pulumi-cloudflare-kotlin/com.pulumi.cloudflare.kotlin/AccessApplicationArgs

AccessApplicationArgs

data class AccessApplicationArgs(val accountId: Output<String>? = null, val allowedIdps: Output<List<String>>? = null, val appLauncherVisible: Output<Boolean>? = null, val autoRedirectToIdentity: Output<Boolean>? = null, val corsHeaders: Output<List<AccessApplicationCorsHeaderArgs>>? = null, val customDenyMessage: Output<String>? = null, val customDenyUrl: Output<String>? = null, val domain: Output<String>? = null, val enableBindingCookie: Output<Boolean>? = null, val httpOnlyCookieAttribute: Output<Boolean>? = null, val logoUrl: Output<String>? = null, val name: Output<String>? = null, val saasApp: Output<AccessApplicationSaasAppArgs>? = null, val sameSiteCookieAttribute: Output<String>? = null, val serviceAuth401Redirect: Output<Boolean>? = null, val sessionDuration: Output<String>? = null, val skipInterstitial: Output<Boolean>? = null, val type: Output<String>? = null, val zoneId: Output<String>? = null) : ConvertibleToJava<AccessApplicationArgs>

Provides a Cloudflare Access Application resource. Access Applications are used to restrict access to a whole application using an authorisation gateway managed by Cloudflare.

It's required that an account_id or zone_id is provided and in most cases using either is fine. However, if you're using a scoped access token, you must provide the argument that matches the token's scope. For example, an access token that is scoped to the "example.com" zone needs to use the zone_id argument.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.AccessApplication;
import com.pulumi.cloudflare.AccessApplicationArgs;
import com.pulumi.cloudflare.inputs.AccessApplicationCorsHeaderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var stagingApp = new AccessApplication("stagingApp", AccessApplicationArgs.builder()
            .corsHeaders(AccessApplicationCorsHeaderArgs.builder()
                .allowCredentials(true)
                .allowedMethods(
                    "GET",
                    "POST",
                    "OPTIONS")
                .allowedOrigins("https://example.com")
                .maxAge(10)
                .build())
            .domain("staging.example.com")
            .name("staging application")
            .sessionDuration("24h")
            .type("self_hosted")
            .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
            .build());
    }
}
Content copied to clipboard

Import

$ pulumi import cloudflare:index/accessApplication:AccessApplication example <account_id>/<application_id>
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(accountId: Output<String>? = null, allowedIdps: Output<List<String>>? = null, appLauncherVisible: Output<Boolean>? = null, autoRedirectToIdentity: Output<Boolean>? = null, corsHeaders: Output<List<AccessApplicationCorsHeaderArgs>>? = null, customDenyMessage: Output<String>? = null, customDenyUrl: Output<String>? = null, domain: Output<String>? = null, enableBindingCookie: Output<Boolean>? = null, httpOnlyCookieAttribute: Output<Boolean>? = null, logoUrl: Output<String>? = null, name: Output<String>? = null, saasApp: Output<AccessApplicationSaasAppArgs>? = null, sameSiteCookieAttribute: Output<String>? = null, serviceAuth401Redirect: Output<Boolean>? = null, sessionDuration: Output<String>? = null, skipInterstitial: Output<Boolean>? = null, type: Output<String>? = null, zoneId: Output<String>? = null)

Properties

Link copied to clipboard
val accountId: Output<String>? = null

The account identifier to target for the resource. Conflicts with zone_id.

Link copied to clipboard
val allowedIdps: Output<List<String>>? = null

The identity providers selected for the application.

Link copied to clipboard
val appLauncherVisible: Output<Boolean>? = null

Option to show/hide applications in App Launcher. Defaults to true.

Link copied to clipboard
val autoRedirectToIdentity: Output<Boolean>? = null

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.

Link copied to clipboard
val corsHeaders: Output<List<AccessApplicationCorsHeaderArgs>>? = null

CORS configuration for the Access Application. See below for reference structure.

Link copied to clipboard
val customDenyMessage: Output<String>? = null

Option that returns a custom error message when a user is denied access to the application.

Link copied to clipboard
val customDenyUrl: Output<String>? = null

Option that redirects to a custom URL when a user is denied access to the application.

Link copied to clipboard
val domain: Output<String>? = null

The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.

Link copied to clipboard
val enableBindingCookie: Output<Boolean>? = null

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.

Link copied to clipboard
val httpOnlyCookieAttribute: Output<Boolean>? = null

Option to add the HttpOnly cookie flag to access tokens.

Link copied to clipboard
val logoUrl: Output<String>? = null

Image URL for the logo shown in the app launcher dashboard.

Link copied to clipboard
val name: Output<String>? = null

Friendly name of the Access Application.

Link copied to clipboard
val saasApp: Output<AccessApplicationSaasAppArgs>? = null

SaaS configuration for the Access Application.

Link copied to clipboard
val sameSiteCookieAttribute: Output<String>? = null

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.

Link copied to clipboard
val serviceAuth401Redirect: Output<Boolean>? = null

Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.

Link copied to clipboard
val sessionDuration: Output<String>? = null

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.

Link copied to clipboard
val skipInterstitial: Output<Boolean>? = null

Option to skip the authorization interstitial when using the CLI. Defaults to false.

Link copied to clipboard
val type: Output<String>? = null

The application type. Available values: app_launcher, bookmark, biso, dash_sso, saas, self_hosted, ssh, vnc, warp. Defaults to self_hosted.

Link copied to clipboard
val zoneId: Output<String>? = null

The zone identifier to target for the resource. Conflicts with account_id.

Functions

Link copied to clipboard
open override fun toJava(): AccessApplicationArgs