pulumi-cloudflare-kotlin/com.pulumi.cloudflare.kotlin/AccessPolicyArgs

AccessPolicyArgs

data class AccessPolicyArgs constructor(val accountId: Output<String>? = null, val approvalGroups: Output<List<AccessPolicyApprovalGroupArgs>>? = null, val approvalRequired: Output<Boolean>? = null, val decision: Output<String>? = null, val excludes: Output<List<AccessPolicyExcludeArgs>>? = null, val includes: Output<List<AccessPolicyIncludeArgs>>? = null, val isolationRequired: Output<Boolean>? = null, val name: Output<String>? = null, val purposeJustificationPrompt: Output<String>? = null, val purposeJustificationRequired: Output<Boolean>? = null, val requires: Output<List<AccessPolicyRequireArgs>>? = null, val sessionDuration: Output<String>? = null) : ConvertibleToJava<AccessPolicyArgs>

If 'application_id' is omitted, the policy created can be reused by multiple access applications. Any cloudflare.ZeroTrustAccessApplication resource can reference reusable policies through its policies argument. To destroy a reusable policy and remove it from all applications' policies lists on the same apply, preemptively set the lifecycle option create_before_destroy to true on the 'cloudflare_zero_trust_access_policy' resource.

Example Usage

resources:
  exampleZeroTrustAccessPolicy:
    type: cloudflare:ZeroTrustAccessPolicy
    name: example_zero_trust_access_policy
    properties:
      accountId: 023e105f4ecef8ad9ca31a8372d0c353
      decision: allow
      includes:
        - group:
            id: aa0a4aab-672b-4bdb-bc33-a59f1130a11f
      name: Allow devs
      approvalGroups:
        - approvals_needed: 1
          email_addresses:
            - test1@cloudflare.com
            - test2@cloudflare.com
          email_list_uuid: email_list_uuid
        - approvals_needed: 3
          email_addresses:
            - test@cloudflare.com
            - test2@cloudflare.com
          email_list_uuid: 597147a1-976b-4ef2-9af0-81d5d007fc34
      approvalRequired: true
      excludes:
        - group:
            id: aa0a4aab-672b-4bdb-bc33-a59f1130a11f
      isolationRequired: false
      purposeJustificationPrompt: Please enter a justification for entering this protected domain.
      purposeJustificationRequired: true
      requires:
        - group:
            id: aa0a4aab-672b-4bdb-bc33-a59f1130a11f
      sessionDuration: 24h
Content copied to clipboard

Import

$ pulumi import cloudflare:index/accessPolicy:AccessPolicy example '<account_id>/<policy_id>'
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(accountId: Output<String>? = null, approvalGroups: Output<List<AccessPolicyApprovalGroupArgs>>? = null, approvalRequired: Output<Boolean>? = null, decision: Output<String>? = null, excludes: Output<List<AccessPolicyExcludeArgs>>? = null, includes: Output<List<AccessPolicyIncludeArgs>>? = null, isolationRequired: Output<Boolean>? = null, name: Output<String>? = null, purposeJustificationPrompt: Output<String>? = null, purposeJustificationRequired: Output<Boolean>? = null, requires: Output<List<AccessPolicyRequireArgs>>? = null, sessionDuration: Output<String>? = null)

Properties

Link copied to clipboard
val accountId: Output<String>? = null

Identifier

Link copied to clipboard
val approvalGroups: Output<List<AccessPolicyApprovalGroupArgs>>? = null

Administrators who can approve a temporary authentication request.

Link copied to clipboard
val approvalRequired: Output<Boolean>? = null

Requires the user to request access from an administrator at the start of each session.

Link copied to clipboard
val decision: Output<String>? = null

The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. Available values: "allow", "deny", "non_identity", "bypass".

Link copied to clipboard
val excludes: Output<List<AccessPolicyExcludeArgs>>? = null

Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.

Link copied to clipboard
val includes: Output<List<AccessPolicyIncludeArgs>>? = null

Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.

Link copied to clipboard
val isolationRequired: Output<Boolean>? = null

Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.

Link copied to clipboard
val name: Output<String>? = null

The name of the Access policy.

Link copied to clipboard
val purposeJustificationPrompt: Output<String>? = null

A custom message that will appear on the purpose justification screen.

Link copied to clipboard
val purposeJustificationRequired: Output<Boolean>? = null

Require users to enter a justification when they log in to the application.

Link copied to clipboard
val requires: Output<List<AccessPolicyRequireArgs>>? = null

Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.

Link copied to clipboard
val sessionDuration: Output<String>? = null

The amount of time that tokens issued for the application will be valid. Must be in the format 300ms or 2h45m. Valid time units are: ns, us (or µs), ms, s, m, h.

Functions

Link copied to clipboard
open override fun toJava(): AccessPolicyArgs