pulumi-cloudflare-kotlin/com.pulumi.cloudflare.kotlin/AccessApplicationArgs

AccessApplicationArgs

data class AccessApplicationArgs(val accountId: Output<String>? = null, val allowedIdps: Output<List<String>>? = null, val appLauncherVisible: Output<Boolean>? = null, val autoRedirectToIdentity: Output<Boolean>? = null, val corsHeaders: Output<List<AccessApplicationCorsHeaderArgs>>? = null, val customDenyMessage: Output<String>? = null, val customDenyUrl: Output<String>? = null, val customNonIdentityDenyUrl: Output<String>? = null, val customPages: Output<List<String>>? = null, val domain: Output<String>? = null, val enableBindingCookie: Output<Boolean>? = null, val httpOnlyCookieAttribute: Output<Boolean>? = null, val logoUrl: Output<String>? = null, val name: Output<String>? = null, val saasApp: Output<AccessApplicationSaasAppArgs>? = null, val sameSiteCookieAttribute: Output<String>? = null, val selfHostedDomains: Output<List<String>>? = null, val serviceAuth401Redirect: Output<Boolean>? = null, val sessionDuration: Output<String>? = null, val skipInterstitial: Output<Boolean>? = null, val tags: Output<List<String>>? = null, val type: Output<String>? = null, val zoneId: Output<String>? = null) : ConvertibleToJava<AccessApplicationArgs>

Provides a Cloudflare Access Application resource. Access Applications are used to restrict access to a whole application using an authorisation gateway managed by Cloudflare.

It's required that an account_id or zone_id is provided and in most cases using either is fine. However, if you're using a scoped access token, you must provide the argument that matches the token's scope. For example, an access token that is scoped to the "example.com" zone needs to use the zone_id argument.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.AccessApplication;
import com.pulumi.cloudflare.AccessApplicationArgs;
import com.pulumi.cloudflare.inputs.AccessApplicationCorsHeaderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var stagingApp = new AccessApplication("stagingApp", AccessApplicationArgs.builder()
            .corsHeaders(AccessApplicationCorsHeaderArgs.builder()
                .allowCredentials(true)
                .allowedMethods(
                    "GET",
                    "POST",
                    "OPTIONS")
                .allowedOrigins("https://example.com")
                .maxAge(10)
                .build())
            .domain("staging.example.com")
            .name("staging application")
            .sessionDuration("24h")
            .type("self_hosted")
            .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
            .build());
    }
}
Content copied to clipboard

Import

$ pulumi import cloudflare:index/accessApplication:AccessApplication example <account_id>/<application_id>
Content copied to clipboard

Constructors

Link copied to clipboard
fun AccessApplicationArgs(accountId: Output<String>? = null, allowedIdps: Output<List<String>>? = null, appLauncherVisible: Output<Boolean>? = null, autoRedirectToIdentity: Output<Boolean>? = null, corsHeaders: Output<List<AccessApplicationCorsHeaderArgs>>? = null, customDenyMessage: Output<String>? = null, customDenyUrl: Output<String>? = null, customNonIdentityDenyUrl: Output<String>? = null, customPages: Output<List<String>>? = null, domain: Output<String>? = null, enableBindingCookie: Output<Boolean>? = null, httpOnlyCookieAttribute: Output<Boolean>? = null, logoUrl: Output<String>? = null, name: Output<String>? = null, saasApp: Output<AccessApplicationSaasAppArgs>? = null, sameSiteCookieAttribute: Output<String>? = null, selfHostedDomains: Output<List<String>>? = null, serviceAuth401Redirect: Output<Boolean>? = null, sessionDuration: Output<String>? = null, skipInterstitial: Output<Boolean>? = null, tags: Output<List<String>>? = null, type: Output<String>? = null, zoneId: Output<String>? = null)

Functions

Link copied to clipboard
open override fun toJava(): AccessApplicationArgs

Properties

Link copied to clipboard
val accountId: Output<String>? = null

The account identifier to target for the resource. Conflicts with zone_id.

Link copied to clipboard
val allowedIdps: Output<List<String>>? = null

The identity providers selected for the application.

Link copied to clipboard
val appLauncherVisible: Output<Boolean>? = null

Option to show/hide applications in App Launcher. Defaults to true.

Link copied to clipboard
val autoRedirectToIdentity: Output<Boolean>? = null

Option to skip identity provider selection if only one is configured in allowed_idps. Defaults to false.

Link copied to clipboard
val corsHeaders: Output<List<AccessApplicationCorsHeaderArgs>>? = null

CORS configuration for the Access Application. See below for reference structure.

Link copied to clipboard
val customDenyMessage: Output<String>? = null

Option that returns a custom error message when a user is denied access to the application.

Link copied to clipboard
val customDenyUrl: Output<String>? = null

Option that redirects to a custom URL when a user is denied access to the application via identity based rules.

Link copied to clipboard
val customNonIdentityDenyUrl: Output<String>? = null

Option that redirects to a custom URL when a user is denied access to the application via non identity rules.

Link copied to clipboard
val customPages: Output<List<String>>? = null

The custom pages selected for the application.

Link copied to clipboard
val domain: Output<String>? = null

The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.

Link copied to clipboard
val enableBindingCookie: Output<Boolean>? = null

Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to false.

Link copied to clipboard
val httpOnlyCookieAttribute: Output<Boolean>? = null

Option to add the HttpOnly cookie flag to access tokens.

Link copied to clipboard
val logoUrl: Output<String>? = null

Image URL for the logo shown in the app launcher dashboard.

Link copied to clipboard
val name: Output<String>? = null

The name of the attribute as provided to the SaaS app.

Link copied to clipboard
val saasApp: Output<AccessApplicationSaasAppArgs>? = null

SaaS configuration for the Access Application.

Link copied to clipboard
val sameSiteCookieAttribute: Output<String>? = null

Defines the same-site cookie setting for access tokens. Available values: none, lax, strict.

Link copied to clipboard
val selfHostedDomains: Output<List<String>>? = null

List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as domain.

Link copied to clipboard
val serviceAuth401Redirect: Output<Boolean>? = null

Option to return a 401 status code in service authentication rules on failed requests. Defaults to false.

Link copied to clipboard
val sessionDuration: Output<String>? = null

How often a user will be forced to re-authorise. Must be in the format 48h or 2h45m. Defaults to 24h.

Link copied to clipboard
val skipInterstitial: Output<Boolean>? = null

Option to skip the authorization interstitial when using the CLI. Defaults to false.

Link copied to clipboard
val tags: Output<List<String>>? = null

The itags associated with the application.

Link copied to clipboard
val type: Output<String>? = null

The application type. Available values: app_launcher, bookmark, biso, dash_sso, saas, self_hosted, ssh, vnc, warp. Defaults to self_hosted.

Link copied to clipboard
val zoneId: Output<String>? = null

The zone identifier to target for the resource. Conflicts with account_id.