Package com.pulumi.cloudflare

Class AccessPolicy

  • public class AccessPolicy
extends com.pulumi.resources.CustomResource
    Provides a Cloudflare Access Policy resource. Access Policies are used in conjunction with Access Applications to restrict access to a particular resource. > It's required that an `account_id` or `zone_id` is provided and in most cases using either is fine. However, if you're using a scoped access token, you must provide the argument that matches the token's scope. For example, an access token that is scoped to the "example.com" zone needs to use the `zone_id` argument. ## Example Usage ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.cloudflare.AccessPolicy; import com.pulumi.cloudflare.AccessPolicyArgs; import com.pulumi.cloudflare.inputs.AccessPolicyIncludeArgs; import com.pulumi.cloudflare.inputs.AccessPolicyRequireArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var testPolicyAccessPolicy = new AccessPolicy("testPolicyAccessPolicy", AccessPolicyArgs.builder() .applicationId("cb029e245cfdd66dc8d2e570d5dd3322") .zoneId("0da42c8d2132a9ddaf714f9e7c920711") .name("staging policy") .precedence("1") .decision("allow") .includes(AccessPolicyIncludeArgs.builder() .emails("[email protected]") .build()) .requires(AccessPolicyRequireArgs.builder() .emails("[email protected]") .build()) .build()); var testPolicyIndex_accessPolicyAccessPolicy = new AccessPolicy("testPolicyIndex/accessPolicyAccessPolicy", AccessPolicyArgs.builder() .applicationId("cb029e245cfdd66dc8d2e570d5dd3322") .zoneId("0da42c8d2132a9ddaf714f9e7c920711") .name("staging policy") .precedence("1") .decision("allow") .includes(AccessPolicyIncludeArgs.builder() .emails("[email protected]") .build()) .requires(AccessPolicyRequireArgs.builder() .ips(var_.office_ip()) .build()) .build()); } } ``` ## Import Account level import. ```sh $ pulumi import cloudflare:index/accessPolicy:AccessPolicy example account/<account_id>/<application_id>/<policy_id> ``` Zone level import. ```sh $ pulumi import cloudflare:index/accessPolicy:AccessPolicy example zone/<zone_id>/<application_id>/<policy_id> ```

    • Nested Class Summary

      • Nested classes/interfaces inherited from class com.pulumi.resources.CustomResource

        com.pulumi.resources.CustomResource.CustomResourceInternal

      • Nested classes/interfaces inherited from class com.pulumi.resources.Resource

        com.pulumi.resources.Resource.LazyField<T extends java.lang.Object>, com.pulumi.resources.Resource.LazyFields, com.pulumi.resources.Resource.ResourceInternal

    • Field Summary

      • Fields inherited from class com.pulumi.resources.Resource

        childResources, remote

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      com.pulumi.core.Output<java.lang.String> accountId()  
      com.pulumi.core.Output<java.lang.String> applicationId()  
      com.pulumi.core.Output<java.util.Optional<java.util.List<AccessPolicyApprovalGroup>>> approvalGroups()  
      com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> approvalRequired()  
      com.pulumi.core.Output<java.lang.String> decision()  
      com.pulumi.core.Output<java.util.Optional<java.util.List<AccessPolicyExclude>>> excludes()  
      static AccessPolicy get​(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, AccessPolicyState state, com.pulumi.resources.CustomResourceOptions options)
      Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
      com.pulumi.core.Output<java.util.List<AccessPolicyInclude>> includes()  
      com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> isolationRequired()  
      com.pulumi.core.Output<java.lang.String> name()  
      com.pulumi.core.Output<java.lang.Integer> precedence()  
      com.pulumi.core.Output<java.util.Optional<java.lang.String>> purposeJustificationPrompt()  
      com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> purposeJustificationRequired()  
      com.pulumi.core.Output<java.util.Optional<java.util.List<AccessPolicyRequire>>> requires()  
      com.pulumi.core.Output<java.util.Optional<java.lang.String>> sessionDuration()  
      com.pulumi.core.Output<java.lang.String> zoneId()  

      • Methods inherited from class com.pulumi.resources.CustomResource

        getId, id, idFuture

      • Methods inherited from class com.pulumi.resources.Resource

        getChildResources, getResourceName, getResourceType, getUrn, pulumiChildResources, pulumiResourceName, pulumiResourceType, urn

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • AccessPolicy

        public AccessPolicy​(java.lang.String name)
        Parameters:
        name - The _unique_ name of the resulting resource.

      • AccessPolicy

        public AccessPolicy​(java.lang.String name,
                    AccessPolicyArgs args)
        Parameters:
        name - The _unique_ name of the resulting resource.
        args - The arguments to use to populate this resource's properties.

      • AccessPolicy

        public AccessPolicy​(java.lang.String name,
                    AccessPolicyArgs args,
                    @Nullable
                    com.pulumi.resources.CustomResourceOptions options)
        Parameters:
        name - The _unique_ name of the resulting resource.
        args - The arguments to use to populate this resource's properties.
        options - A bag of options that control this resource's behavior.

    • Method Detail

      • accountId

        public com.pulumi.core.Output<java.lang.String> accountId()
        Returns:
        The account identifier to target for the resource. Conflicts with `zone_id`.

      • applicationId

        public com.pulumi.core.Output<java.lang.String> applicationId()
        Returns:
        The ID of the application the policy is associated with.

      • approvalGroups

        public com.pulumi.core.Output<java.util.Optional<java.util.List<AccessPolicyApprovalGroup>>> approvalGroups()

      • approvalRequired

        public com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> approvalRequired()

      • decision

        public com.pulumi.core.Output<java.lang.String> decision()
        Returns:
        Defines the action Access will take if the policy matches the user. Available values: `allow`, `deny`, `non_identity`, `bypass`.

      • excludes

        public com.pulumi.core.Output<java.util.Optional<java.util.List<AccessPolicyExclude>>> excludes()
        Returns:
        A series of access conditions, see Access Groups.

      • includes

        public com.pulumi.core.Output<java.util.List<AccessPolicyInclude>> includes()
        Returns:
        A series of access conditions, see Access Groups.

      • isolationRequired

        public com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> isolationRequired()
        Returns:
        Require this application to be served in an isolated browser for users matching this policy.

      • name

        public com.pulumi.core.Output<java.lang.String> name()
        Returns:
        Friendly name of the Access Policy.

      • precedence

        public com.pulumi.core.Output<java.lang.Integer> precedence()
        Returns:
        The unique precedence for policies on a single application.

      • purposeJustificationPrompt

        public com.pulumi.core.Output<java.util.Optional<java.lang.String>> purposeJustificationPrompt()
        Returns:
        The prompt to display to the user for a justification for accessing the resource. Required when using `purpose_justification_required`.

      • purposeJustificationRequired

        public com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> purposeJustificationRequired()
        Returns:
        Whether to prompt the user for a justification for accessing the resource.

      • requires

        public com.pulumi.core.Output<java.util.Optional<java.util.List<AccessPolicyRequire>>> requires()
        Returns:
        A series of access conditions, see Access Groups.

      • sessionDuration

        public com.pulumi.core.Output<java.util.Optional<java.lang.String>> sessionDuration()
        Returns:
        How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`.

      • zoneId

        public com.pulumi.core.Output<java.lang.String> zoneId()
        Returns:
        The zone identifier to target for the resource. Conflicts with `account_id`.

      • get

        public static AccessPolicy get​(java.lang.String name,
                               com.pulumi.core.Output<java.lang.String> id,
                               @Nullable
                               AccessPolicyState state,
                               @Nullable
                               com.pulumi.resources.CustomResourceOptions options)
        Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
        Parameters:
        name - The _unique_ name of the resulting resource.
        id - The _unique_ provider ID of the resource to lookup.
        state -
        options - Optional settings to control the behavior of the CustomResource.