; /** * Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules. */ readonly requires: pulumi.Output; readonly reusable: pulumi.Output; /** * The amount of time that tokens issued for the application will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. */ readonly sessionDuration: pulumi.Output; readonly updatedAt: pulumi.Output; /** * Create a ZeroTrustAccessPolicy resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ZeroTrustAccessPolicyArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ZeroTrustAccessPolicy resources. */ export interface ZeroTrustAccessPolicyState { /** * Identifier. */ accountId?: pulumi.Input; /** * Number of access applications currently using this policy. */ appCount?: pulumi.Input; /** * Administrators who can approve a temporary authentication request. */ approvalGroups?: pulumi.Input[]>; /** * Requires the user to request access from an administrator at the start of each session. */ approvalRequired?: pulumi.Input; createdAt?: pulumi.Input; /** * The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. * Available values: "allow", "deny", "nonIdentity", "bypass". */ decision?: pulumi.Input; /** * Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules. */ excludes?: pulumi.Input[]>; /** * Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules. */ includes?: pulumi.Input[]>; /** * Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature. */ isolationRequired?: pulumi.Input; /** * The name of the Access policy. */ name?: pulumi.Input; /** * A custom message that will appear on the purpose justification screen. */ purposeJustificationPrompt?: pulumi.Input; /** * Require users to enter a justification when they log in to the application. */ purposeJustificationRequired?: pulumi.Input; /** * Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules. */ requires?: pulumi.Input[]>; reusable?: pulumi.Input; /** * The amount of time that tokens issued for the application will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. */ sessionDuration?: pulumi.Input; updatedAt?: pulumi.Input; } /** * The set of arguments for constructing a ZeroTrustAccessPolicy resource. */ export interface ZeroTrustAccessPolicyArgs { /** * Identifier. */ accountId: pulumi.Input; /** * Administrators who can approve a temporary authentication request. */ approvalGroups?: pulumi.Input[]>; /** * Requires the user to request access from an administrator at the start of each session. */ approvalRequired?: pulumi.Input; /** * The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. * Available values: "allow", "deny", "nonIdentity", "bypass". */ decision: pulumi.Input; /** * Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules. */ excludes?: pulumi.Input[]>; /** * Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules. */ includes?: pulumi.Input[]>; /** * Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature. */ isolationRequired?: pulumi.Input; /** * The name of the Access policy. */ name: pulumi.Input; /** * A custom message that will appear on the purpose justification screen. */ purposeJustificationPrompt?: pulumi.Input; /** * Require users to enter a justification when they log in to the application. */ purposeJustificationRequired?: pulumi.Input; /** * Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules. */ requires?: pulumi.Input[]>; /** * The amount of time that tokens issued for the application will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. */ sessionDuration?: pulumi.Input; }