From f2485f57946cec849d4904203c91cb30f8def9d3 Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Fri, 10 Jan 2025 15:15:04 +1100 Subject: [PATCH] generate docs --- docs/data-sources/address_map.md | 12 +- docs/data-sources/address_maps.md | 6 +- .../authenticated_origin_pulls_certificate.md | 2 + ...authenticated_origin_pulls_certificates.md | 2 + docs/data-sources/byo_ip_prefix.md | 12 +- docs/data-sources/byo_ip_prefixes.md | 8 +- docs/data-sources/custom_hostname.md | 4 +- docs/data-sources/custom_hostnames.md | 4 +- docs/data-sources/dns_record.md | 9 +- docs/data-sources/dns_records.md | 9 +- docs/data-sources/list_item.md | 38 +- docs/data-sources/list_items.md | 23 +- .../zero_trust_access_application.md | 599 +----------------- .../zero_trust_access_applications.md | 599 +----------------- .../zero_trust_access_policies.md | 18 + docs/data-sources/zero_trust_access_policy.md | 18 + docs/resources/address_map.md | 6 +- docs/resources/api_shield_operation.md | 37 +- .../authenticated_origin_pulls_certificate.md | 11 +- docs/resources/byo_ip_prefix.md | 6 +- docs/resources/dns_record.md | 8 +- docs/resources/list_item.md | 11 +- docs/resources/managed_transforms.md | 8 +- docs/resources/queue_consumer.md | 2 + docs/resources/workers_script.md | 11 +- .../zero_trust_access_application.md | 21 + docs/resources/zero_trust_access_policy.md | 35 + 27 files changed, 237 insertions(+), 1282 deletions(-) diff --git a/docs/data-sources/address_map.md b/docs/data-sources/address_map.md index 926b1cac26..373f51a671 100644 --- a/docs/data-sources/address_map.md +++ b/docs/data-sources/address_map.md @@ -13,8 +13,8 @@ description: |- ```terraform data "cloudflare_address_map" "example_address_map" { - account_id = "023e105f4ecef8ad9ca31a8372d0c353" - address_map_id = "023e105f4ecef8ad9ca31a8372d0c353" + account_id = "258def64c72dae45f3e4c8516e2111f2" + address_map_id = "055817b111884e0227e1be16a0be6ee0" } ``` @@ -23,8 +23,8 @@ data "cloudflare_address_map" "example_address_map" { ### Optional -- `account_id` (String) Identifier -- `address_map_id` (String) Identifier +- `account_id` (String) Identifier of a Cloudflare account. +- `address_map_id` (String) Identifier of an Address Map. - `filter` (Attributes) (see [below for nested schema](#nestedatt--filter)) ### Read-Only @@ -35,7 +35,7 @@ data "cloudflare_address_map" "example_address_map" { - `default_sni` (String) If you have legacy TLS clients which do not send the TLS server name indicator, then you can specify one default SNI on the map. If Cloudflare receives a TLS handshake from a client without an SNI, it will respond with the default SNI on those IPs. The default SNI can be any valid zone or subdomain owned by the account. - `description` (String) An optional description field which may be used to describe the types of IPs or zones on the map. - `enabled` (Boolean) Whether the Address Map is enabled or not. Cloudflare's DNS will not respond with IP addresses on an Address Map until the map is enabled. -- `id` (String) Identifier +- `id` (String) Identifier of an Address Map. - `ips` (Attributes List) The set of IPs on the Address Map. (see [below for nested schema](#nestedatt--ips)) - `memberships` (Attributes List) Zones and Accounts which will be assigned IPs on this Address Map. A zone membership will take priority over an account membership. (see [below for nested schema](#nestedatt--memberships)) - `modified_at` (String) @@ -45,7 +45,7 @@ data "cloudflare_address_map" "example_address_map" { Required: -- `account_id` (String) Identifier +- `account_id` (String) Identifier of a Cloudflare account. diff --git a/docs/data-sources/address_maps.md b/docs/data-sources/address_maps.md index edb00e7e18..9ead9dd122 100644 --- a/docs/data-sources/address_maps.md +++ b/docs/data-sources/address_maps.md @@ -13,7 +13,7 @@ description: |- ```terraform data "cloudflare_address_maps" "example_address_maps" { - account_id = "023e105f4ecef8ad9ca31a8372d0c353" + account_id = "258def64c72dae45f3e4c8516e2111f2" } ``` @@ -22,7 +22,7 @@ data "cloudflare_address_maps" "example_address_maps" { ### Required -- `account_id` (String) Identifier +- `account_id` (String) Identifier of a Cloudflare account. ### Optional @@ -43,7 +43,7 @@ Read-Only: - `default_sni` (String) If you have legacy TLS clients which do not send the TLS server name indicator, then you can specify one default SNI on the map. If Cloudflare receives a TLS handshake from a client without an SNI, it will respond with the default SNI on those IPs. The default SNI can be any valid zone or subdomain owned by the account. - `description` (String) An optional description field which may be used to describe the types of IPs or zones on the map. - `enabled` (Boolean) Whether the Address Map is enabled or not. Cloudflare's DNS will not respond with IP addresses on an Address Map until the map is enabled. -- `id` (String) Identifier +- `id` (String) Identifier of an Address Map. - `modified_at` (String) diff --git a/docs/data-sources/authenticated_origin_pulls_certificate.md b/docs/data-sources/authenticated_origin_pulls_certificate.md index 040a395b54..72d00a69e5 100644 --- a/docs/data-sources/authenticated_origin_pulls_certificate.md +++ b/docs/data-sources/authenticated_origin_pulls_certificate.md @@ -30,9 +30,11 @@ data "cloudflare_authenticated_origin_pulls_certificate" "example_authenticated_ ### Read-Only - `certificate` (String) The zone's leaf certificate. +- `enabled` (Boolean) Indicates whether zone-level authenticated origin pulls is enabled. - `expires_on` (String) When the certificate from the authority expires. - `id` (String) Identifier - `issuer` (String) The certificate authority that issued the certificate. +- `private_key` (String) The zone's private key. - `signature` (String) The type of hash used for the certificate. - `status` (String) Status of the certificate activation. - `uploaded_on` (String) This is the time the certificate was uploaded. diff --git a/docs/data-sources/authenticated_origin_pulls_certificates.md b/docs/data-sources/authenticated_origin_pulls_certificates.md index 97e2650a37..cc37f20162 100644 --- a/docs/data-sources/authenticated_origin_pulls_certificates.md +++ b/docs/data-sources/authenticated_origin_pulls_certificates.md @@ -38,9 +38,11 @@ data "cloudflare_authenticated_origin_pulls_certificates" "example_authenticated Read-Only: - `certificate` (String) The zone's leaf certificate. +- `enabled` (Boolean) Indicates whether zone-level authenticated origin pulls is enabled. - `expires_on` (String) When the certificate from the authority expires. - `id` (String) Identifier - `issuer` (String) The certificate authority that issued the certificate. +- `private_key` (String) The zone's private key. - `signature` (String) The type of hash used for the certificate. - `status` (String) Status of the certificate activation. - `uploaded_on` (String) This is the time the certificate was uploaded. diff --git a/docs/data-sources/byo_ip_prefix.md b/docs/data-sources/byo_ip_prefix.md index baca0efcd2..3371ed29ad 100644 --- a/docs/data-sources/byo_ip_prefix.md +++ b/docs/data-sources/byo_ip_prefix.md @@ -13,8 +13,8 @@ description: |- ```terraform data "cloudflare_byo_ip_prefix" "example_byo_ip_prefix" { - account_id = "023e105f4ecef8ad9ca31a8372d0c353" - prefix_id = "023e105f4ecef8ad9ca31a8372d0c353" + account_id = "258def64c72dae45f3e4c8516e2111f2" + prefix_id = "2af39739cc4e3b5910c918468bb89828" } ``` @@ -23,9 +23,9 @@ data "cloudflare_byo_ip_prefix" "example_byo_ip_prefix" { ### Optional -- `account_id` (String) Identifier +- `account_id` (String) Identifier of a Cloudflare account. - `filter` (Attributes) (see [below for nested schema](#nestedatt--filter)) -- `prefix_id` (String) Identifier +- `prefix_id` (String) Identifier of an IP Prefix. ### Read-Only @@ -36,7 +36,7 @@ data "cloudflare_byo_ip_prefix" "example_byo_ip_prefix" { - `cidr` (String) IP Prefix in Classless Inter-Domain Routing format. - `created_at` (String) - `description` (String) Description of the prefix. -- `id` (String) Identifier +- `id` (String) Identifier of an IP Prefix. - `loa_document_id` (String) Identifier for the uploaded LOA document. - `modified_at` (String) - `on_demand_enabled` (Boolean) Whether advertisement of the prefix to the Internet may be dynamically enabled or disabled. @@ -47,6 +47,6 @@ data "cloudflare_byo_ip_prefix" "example_byo_ip_prefix" { Required: -- `account_id` (String) Identifier +- `account_id` (String) Identifier of a Cloudflare account. diff --git a/docs/data-sources/byo_ip_prefixes.md b/docs/data-sources/byo_ip_prefixes.md index 6dd21c4a80..75c71ee90d 100644 --- a/docs/data-sources/byo_ip_prefixes.md +++ b/docs/data-sources/byo_ip_prefixes.md @@ -13,7 +13,7 @@ description: |- ```terraform data "cloudflare_byo_ip_prefixes" "example_byo_ip_prefixes" { - account_id = "023e105f4ecef8ad9ca31a8372d0c353" + account_id = "258def64c72dae45f3e4c8516e2111f2" } ``` @@ -22,7 +22,7 @@ data "cloudflare_byo_ip_prefixes" "example_byo_ip_prefixes" { ### Required -- `account_id` (String) Identifier +- `account_id` (String) Identifier of a Cloudflare account. ### Optional @@ -37,7 +37,7 @@ data "cloudflare_byo_ip_prefixes" "example_byo_ip_prefixes" { Read-Only: -- `account_id` (String) Identifier +- `account_id` (String) Identifier of a Cloudflare account. - `advertised` (Boolean) Prefix advertisement status to the Internet. This field is only not 'null' if on demand is enabled. - `advertised_modified_at` (String) Last time the advertisement status was changed. This field is only not 'null' if on demand is enabled. - `approved` (String) Approval state of the prefix (P = pending, V = active). @@ -45,7 +45,7 @@ Read-Only: - `cidr` (String) IP Prefix in Classless Inter-Domain Routing format. - `created_at` (String) - `description` (String) Description of the prefix. -- `id` (String) Identifier +- `id` (String) Identifier of an IP Prefix. - `loa_document_id` (String) Identifier for the uploaded LOA document. - `modified_at` (String) - `on_demand_enabled` (Boolean) Whether advertisement of the prefix to the Internet may be dynamically enabled or disabled. diff --git a/docs/data-sources/custom_hostname.md b/docs/data-sources/custom_hostname.md index 6e0d765e8b..6273de9ba0 100644 --- a/docs/data-sources/custom_hostname.md +++ b/docs/data-sources/custom_hostname.md @@ -37,7 +37,7 @@ data "cloudflare_custom_hostname" "example_custom_hostname" { - `id` (String) Identifier - `ownership_verification` (Attributes) This is a record which can be placed to activate a hostname. (see [below for nested schema](#nestedatt--ownership_verification)) - `ownership_verification_http` (Attributes) This presents the token to be served by the given http url to activate a hostname. (see [below for nested schema](#nestedatt--ownership_verification_http)) -- `ssl` (Attributes) SSL properties for the custom hostname. (see [below for nested schema](#nestedatt--ssl)) +- `ssl` (Attributes) (see [below for nested schema](#nestedatt--ssl)) - `status` (String) Status of the hostname's activation. - `verification_errors` (List of String) These are errors that were encountered while trying to activate a hostname. @@ -92,7 +92,7 @@ Read-Only: - `issuer` (String) The issuer on a custom uploaded certificate. - `method` (String) Domain control validation (DCV) method used for this hostname. - `serial_number` (String) The serial number on a custom uploaded certificate. -- `settings` (Attributes) SSL specific settings. (see [below for nested schema](#nestedatt--ssl--settings)) +- `settings` (Attributes) (see [below for nested schema](#nestedatt--ssl--settings)) - `signature` (String) The signature on a custom uploaded certificate. - `status` (String) Status of the hostname's SSL certificates. - `type` (String) Level of validation to be used for this hostname. Domain validation (dv) must be used. diff --git a/docs/data-sources/custom_hostnames.md b/docs/data-sources/custom_hostnames.md index aedc414042..17ecbe7041 100644 --- a/docs/data-sources/custom_hostnames.md +++ b/docs/data-sources/custom_hostnames.md @@ -54,7 +54,7 @@ Read-Only: - `id` (String) Identifier - `ownership_verification` (Attributes) This is a record which can be placed to activate a hostname. (see [below for nested schema](#nestedatt--result--ownership_verification)) - `ownership_verification_http` (Attributes) This presents the token to be served by the given http url to activate a hostname. (see [below for nested schema](#nestedatt--result--ownership_verification_http)) -- `ssl` (Attributes) SSL properties for the custom hostname. (see [below for nested schema](#nestedatt--result--ssl)) +- `ssl` (Attributes) (see [below for nested schema](#nestedatt--result--ssl)) - `status` (String) Status of the hostname's activation. - `verification_errors` (List of String) These are errors that were encountered while trying to activate a hostname. @@ -93,7 +93,7 @@ Read-Only: - `issuer` (String) The issuer on a custom uploaded certificate. - `method` (String) Domain control validation (DCV) method used for this hostname. - `serial_number` (String) The serial number on a custom uploaded certificate. -- `settings` (Attributes) SSL specific settings. (see [below for nested schema](#nestedatt--result--ssl--settings)) +- `settings` (Attributes) (see [below for nested schema](#nestedatt--result--ssl--settings)) - `signature` (String) The signature on a custom uploaded certificate. - `status` (String) Status of the hostname's SSL certificates. - `type` (String) Level of validation to be used for this hostname. Domain validation (dv) must be used. diff --git a/docs/data-sources/dns_record.md b/docs/data-sources/dns_record.md index 861ce4acba..b60ac80c51 100644 --- a/docs/data-sources/dns_record.md +++ b/docs/data-sources/dns_record.md @@ -30,13 +30,20 @@ data "cloudflare_dns_record" "example_dns_record" { ### Read-Only - `comment` (String) Comments or notes about the DNS record. This field has no effect on DNS responses. +- `comment_modified_on` (String) When the record comment was last modified. Omitted if there is no comment. - `content` (String) A valid IPv4 address. +- `created_on` (String) When the record was created. - `data` (Attributes) Components of a CAA record. (see [below for nested schema](#nestedatt--data)) +- `id` (String) Identifier +- `meta` (String) Extra Cloudflare-specific information about the record. +- `modified_on` (String) When the record was last modified. - `name` (String) DNS record name (or @ for the zone apex) in Punycode. - `priority` (Number) Required for MX, SRV and URI records; unused by other record types. Records with lower priorities are preferred. +- `proxiable` (Boolean) Whether the record can be proxied by Cloudflare or not. - `proxied` (Boolean) Whether the record is receiving the performance and security benefits of Cloudflare. - `settings` (Attributes) Settings for the DNS record. (see [below for nested schema](#nestedatt--settings)) - `tags` (List of String) Custom tags for the DNS record. This field has no effect on DNS responses. +- `tags_modified_on` (String) When the record tags were last modified. Omitted if there are no tags. - `ttl` (Number) Time To Live (TTL) of the DNS record in seconds. Setting to 1 means 'automatic'. Value must be between 60 and 86400, with the minimum reduced to 30 for Enterprise zones. - `type` (String) Record type. @@ -158,7 +165,7 @@ Read-Only: Read-Only: -- `flatten_cname` (Boolean) If enabled, causes the CNAME record to be resolved externally and the resulting address records (e.g., A and AAAA) to be returned instead of the CNAME record itself. This setting has no effect on proxied records, which are always flattened. +- `flatten_cname` (Boolean) If enabled, causes the CNAME record to be resolved externally and the resulting address records (e.g., A and AAAA) to be returned instead of the CNAME record itself. This setting is unavailable for proxied records, since they are always flattened. - `ipv4_only` (Boolean) When enabled, only A records will be generated, and AAAA records will not be created. This setting is intended for exceptional cases. Note that this option only applies to proxied records and it has no effect on whether Cloudflare communicates with the origin using IPv4 or IPv6. - `ipv6_only` (Boolean) When enabled, only AAAA records will be generated, and A records will not be created. This setting is intended for exceptional cases. Note that this option only applies to proxied records and it has no effect on whether Cloudflare communicates with the origin using IPv4 or IPv6. diff --git a/docs/data-sources/dns_records.md b/docs/data-sources/dns_records.md index 882bc21377..568d760afd 100644 --- a/docs/data-sources/dns_records.md +++ b/docs/data-sources/dns_records.md @@ -127,13 +127,20 @@ Optional: Read-Only: - `comment` (String) Comments or notes about the DNS record. This field has no effect on DNS responses. +- `comment_modified_on` (String) When the record comment was last modified. Omitted if there is no comment. - `content` (String) A valid IPv4 address. +- `created_on` (String) When the record was created. - `data` (Attributes) Components of a CAA record. (see [below for nested schema](#nestedatt--result--data)) +- `id` (String) Identifier +- `meta` (String) Extra Cloudflare-specific information about the record. +- `modified_on` (String) When the record was last modified. - `name` (String) DNS record name (or @ for the zone apex) in Punycode. - `priority` (Number) Required for MX, SRV and URI records; unused by other record types. Records with lower priorities are preferred. +- `proxiable` (Boolean) Whether the record can be proxied by Cloudflare or not. - `proxied` (Boolean) Whether the record is receiving the performance and security benefits of Cloudflare. - `settings` (Attributes) Settings for the DNS record. (see [below for nested schema](#nestedatt--result--settings)) - `tags` (List of String) Custom tags for the DNS record. This field has no effect on DNS responses. +- `tags_modified_on` (String) When the record tags were last modified. Omitted if there are no tags. - `ttl` (Number) Time To Live (TTL) of the DNS record in seconds. Setting to 1 means 'automatic'. Value must be between 60 and 86400, with the minimum reduced to 30 for Enterprise zones. - `type` (String) Record type. @@ -185,7 +192,7 @@ Read-Only: Read-Only: -- `flatten_cname` (Boolean) If enabled, causes the CNAME record to be resolved externally and the resulting address records (e.g., A and AAAA) to be returned instead of the CNAME record itself. This setting has no effect on proxied records, which are always flattened. +- `flatten_cname` (Boolean) If enabled, causes the CNAME record to be resolved externally and the resulting address records (e.g., A and AAAA) to be returned instead of the CNAME record itself. This setting is unavailable for proxied records, since they are always flattened. - `ipv4_only` (Boolean) When enabled, only A records will be generated, and AAAA records will not be created. This setting is intended for exceptional cases. Note that this option only applies to proxied records and it has no effect on whether Cloudflare communicates with the origin using IPv4 or IPv6. - `ipv6_only` (Boolean) When enabled, only AAAA records will be generated, and A records will not be created. This setting is intended for exceptional cases. Note that this option only applies to proxied records and it has no effect on whether Cloudflare communicates with the origin using IPv4 or IPv6. diff --git a/docs/data-sources/list_item.md b/docs/data-sources/list_item.md index 832fc1cdcd..0fe2211cd3 100644 --- a/docs/data-sources/list_item.md +++ b/docs/data-sources/list_item.md @@ -31,14 +31,14 @@ data "cloudflare_list_item" "example_list_item" { ### Read-Only -- `include_subdomains` (Boolean) -- `preserve_path_suffix` (Boolean) -- `preserve_query_string` (Boolean) -- `source_url` (String) -- `status_code` (Number) -- `subpath_matching` (Boolean) -- `target_url` (String) -- `url_hostname` (String) +- `asn` (Number) A non-negative 32 bit integer +- `comment` (String) An informative summary of the list item. +- `created_on` (String) The RFC 3339 timestamp of when the item was created. +- `hostname` (Attributes) Valid characters for hostnames are ASCII(7) letters from a to z, the digits from 0 to 9, wildcards (*), and the hyphen (-). (see [below for nested schema](#nestedatt--hostname)) +- `id` (String) The unique ID of the list. +- `ip` (String) An IPv4 address, an IPv4 CIDR, or an IPv6 CIDR. IPv6 CIDRs are limited to a maximum of /64. +- `modified_on` (String) The RFC 3339 timestamp of when the item was last modified. +- `redirect` (Attributes) The definition of the redirect. (see [below for nested schema](#nestedatt--redirect)) ### Nested Schema for `filter` @@ -53,3 +53,25 @@ Optional: - `search` (String) A search query to filter returned items. Its meaning depends on the list type: IP addresses must start with the provided string, hostnames and bulk redirects must contain the string, and ASNs must match the string exactly. + +### Nested Schema for `hostname` + +Read-Only: + +- `url_hostname` (String) + + + +### Nested Schema for `redirect` + +Read-Only: + +- `include_subdomains` (Boolean) +- `preserve_path_suffix` (Boolean) +- `preserve_query_string` (Boolean) +- `source_url` (String) +- `status_code` (Number) +- `subpath_matching` (Boolean) +- `target_url` (String) + + diff --git a/docs/data-sources/list_items.md b/docs/data-sources/list_items.md index 1494b11d20..a5c70ebcb4 100644 --- a/docs/data-sources/list_items.md +++ b/docs/data-sources/list_items.md @@ -41,6 +41,28 @@ data "cloudflare_list_items" "example_list_items" { Read-Only: +- `asn` (Number) A non-negative 32 bit integer +- `comment` (String) An informative summary of the list item. +- `created_on` (String) The RFC 3339 timestamp of when the item was created. +- `hostname` (Attributes) Valid characters for hostnames are ASCII(7) letters from a to z, the digits from 0 to 9, wildcards (*), and the hyphen (-). (see [below for nested schema](#nestedatt--result--hostname)) +- `id` (String) The unique ID of the list. +- `ip` (String) An IPv4 address, an IPv4 CIDR, or an IPv6 CIDR. IPv6 CIDRs are limited to a maximum of /64. +- `modified_on` (String) The RFC 3339 timestamp of when the item was last modified. +- `redirect` (Attributes) The definition of the redirect. (see [below for nested schema](#nestedatt--result--redirect)) + + +### Nested Schema for `result.hostname` + +Read-Only: + +- `url_hostname` (String) + + + +### Nested Schema for `result.redirect` + +Read-Only: + - `include_subdomains` (Boolean) - `preserve_path_suffix` (Boolean) - `preserve_query_string` (Boolean) @@ -48,6 +70,5 @@ Read-Only: - `status_code` (Number) - `subpath_matching` (Boolean) - `target_url` (String) -- `url_hostname` (String) diff --git a/docs/data-sources/zero_trust_access_application.md b/docs/data-sources/zero_trust_access_application.md index 51d9986b48..3746cb8515 100644 --- a/docs/data-sources/zero_trust_access_application.md +++ b/docs/data-sources/zero_trust_access_application.md @@ -56,7 +56,7 @@ data "cloudflare_zero_trust_access_application" "example_zero_trust_access_appli - `name` (String) The name of the application. - `options_preflight_bypass` (Boolean) Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. - `path_cookie_attribute` (Boolean) Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default -- `policies` (Attributes List) (see [below for nested schema](#nestedatt--policies)) +- `policies` (List of String) - `saas_app` (Attributes) (see [below for nested schema](#nestedatt--saas_app)) - `same_site_cookie_attribute` (String) Sets the SameSite cookie setting, which provides increased security against CSRF attacks. - `scim_config` (Attributes) Configuration for provisioning to this application via SCIM. This is currently in closed beta. (see [below for nested schema](#nestedatt--scim_config)) @@ -128,603 +128,6 @@ Read-Only: - `title` (String) The title shown on the landing page. - -### Nested Schema for `policies` - -Read-Only: - -- `created_at` (String) -- `decision` (String) The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. -- `exclude` (Attributes List) Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules. (see [below for nested schema](#nestedatt--policies--exclude)) -- `id` (String) The UUID of the policy -- `include` (Attributes List) Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules. (see [below for nested schema](#nestedatt--policies--include)) -- `name` (String) The name of the Access policy. -- `require` (Attributes List) Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules. (see [below for nested schema](#nestedatt--policies--require)) -- `updated_at` (String) - - -### Nested Schema for `policies.exclude` - -Read-Only: - -- `any_valid_service_token` (Attributes) An empty object which matches on all service tokens. (see [below for nested schema](#nestedatt--policies--exclude--any_valid_service_token)) -- `auth_context` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--auth_context)) -- `auth_method` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--auth_method)) -- `azure_ad` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--azure_ad)) -- `certificate` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--certificate)) -- `common_name` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--common_name)) -- `device_posture` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--device_posture)) -- `email` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--email)) -- `email_domain` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--email_domain)) -- `email_list` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--email_list)) -- `everyone` (Attributes) An empty object which matches on all users. (see [below for nested schema](#nestedatt--policies--exclude--everyone)) -- `external_evaluation` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--external_evaluation)) -- `geo` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--geo)) -- `github_organization` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--github_organization)) -- `group` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--group)) -- `gsuite` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--gsuite)) -- `ip` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--ip)) -- `ip_list` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--ip_list)) -- `okta` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--okta)) -- `saml` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--saml)) -- `service_token` (Attributes) (see [below for nested schema](#nestedatt--policies--exclude--service_token)) - - -### Nested Schema for `policies.exclude.any_valid_service_token` - - - -### Nested Schema for `policies.exclude.auth_context` - -Read-Only: - -- `ac_id` (String) The ACID of an Authentication context. -- `id` (String) The ID of an Authentication context. -- `identity_provider_id` (String) The ID of your Azure identity provider. - - - -### Nested Schema for `policies.exclude.auth_method` - -Read-Only: - -- `auth_method` (String) The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2. - - - -### Nested Schema for `policies.exclude.azure_ad` - -Read-Only: - -- `id` (String) The ID of an Azure group. -- `identity_provider_id` (String) The ID of your Azure identity provider. - - - -### Nested Schema for `policies.exclude.certificate` - - - -### Nested Schema for `policies.exclude.common_name` - -Read-Only: - -- `common_name` (String) The common name to match. - - - -### Nested Schema for `policies.exclude.device_posture` - -Read-Only: - -- `integration_uid` (String) The ID of a device posture integration. - - - -### Nested Schema for `policies.exclude.email` - -Read-Only: - -- `email` (String) The email of the user. - - - -### Nested Schema for `policies.exclude.email_domain` - -Read-Only: - -- `domain` (String) The email domain to match. - - - -### Nested Schema for `policies.exclude.email_list` - -Read-Only: - -- `id` (String) The ID of a previously created email list. - - - -### Nested Schema for `policies.exclude.everyone` - - - -### Nested Schema for `policies.exclude.external_evaluation` - -Read-Only: - -- `evaluate_url` (String) The API endpoint containing your business logic. -- `keys_url` (String) The API endpoint containing the key that Access uses to verify that the response came from your API. - - - -### Nested Schema for `policies.exclude.geo` - -Read-Only: - -- `country_code` (String) The country code that should be matched. - - - -### Nested Schema for `policies.exclude.github_organization` - -Read-Only: - -- `identity_provider_id` (String) The ID of your Github identity provider. -- `name` (String) The name of the organization. -- `team` (String) The name of the team - - - -### Nested Schema for `policies.exclude.group` - -Read-Only: - -- `id` (String) The ID of a previously created Access group. - - - -### Nested Schema for `policies.exclude.gsuite` - -Read-Only: - -- `email` (String) The email of the Google Workspace group. -- `identity_provider_id` (String) The ID of your Google Workspace identity provider. - - - -### Nested Schema for `policies.exclude.ip` - -Read-Only: - -- `ip` (String) An IPv4 or IPv6 CIDR block. - - - -### Nested Schema for `policies.exclude.ip_list` - -Read-Only: - -- `id` (String) The ID of a previously created IP list. - - - -### Nested Schema for `policies.exclude.okta` - -Read-Only: - -- `identity_provider_id` (String) The ID of your Okta identity provider. -- `name` (String) The name of the Okta group. - - - -### Nested Schema for `policies.exclude.saml` - -Read-Only: - -- `attribute_name` (String) The name of the SAML attribute. -- `attribute_value` (String) The SAML attribute value to look for. -- `identity_provider_id` (String) The ID of your SAML identity provider. - - - -### Nested Schema for `policies.exclude.service_token` - -Read-Only: - -- `token_id` (String) The ID of a Service Token. - - - - -### Nested Schema for `policies.include` - -Read-Only: - -- `any_valid_service_token` (Attributes) An empty object which matches on all service tokens. (see [below for nested schema](#nestedatt--policies--include--any_valid_service_token)) -- `auth_context` (Attributes) (see [below for nested schema](#nestedatt--policies--include--auth_context)) -- `auth_method` (Attributes) (see [below for nested schema](#nestedatt--policies--include--auth_method)) -- `azure_ad` (Attributes) (see [below for nested schema](#nestedatt--policies--include--azure_ad)) -- `certificate` (Attributes) (see [below for nested schema](#nestedatt--policies--include--certificate)) -- `common_name` (Attributes) (see [below for nested schema](#nestedatt--policies--include--common_name)) -- `device_posture` (Attributes) (see [below for nested schema](#nestedatt--policies--include--device_posture)) -- `email` (Attributes) (see [below for nested schema](#nestedatt--policies--include--email)) -- `email_domain` (Attributes) (see [below for nested schema](#nestedatt--policies--include--email_domain)) -- `email_list` (Attributes) (see [below for nested schema](#nestedatt--policies--include--email_list)) -- `everyone` (Attributes) An empty object which matches on all users. (see [below for nested schema](#nestedatt--policies--include--everyone)) -- `external_evaluation` (Attributes) (see [below for nested schema](#nestedatt--policies--include--external_evaluation)) -- `geo` (Attributes) (see [below for nested schema](#nestedatt--policies--include--geo)) -- `github_organization` (Attributes) (see [below for nested schema](#nestedatt--policies--include--github_organization)) -- `group` (Attributes) (see [below for nested schema](#nestedatt--policies--include--group)) -- `gsuite` (Attributes) (see [below for nested schema](#nestedatt--policies--include--gsuite)) -- `ip` (Attributes) (see [below for nested schema](#nestedatt--policies--include--ip)) -- `ip_list` (Attributes) (see [below for nested schema](#nestedatt--policies--include--ip_list)) -- `okta` (Attributes) (see [below for nested schema](#nestedatt--policies--include--okta)) -- `saml` (Attributes) (see [below for nested schema](#nestedatt--policies--include--saml)) -- `service_token` (Attributes) (see [below for nested schema](#nestedatt--policies--include--service_token)) - - -### Nested Schema for `policies.include.any_valid_service_token` - - - -### Nested Schema for `policies.include.auth_context` - -Read-Only: - -- `ac_id` (String) The ACID of an Authentication context. -- `id` (String) The ID of an Authentication context. -- `identity_provider_id` (String) The ID of your Azure identity provider. - - - -### Nested Schema for `policies.include.auth_method` - -Read-Only: - -- `auth_method` (String) The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2. - - - -### Nested Schema for `policies.include.azure_ad` - -Read-Only: - -- `id` (String) The ID of an Azure group. -- `identity_provider_id` (String) The ID of your Azure identity provider. - - - -### Nested Schema for `policies.include.certificate` - - - -### Nested Schema for `policies.include.common_name` - -Read-Only: - -- `common_name` (String) The common name to match. - - - -### Nested Schema for `policies.include.device_posture` - -Read-Only: - -- `integration_uid` (String) The ID of a device posture integration. - - - -### Nested Schema for `policies.include.email` - -Read-Only: - -- `email` (String) The email of the user. - - - -### Nested Schema for `policies.include.email_domain` - -Read-Only: - -- `domain` (String) The email domain to match. - - - -### Nested Schema for `policies.include.email_list` - -Read-Only: - -- `id` (String) The ID of a previously created email list. - - - -### Nested Schema for `policies.include.everyone` - - - -### Nested Schema for `policies.include.external_evaluation` - -Read-Only: - -- `evaluate_url` (String) The API endpoint containing your business logic. -- `keys_url` (String) The API endpoint containing the key that Access uses to verify that the response came from your API. - - - -### Nested Schema for `policies.include.geo` - -Read-Only: - -- `country_code` (String) The country code that should be matched. - - - -### Nested Schema for `policies.include.github_organization` - -Read-Only: - -- `identity_provider_id` (String) The ID of your Github identity provider. -- `name` (String) The name of the organization. -- `team` (String) The name of the team - - - -### Nested Schema for `policies.include.group` - -Read-Only: - -- `id` (String) The ID of a previously created Access group. - - - -### Nested Schema for `policies.include.gsuite` - -Read-Only: - -- `email` (String) The email of the Google Workspace group. -- `identity_provider_id` (String) The ID of your Google Workspace identity provider. - - - -### Nested Schema for `policies.include.ip` - -Read-Only: - -- `ip` (String) An IPv4 or IPv6 CIDR block. - - - -### Nested Schema for `policies.include.ip_list` - -Read-Only: - -- `id` (String) The ID of a previously created IP list. - - - -### Nested Schema for `policies.include.okta` - -Read-Only: - -- `identity_provider_id` (String) The ID of your Okta identity provider. -- `name` (String) The name of the Okta group. - - - -### Nested Schema for `policies.include.saml` - -Read-Only: - -- `attribute_name` (String) The name of the SAML attribute. -- `attribute_value` (String) The SAML attribute value to look for. -- `identity_provider_id` (String) The ID of your SAML identity provider. - - - -### Nested Schema for `policies.include.service_token` - -Read-Only: - -- `token_id` (String) The ID of a Service Token. - - - - -### Nested Schema for `policies.require` - -Read-Only: - -- `any_valid_service_token` (Attributes) An empty object which matches on all service tokens. (see [below for nested schema](#nestedatt--policies--require--any_valid_service_token)) -- `auth_context` (Attributes) (see [below for nested schema](#nestedatt--policies--require--auth_context)) -- `auth_method` (Attributes) (see [below for nested schema](#nestedatt--policies--require--auth_method)) -- `azure_ad` (Attributes) (see [below for nested schema](#nestedatt--policies--require--azure_ad)) -- `certificate` (Attributes) (see [below for nested schema](#nestedatt--policies--require--certificate)) -- `common_name` (Attributes) (see [below for nested schema](#nestedatt--policies--require--common_name)) -- `device_posture` (Attributes) (see [below for nested schema](#nestedatt--policies--require--device_posture)) -- `email` (Attributes) (see [below for nested schema](#nestedatt--policies--require--email)) -- `email_domain` (Attributes) (see [below for nested schema](#nestedatt--policies--require--email_domain)) -- `email_list` (Attributes) (see [below for nested schema](#nestedatt--policies--require--email_list)) -- `everyone` (Attributes) An empty object which matches on all users. (see [below for nested schema](#nestedatt--policies--require--everyone)) -- `external_evaluation` (Attributes) (see [below for nested schema](#nestedatt--policies--require--external_evaluation)) -- `geo` (Attributes) (see [below for nested schema](#nestedatt--policies--require--geo)) -- `github_organization` (Attributes) (see [below for nested schema](#nestedatt--policies--require--github_organization)) -- `group` (Attributes) (see [below for nested schema](#nestedatt--policies--require--group)) -- `gsuite` (Attributes) (see [below for nested schema](#nestedatt--policies--require--gsuite)) -- `ip` (Attributes) (see [below for nested schema](#nestedatt--policies--require--ip)) -- `ip_list` (Attributes) (see [below for nested schema](#nestedatt--policies--require--ip_list)) -- `okta` (Attributes) (see [below for nested schema](#nestedatt--policies--require--okta)) -- `saml` (Attributes) (see [below for nested schema](#nestedatt--policies--require--saml)) -- `service_token` (Attributes) (see [below for nested schema](#nestedatt--policies--require--service_token)) - - -### Nested Schema for `policies.require.any_valid_service_token` - - - -### Nested Schema for `policies.require.auth_context` - -Read-Only: - -- `ac_id` (String) The ACID of an Authentication context. -- `id` (String) The ID of an Authentication context. -- `identity_provider_id` (String) The ID of your Azure identity provider. - - - -### Nested Schema for `policies.require.auth_method` - -Read-Only: - -- `auth_method` (String) The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2. - - - -### Nested Schema for `policies.require.azure_ad` - -Read-Only: - -- `id` (String) The ID of an Azure group. -- `identity_provider_id` (String) The ID of your Azure identity provider. - - - -### Nested Schema for `policies.require.certificate` - - - -### Nested Schema for `policies.require.common_name` - -Read-Only: - -- `common_name` (String) The common name to match. - - - -### Nested Schema for `policies.require.device_posture` - -Read-Only: - -- `integration_uid` (String) The ID of a device posture integration. - - - -### Nested Schema for `policies.require.email` - -Read-Only: - -- `email` (String) The email of the user. - - - -### Nested Schema for `policies.require.email_domain` - -Read-Only: - -- `domain` (String) The email domain to match. - - - -### Nested Schema for `policies.require.email_list` - -Read-Only: - -- `id` (String) The ID of a previously created email list. - - - -### Nested Schema for `policies.require.everyone` - - - -### Nested Schema for `policies.require.external_evaluation` - -Read-Only: - -- `evaluate_url` (String) The API endpoint containing your business logic. -- `keys_url` (String) The API endpoint containing the key that Access uses to verify that the response came from your API. - - - -### Nested Schema for `policies.require.geo` - -Read-Only: - -- `country_code` (String) The country code that should be matched. - - - -### Nested Schema for `policies.require.github_organization` - -Read-Only: - -- `identity_provider_id` (String) The ID of your Github identity provider. -- `name` (String) The name of the organization. -- `team` (String) The name of the team - - - -### Nested Schema for `policies.require.group` - -Read-Only: - -- `id` (String) The ID of a previously created Access group. - - - -### Nested Schema for `policies.require.gsuite` - -Read-Only: - -- `email` (String) The email of the Google Workspace group. -- `identity_provider_id` (String) The ID of your Google Workspace identity provider. - - - -### Nested Schema for `policies.require.ip` - -Read-Only: - -- `ip` (String) An IPv4 or IPv6 CIDR block. - - - -### Nested Schema for `policies.require.ip_list` - -Read-Only: - -- `id` (String) The ID of a previously created IP list. - - - -### Nested Schema for `policies.require.okta` - -Read-Only: - -- `identity_provider_id` (String) The ID of your Okta identity provider. -- `name` (String) The name of the Okta group. - - - -### Nested Schema for `policies.require.saml` - -Read-Only: - -- `attribute_name` (String) The name of the SAML attribute. -- `attribute_value` (String) The SAML attribute value to look for. -- `identity_provider_id` (String) The ID of your SAML identity provider. - - - -### Nested Schema for `policies.require.service_token` - -Read-Only: - -- `token_id` (String) The ID of a Service Token. - - - - ### Nested Schema for `saas_app` diff --git a/docs/data-sources/zero_trust_access_applications.md b/docs/data-sources/zero_trust_access_applications.md index 8d252a4fb2..6c5663ad45 100644 --- a/docs/data-sources/zero_trust_access_applications.md +++ b/docs/data-sources/zero_trust_access_applications.md @@ -69,7 +69,7 @@ Read-Only: - `name` (String) The name of the application. - `options_preflight_bypass` (Boolean) Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. - `path_cookie_attribute` (Boolean) Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default -- `policies` (Attributes List) (see [below for nested schema](#nestedatt--result--policies)) +- `policies` (List of String) - `saas_app` (Attributes) (see [below for nested schema](#nestedatt--result--saas_app)) - `same_site_cookie_attribute` (String) Sets the SameSite cookie setting, which provides increased security against CSRF attacks. - `scim_config` (Attributes) Configuration for provisioning to this application via SCIM. This is currently in closed beta. (see [below for nested schema](#nestedatt--result--scim_config)) @@ -128,603 +128,6 @@ Read-Only: - `title` (String) The title shown on the landing page. - -### Nested Schema for `result.policies` - -Read-Only: - -- `created_at` (String) -- `decision` (String) The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. -- `exclude` (Attributes List) Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules. (see [below for nested schema](#nestedatt--result--policies--exclude)) -- `id` (String) The UUID of the policy -- `include` (Attributes List) Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules. (see [below for nested schema](#nestedatt--result--policies--include)) -- `name` (String) The name of the Access policy. -- `require` (Attributes List) Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules. (see [below for nested schema](#nestedatt--result--policies--require)) -- `updated_at` (String) - - -### Nested Schema for `result.policies.exclude` - -Read-Only: - -- `any_valid_service_token` (Attributes) An empty object which matches on all service tokens. (see [below for nested schema](#nestedatt--result--policies--exclude--any_valid_service_token)) -- `auth_context` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--auth_context)) -- `auth_method` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--auth_method)) -- `azure_ad` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--azure_ad)) -- `certificate` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--certificate)) -- `common_name` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--common_name)) -- `device_posture` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--device_posture)) -- `email` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--email)) -- `email_domain` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--email_domain)) -- `email_list` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--email_list)) -- `everyone` (Attributes) An empty object which matches on all users. (see [below for nested schema](#nestedatt--result--policies--exclude--everyone)) -- `external_evaluation` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--external_evaluation)) -- `geo` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--geo)) -- `github_organization` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--github_organization)) -- `group` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--group)) -- `gsuite` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--gsuite)) -- `ip` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--ip)) -- `ip_list` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--ip_list)) -- `okta` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--okta)) -- `saml` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--saml)) -- `service_token` (Attributes) (see [below for nested schema](#nestedatt--result--policies--exclude--service_token)) - - -### Nested Schema for `result.policies.exclude.any_valid_service_token` - - - -### Nested Schema for `result.policies.exclude.auth_context` - -Read-Only: - -- `ac_id` (String) The ACID of an Authentication context. -- `id` (String) The ID of an Authentication context. -- `identity_provider_id` (String) The ID of your Azure identity provider. - - - -### Nested Schema for `result.policies.exclude.auth_method` - -Read-Only: - -- `auth_method` (String) The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2. - - - -### Nested Schema for `result.policies.exclude.azure_ad` - -Read-Only: - -- `id` (String) The ID of an Azure group. -- `identity_provider_id` (String) The ID of your Azure identity provider. - - - -### Nested Schema for `result.policies.exclude.certificate` - - - -### Nested Schema for `result.policies.exclude.common_name` - -Read-Only: - -- `common_name` (String) The common name to match. - - - -### Nested Schema for `result.policies.exclude.device_posture` - -Read-Only: - -- `integration_uid` (String) The ID of a device posture integration. - - - -### Nested Schema for `result.policies.exclude.email` - -Read-Only: - -- `email` (String) The email of the user. - - - -### Nested Schema for `result.policies.exclude.email_domain` - -Read-Only: - -- `domain` (String) The email domain to match. - - - -### Nested Schema for `result.policies.exclude.email_list` - -Read-Only: - -- `id` (String) The ID of a previously created email list. - - - -### Nested Schema for `result.policies.exclude.everyone` - - - -### Nested Schema for `result.policies.exclude.external_evaluation` - -Read-Only: - -- `evaluate_url` (String) The API endpoint containing your business logic. -- `keys_url` (String) The API endpoint containing the key that Access uses to verify that the response came from your API. - - - -### Nested Schema for `result.policies.exclude.geo` - -Read-Only: - -- `country_code` (String) The country code that should be matched. - - - -### Nested Schema for `result.policies.exclude.github_organization` - -Read-Only: - -- `identity_provider_id` (String) The ID of your Github identity provider. -- `name` (String) The name of the organization. -- `team` (String) The name of the team - - - -### Nested Schema for `result.policies.exclude.group` - -Read-Only: - -- `id` (String) The ID of a previously created Access group. - - - -### Nested Schema for `result.policies.exclude.gsuite` - -Read-Only: - -- `email` (String) The email of the Google Workspace group. -- `identity_provider_id` (String) The ID of your Google Workspace identity provider. - - - -### Nested Schema for `result.policies.exclude.ip` - -Read-Only: - -- `ip` (String) An IPv4 or IPv6 CIDR block. - - - -### Nested Schema for `result.policies.exclude.ip_list` - -Read-Only: - -- `id` (String) The ID of a previously created IP list. - - - -### Nested Schema for `result.policies.exclude.okta` - -Read-Only: - -- `identity_provider_id` (String) The ID of your Okta identity provider. -- `name` (String) The name of the Okta group. - - - -### Nested Schema for `result.policies.exclude.saml` - -Read-Only: - -- `attribute_name` (String) The name of the SAML attribute. -- `attribute_value` (String) The SAML attribute value to look for. -- `identity_provider_id` (String) The ID of your SAML identity provider. - - - -### Nested Schema for `result.policies.exclude.service_token` - -Read-Only: - -- `token_id` (String) The ID of a Service Token. - - - - -### Nested Schema for `result.policies.include` - -Read-Only: - -- `any_valid_service_token` (Attributes) An empty object which matches on all service tokens. (see [below for nested schema](#nestedatt--result--policies--include--any_valid_service_token)) -- `auth_context` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--auth_context)) -- `auth_method` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--auth_method)) -- `azure_ad` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--azure_ad)) -- `certificate` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--certificate)) -- `common_name` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--common_name)) -- `device_posture` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--device_posture)) -- `email` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--email)) -- `email_domain` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--email_domain)) -- `email_list` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--email_list)) -- `everyone` (Attributes) An empty object which matches on all users. (see [below for nested schema](#nestedatt--result--policies--include--everyone)) -- `external_evaluation` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--external_evaluation)) -- `geo` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--geo)) -- `github_organization` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--github_organization)) -- `group` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--group)) -- `gsuite` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--gsuite)) -- `ip` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--ip)) -- `ip_list` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--ip_list)) -- `okta` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--okta)) -- `saml` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--saml)) -- `service_token` (Attributes) (see [below for nested schema](#nestedatt--result--policies--include--service_token)) - - -### Nested Schema for `result.policies.include.any_valid_service_token` - - - -### Nested Schema for `result.policies.include.auth_context` - -Read-Only: - -- `ac_id` (String) The ACID of an Authentication context. -- `id` (String) The ID of an Authentication context. -- `identity_provider_id` (String) The ID of your Azure identity provider. - - - -### Nested Schema for `result.policies.include.auth_method` - -Read-Only: - -- `auth_method` (String) The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2. - - - -### Nested Schema for `result.policies.include.azure_ad` - -Read-Only: - -- `id` (String) The ID of an Azure group. -- `identity_provider_id` (String) The ID of your Azure identity provider. - - - -### Nested Schema for `result.policies.include.certificate` - - - -### Nested Schema for `result.policies.include.common_name` - -Read-Only: - -- `common_name` (String) The common name to match. - - - -### Nested Schema for `result.policies.include.device_posture` - -Read-Only: - -- `integration_uid` (String) The ID of a device posture integration. - - - -### Nested Schema for `result.policies.include.email` - -Read-Only: - -- `email` (String) The email of the user. - - - -### Nested Schema for `result.policies.include.email_domain` - -Read-Only: - -- `domain` (String) The email domain to match. - - - -### Nested Schema for `result.policies.include.email_list` - -Read-Only: - -- `id` (String) The ID of a previously created email list. - - - -### Nested Schema for `result.policies.include.everyone` - - - -### Nested Schema for `result.policies.include.external_evaluation` - -Read-Only: - -- `evaluate_url` (String) The API endpoint containing your business logic. -- `keys_url` (String) The API endpoint containing the key that Access uses to verify that the response came from your API. - - - -### Nested Schema for `result.policies.include.geo` - -Read-Only: - -- `country_code` (String) The country code that should be matched. - - - -### Nested Schema for `result.policies.include.github_organization` - -Read-Only: - -- `identity_provider_id` (String) The ID of your Github identity provider. -- `name` (String) The name of the organization. -- `team` (String) The name of the team - - - -### Nested Schema for `result.policies.include.group` - -Read-Only: - -- `id` (String) The ID of a previously created Access group. - - - -### Nested Schema for `result.policies.include.gsuite` - -Read-Only: - -- `email` (String) The email of the Google Workspace group. -- `identity_provider_id` (String) The ID of your Google Workspace identity provider. - - - -### Nested Schema for `result.policies.include.ip` - -Read-Only: - -- `ip` (String) An IPv4 or IPv6 CIDR block. - - - -### Nested Schema for `result.policies.include.ip_list` - -Read-Only: - -- `id` (String) The ID of a previously created IP list. - - - -### Nested Schema for `result.policies.include.okta` - -Read-Only: - -- `identity_provider_id` (String) The ID of your Okta identity provider. -- `name` (String) The name of the Okta group. - - - -### Nested Schema for `result.policies.include.saml` - -Read-Only: - -- `attribute_name` (String) The name of the SAML attribute. -- `attribute_value` (String) The SAML attribute value to look for. -- `identity_provider_id` (String) The ID of your SAML identity provider. - - - -### Nested Schema for `result.policies.include.service_token` - -Read-Only: - -- `token_id` (String) The ID of a Service Token. - - - - -### Nested Schema for `result.policies.require` - -Read-Only: - -- `any_valid_service_token` (Attributes) An empty object which matches on all service tokens. (see [below for nested schema](#nestedatt--result--policies--require--any_valid_service_token)) -- `auth_context` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--auth_context)) -- `auth_method` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--auth_method)) -- `azure_ad` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--azure_ad)) -- `certificate` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--certificate)) -- `common_name` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--common_name)) -- `device_posture` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--device_posture)) -- `email` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--email)) -- `email_domain` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--email_domain)) -- `email_list` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--email_list)) -- `everyone` (Attributes) An empty object which matches on all users. (see [below for nested schema](#nestedatt--result--policies--require--everyone)) -- `external_evaluation` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--external_evaluation)) -- `geo` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--geo)) -- `github_organization` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--github_organization)) -- `group` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--group)) -- `gsuite` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--gsuite)) -- `ip` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--ip)) -- `ip_list` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--ip_list)) -- `okta` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--okta)) -- `saml` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--saml)) -- `service_token` (Attributes) (see [below for nested schema](#nestedatt--result--policies--require--service_token)) - - -### Nested Schema for `result.policies.require.any_valid_service_token` - - - -### Nested Schema for `result.policies.require.auth_context` - -Read-Only: - -- `ac_id` (String) The ACID of an Authentication context. -- `id` (String) The ID of an Authentication context. -- `identity_provider_id` (String) The ID of your Azure identity provider. - - - -### Nested Schema for `result.policies.require.auth_method` - -Read-Only: - -- `auth_method` (String) The type of authentication method https://datatracker.ietf.org/doc/html/rfc8176#section-2. - - - -### Nested Schema for `result.policies.require.azure_ad` - -Read-Only: - -- `id` (String) The ID of an Azure group. -- `identity_provider_id` (String) The ID of your Azure identity provider. - - - -### Nested Schema for `result.policies.require.certificate` - - - -### Nested Schema for `result.policies.require.common_name` - -Read-Only: - -- `common_name` (String) The common name to match. - - - -### Nested Schema for `result.policies.require.device_posture` - -Read-Only: - -- `integration_uid` (String) The ID of a device posture integration. - - - -### Nested Schema for `result.policies.require.email` - -Read-Only: - -- `email` (String) The email of the user. - - - -### Nested Schema for `result.policies.require.email_domain` - -Read-Only: - -- `domain` (String) The email domain to match. - - - -### Nested Schema for `result.policies.require.email_list` - -Read-Only: - -- `id` (String) The ID of a previously created email list. - - - -### Nested Schema for `result.policies.require.everyone` - - - -### Nested Schema for `result.policies.require.external_evaluation` - -Read-Only: - -- `evaluate_url` (String) The API endpoint containing your business logic. -- `keys_url` (String) The API endpoint containing the key that Access uses to verify that the response came from your API. - - - -### Nested Schema for `result.policies.require.geo` - -Read-Only: - -- `country_code` (String) The country code that should be matched. - - - -### Nested Schema for `result.policies.require.github_organization` - -Read-Only: - -- `identity_provider_id` (String) The ID of your Github identity provider. -- `name` (String) The name of the organization. -- `team` (String) The name of the team - - - -### Nested Schema for `result.policies.require.group` - -Read-Only: - -- `id` (String) The ID of a previously created Access group. - - - -### Nested Schema for `result.policies.require.gsuite` - -Read-Only: - -- `email` (String) The email of the Google Workspace group. -- `identity_provider_id` (String) The ID of your Google Workspace identity provider. - - - -### Nested Schema for `result.policies.require.ip` - -Read-Only: - -- `ip` (String) An IPv4 or IPv6 CIDR block. - - - -### Nested Schema for `result.policies.require.ip_list` - -Read-Only: - -- `id` (String) The ID of a previously created IP list. - - - -### Nested Schema for `result.policies.require.okta` - -Read-Only: - -- `identity_provider_id` (String) The ID of your Okta identity provider. -- `name` (String) The name of the Okta group. - - - -### Nested Schema for `result.policies.require.saml` - -Read-Only: - -- `attribute_name` (String) The name of the SAML attribute. -- `attribute_value` (String) The SAML attribute value to look for. -- `identity_provider_id` (String) The ID of your SAML identity provider. - - - -### Nested Schema for `result.policies.require.service_token` - -Read-Only: - -- `token_id` (String) The ID of a Service Token. - - - - ### Nested Schema for `result.saas_app` diff --git a/docs/data-sources/zero_trust_access_policies.md b/docs/data-sources/zero_trust_access_policies.md index 770a94244b..45dd4dbd49 100644 --- a/docs/data-sources/zero_trust_access_policies.md +++ b/docs/data-sources/zero_trust_access_policies.md @@ -37,15 +37,33 @@ data "cloudflare_zero_trust_access_policies" "example_zero_trust_access_policies Read-Only: +- `app_count` (Number) Number of access applications currently using this policy. +- `approval_groups` (Attributes List) Administrators who can approve a temporary authentication request. (see [below for nested schema](#nestedatt--result--approval_groups)) +- `approval_required` (Boolean) Requires the user to request access from an administrator at the start of each session. - `created_at` (String) - `decision` (String) The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. - `exclude` (Attributes List) Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules. (see [below for nested schema](#nestedatt--result--exclude)) - `id` (String) The UUID of the policy - `include` (Attributes List) Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules. (see [below for nested schema](#nestedatt--result--include)) +- `isolation_required` (Boolean) Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature. - `name` (String) The name of the Access policy. +- `purpose_justification_prompt` (String) A custom message that will appear on the purpose justification screen. +- `purpose_justification_required` (Boolean) Require users to enter a justification when they log in to the application. - `require` (Attributes List) Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules. (see [below for nested schema](#nestedatt--result--require)) +- `reusable` (Boolean) +- `session_duration` (String) The amount of time that tokens issued for the application will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. - `updated_at` (String) + +### Nested Schema for `result.approval_groups` + +Read-Only: + +- `approvals_needed` (Number) The number of approvals needed to obtain access. +- `email_addresses` (List of String) A list of emails that can approve the access request. +- `email_list_uuid` (String) The UUID of an re-usable email list. + + ### Nested Schema for `result.exclude` diff --git a/docs/data-sources/zero_trust_access_policy.md b/docs/data-sources/zero_trust_access_policy.md index 57c22f095b..3278d7ad24 100644 --- a/docs/data-sources/zero_trust_access_policy.md +++ b/docs/data-sources/zero_trust_access_policy.md @@ -29,13 +29,21 @@ data "cloudflare_zero_trust_access_policy" "example_zero_trust_access_policy" { ### Read-Only +- `app_count` (Number) Number of access applications currently using this policy. +- `approval_groups` (Attributes List) Administrators who can approve a temporary authentication request. (see [below for nested schema](#nestedatt--approval_groups)) +- `approval_required` (Boolean) Requires the user to request access from an administrator at the start of each session. - `created_at` (String) - `decision` (String) The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. - `exclude` (Attributes List) Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules. (see [below for nested schema](#nestedatt--exclude)) - `id` (String) The UUID of the policy - `include` (Attributes List) Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules. (see [below for nested schema](#nestedatt--include)) +- `isolation_required` (Boolean) Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature. - `name` (String) The name of the Access policy. +- `purpose_justification_prompt` (String) A custom message that will appear on the purpose justification screen. +- `purpose_justification_required` (Boolean) Require users to enter a justification when they log in to the application. - `require` (Attributes List) Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules. (see [below for nested schema](#nestedatt--require)) +- `reusable` (Boolean) +- `session_duration` (String) The amount of time that tokens issued for the application will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. - `updated_at` (String) @@ -46,6 +54,16 @@ Required: - `account_id` (String) Identifier + +### Nested Schema for `approval_groups` + +Read-Only: + +- `approvals_needed` (Number) The number of approvals needed to obtain access. +- `email_addresses` (List of String) A list of emails that can approve the access request. +- `email_list_uuid` (String) The UUID of an re-usable email list. + + ### Nested Schema for `exclude` diff --git a/docs/resources/address_map.md b/docs/resources/address_map.md index 67e2d75a97..9201f80564 100644 --- a/docs/resources/address_map.md +++ b/docs/resources/address_map.md @@ -13,7 +13,7 @@ description: |- ```terraform resource "cloudflare_address_map" "example_address_map" { - account_id = "023e105f4ecef8ad9ca31a8372d0c353" + account_id = "258def64c72dae45f3e4c8516e2111f2" description = "My Ecommerce zones" enabled = true ips = ["192.0.2.1"] @@ -31,7 +31,7 @@ resource "cloudflare_address_map" "example_address_map" { ### Required -- `account_id` (String) Identifier +- `account_id` (String) Identifier of a Cloudflare account. ### Optional @@ -46,7 +46,7 @@ resource "cloudflare_address_map" "example_address_map" { - `can_delete` (Boolean) If set to false, then the Address Map cannot be deleted via API. This is true for Cloudflare-managed maps. - `can_modify_ips` (Boolean) If set to false, then the IPs on the Address Map cannot be modified via the API. This is true for Cloudflare-managed maps. - `created_at` (String) -- `id` (String) Identifier +- `id` (String) Identifier of an Address Map. - `modified_at` (String) diff --git a/docs/resources/api_shield_operation.md b/docs/resources/api_shield_operation.md index 3c31408de2..0df4bed576 100644 --- a/docs/resources/api_shield_operation.md +++ b/docs/resources/api_shield_operation.md @@ -14,11 +14,9 @@ description: |- ```terraform resource "cloudflare_api_shield_operation" "example_api_shield_operation" { zone_id = "023e105f4ecef8ad9ca31a8372d0c353" - operations = [{ - endpoint = "/api/v1/users/{var1}" - host = "www.example.com" - method = "GET" - }] + endpoint = "/api/v1/users/{var1}" + host = "www.example.com" + method = "GET" } ``` @@ -27,30 +25,17 @@ resource "cloudflare_api_shield_operation" "example_api_shield_operation" { ### Required -- `operations` (Attributes List) (see [below for nested schema](#nestedatt--operations)) +- `endpoint` (String) The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/. +- `host` (String) RFC3986-compliant host. +- `method` (String) The HTTP method used to access the endpoint. - `zone_id` (String) Identifier -### Optional - -- `operation_id` (String) UUID - ### Read-Only -- `endpoint` (String) The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/. - `features` (Attributes) (see [below for nested schema](#nestedatt--features)) -- `host` (String) RFC3986-compliant host. +- `id` (String) UUID - `last_updated` (String) -- `method` (String) The HTTP method used to access the endpoint. - - -### Nested Schema for `operations` - -Required: - -- `endpoint` (String) The endpoint which can contain path parameter templates in curly braces, each will be replaced from left to right with {varN}, starting with {var1}, during insertion. This will further be Cloudflare-normalized upon insertion. See: https://developers.cloudflare.com/rules/normalization/how-it-works/. -- `host` (String) RFC3986-compliant host. -- `method` (String) The HTTP method used to access the endpoint. - +- `operation_id` (String) UUID ### Nested Schema for `features` @@ -181,4 +166,10 @@ Read-Only: - `requests` (Number) The estimated number of requests covered by these calculations. - `suggested_threshold` (Number) The suggested threshold in requests done by the same auth_id or period_seconds. +## Import +Import is supported using the following syntax: + +```shell +$ terraform import cloudflare_api_shield_operation.example '/' +``` diff --git a/docs/resources/authenticated_origin_pulls_certificate.md b/docs/resources/authenticated_origin_pulls_certificate.md index 944deafc16..58d51bebed 100644 --- a/docs/resources/authenticated_origin_pulls_certificate.md +++ b/docs/resources/authenticated_origin_pulls_certificate.md @@ -81,8 +81,13 @@ resource "cloudflare_authenticated_origin_pulls_certificate" "example_authentica - `private_key` (String) The zone's private key. - `zone_id` (String) Identifier +### Optional + +- `certificate_id` (String) Identifier + ### Read-Only +- `enabled` (Boolean) Indicates whether zone-level authenticated origin pulls is enabled. - `expires_on` (String) When the certificate from the authority expires. - `id` (String) Identifier - `issuer` (String) The certificate authority that issued the certificate. @@ -90,10 +95,4 @@ resource "cloudflare_authenticated_origin_pulls_certificate" "example_authentica - `status` (String) Status of the certificate activation. - `uploaded_on` (String) This is the time the certificate was uploaded. -## Import -Import is supported using the following syntax: - -```shell -$ terraform import cloudflare_authenticated_origin_pulls_certificate.example '/' -``` diff --git a/docs/resources/byo_ip_prefix.md b/docs/resources/byo_ip_prefix.md index 2ba76cc1de..4432408939 100644 --- a/docs/resources/byo_ip_prefix.md +++ b/docs/resources/byo_ip_prefix.md @@ -13,7 +13,7 @@ description: |- ```terraform resource "cloudflare_byo_ip_prefix" "example_byo_ip_prefix" { - account_id = "023e105f4ecef8ad9ca31a8372d0c353" + account_id = "258def64c72dae45f3e4c8516e2111f2" asn = 209242 cidr = "192.0.2.0/24" loa_document_id = "d933b1530bc56c9953cf8ce166da8004" @@ -25,7 +25,7 @@ resource "cloudflare_byo_ip_prefix" "example_byo_ip_prefix" { ### Required -- `account_id` (String) Identifier +- `account_id` (String) Identifier of a Cloudflare account. - `asn` (Number) Autonomous System Number (ASN) the prefix will be advertised under. - `cidr` (String) IP Prefix in Classless Inter-Domain Routing format. - `loa_document_id` (String) Identifier for the uploaded LOA document. @@ -40,7 +40,7 @@ resource "cloudflare_byo_ip_prefix" "example_byo_ip_prefix" { - `advertised_modified_at` (String) Last time the advertisement status was changed. This field is only not 'null' if on demand is enabled. - `approved` (String) Approval state of the prefix (P = pending, V = active). - `created_at` (String) -- `id` (String) Identifier +- `id` (String) Identifier of an IP Prefix. - `modified_at` (String) - `on_demand_enabled` (Boolean) Whether advertisement of the prefix to the Internet may be dynamically enabled or disabled. - `on_demand_locked` (Boolean) Whether advertisement status of the prefix is locked, meaning it cannot be changed. diff --git a/docs/resources/dns_record.md b/docs/resources/dns_record.md index 4c5dc14b47..63ba4663cc 100644 --- a/docs/resources/dns_record.md +++ b/docs/resources/dns_record.md @@ -106,8 +106,14 @@ Optional: Optional: -- `flatten_cname` (Boolean) If enabled, causes the CNAME record to be resolved externally and the resulting address records (e.g., A and AAAA) to be returned instead of the CNAME record itself. This setting has no effect on proxied records, which are always flattened. +- `flatten_cname` (Boolean) If enabled, causes the CNAME record to be resolved externally and the resulting address records (e.g., A and AAAA) to be returned instead of the CNAME record itself. This setting is unavailable for proxied records, since they are always flattened. - `ipv4_only` (Boolean) When enabled, only A records will be generated, and AAAA records will not be created. This setting is intended for exceptional cases. Note that this option only applies to proxied records and it has no effect on whether Cloudflare communicates with the origin using IPv4 or IPv6. - `ipv6_only` (Boolean) When enabled, only AAAA records will be generated, and A records will not be created. This setting is intended for exceptional cases. Note that this option only applies to proxied records and it has no effect on whether Cloudflare communicates with the origin using IPv4 or IPv6. +## Import +Import is supported using the following syntax: + +```shell +$ terraform import cloudflare_dns_record.example '/' +``` diff --git a/docs/resources/list_item.md b/docs/resources/list_item.md index 9628f92a53..fc01b88a2e 100644 --- a/docs/resources/list_item.md +++ b/docs/resources/list_item.md @@ -54,16 +54,11 @@ resource "cloudflare_list_item" "example_list_item" { ### Read-Only -- `include_subdomains` (Boolean) +- `created_on` (String) The RFC 3339 timestamp of when the item was created. +- `id` (String) The unique ID of the list. - `item_id` (String) The unique ID of the item in the List. +- `modified_on` (String) The RFC 3339 timestamp of when the item was last modified. - `operation_id` (String) The unique operation ID of the asynchronous action. -- `preserve_path_suffix` (Boolean) -- `preserve_query_string` (Boolean) -- `source_url` (String) -- `status_code` (Number) -- `subpath_matching` (Boolean) -- `target_url` (String) -- `url_hostname` (String) ### Nested Schema for `hostname` diff --git a/docs/resources/managed_transforms.md b/docs/resources/managed_transforms.md index 22665e7a3a..f1b9af8b6f 100644 --- a/docs/resources/managed_transforms.md +++ b/docs/resources/managed_transforms.md @@ -18,17 +18,13 @@ resource "cloudflare_managed_transforms" "example_managed_transforms" { id = "add_bot_protection_headers" enabled = true has_conflict = false - conflicts_with = [{ - - }] + conflicts_with = ["add_true_client_ip_headers"] }] managed_response_headers = [{ id = "add_security_headers" enabled = true has_conflict = false - conflicts_with = [{ - - }] + conflicts_with = ["add_true_client_ip_headers"] }] } ``` diff --git a/docs/resources/queue_consumer.md b/docs/resources/queue_consumer.md index 2d341054aa..9ba8c247e8 100644 --- a/docs/resources/queue_consumer.md +++ b/docs/resources/queue_consumer.md @@ -15,6 +15,7 @@ description: |- resource "cloudflare_queue_consumer" "example_queue_consumer" { account_id = "023e105f4ecef8ad9ca31a8372d0c353" queue_id = "023e105f4ecef8ad9ca31a8372d0c353" + dead_letter_queue = "example-queue" script_name = "my-consumer-worker" settings = { batch_size = 50 @@ -38,6 +39,7 @@ resource "cloudflare_queue_consumer" "example_queue_consumer" { ### Optional - `consumer_id` (String) A Resource identifier. +- `dead_letter_queue` (String) - `script_name` (String) Name of a Worker - `settings` (Attributes) (see [below for nested schema](#nestedatt--settings)) - `type` (String) diff --git a/docs/resources/workers_script.md b/docs/resources/workers_script.md index 7a0f925c69..4235a9d62b 100644 --- a/docs/resources/workers_script.md +++ b/docs/resources/workers_script.md @@ -88,17 +88,24 @@ resource "cloudflare_workers_script" "example_workers_script" { - `compatibility_flags` (List of String) Flags that enable or disable certain features in the Workers runtime. Used to enable upcoming features or opt in or out of specific changes not included in a `compatibility_date`. - `keep_assets` (Boolean) Retain assets which exist for a previously uploaded Worker version; used in lieu of providing a completion token. - `keep_bindings` (List of String) List of binding types to keep from previous_upload. -- `logpush` (Boolean) Whether Logpush is turned on for the Worker. - `main_module` (String) Name of the part in the multipart request that contains the main module (e.g. the file exporting a `fetch` handler). Indicates a `module syntax` Worker. - `migrations` (Attributes) Migrations to apply for Durable Objects associated with this Worker. (see [below for nested schema](#nestedatt--migrations)) - `observability` (Attributes) Observability settings for the Worker. (see [below for nested schema](#nestedatt--observability)) - `placement` (Attributes) Configuration for [Smart Placement](https://developers.cloudflare.com/workers/configuration/smart-placement). (see [below for nested schema](#nestedatt--placement)) - `tail_consumers` (Attributes List) List of Workers that will consume logs from the attached Worker. (see [below for nested schema](#nestedatt--tail_consumers)) -- `usage_model` (String) Usage model for the Worker invocations. ### Read-Only +- `etag` (String) Hashed script content, can be used in a If-None-Match header when updating. +- `has_assets` (Boolean) Whether a Worker contains assets. +- `has_modules` (Boolean) Whether a Worker contains modules. - `id` (String) Name of the script, used in URLs and route configuration. +- `logpush` (Boolean) Whether Logpush is turned on for the Worker. +- `modified_on` (String) When the script was last modified. +- `placement_mode` (String) Enables [Smart Placement](https://developers.cloudflare.com/workers/configuration/smart-placement). +- `placement_status` (String) Status of [Smart Placement](https://developers.cloudflare.com/workers/configuration/smart-placement). +- `startup_time_ms` (Number) +- `usage_model` (String) Usage model for the Worker invocations. ### Nested Schema for `assets` diff --git a/docs/resources/zero_trust_access_application.md b/docs/resources/zero_trust_access_application.md index ebeb0150ec..68af5b3ae4 100644 --- a/docs/resources/zero_trust_access_application.md +++ b/docs/resources/zero_trust_access_application.md @@ -191,6 +191,7 @@ Optional: Optional: +- `connection_rules` (Attributes) The rules that define how users may connect to the targets secured by your application. (see [below for nested schema](#nestedatt--policies--connection_rules)) - `decision` (String) The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action. - `exclude` (Attributes List) Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules. (see [below for nested schema](#nestedatt--policies--exclude)) - `id` (String) The UUID of the policy @@ -199,6 +200,26 @@ Optional: - `precedence` (Number) The order of execution for this policy. Must be unique for each policy within an app. - `require` (Attributes List) Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules. (see [below for nested schema](#nestedatt--policies--require)) + +### Nested Schema for `policies.connection_rules` + +Optional: + +- `ssh` (Attributes) The SSH-specific rules that define how users may connect to the targets secured by your application. (see [below for nested schema](#nestedatt--policies--connection_rules--ssh)) + + +### Nested Schema for `policies.connection_rules.ssh` + +Required: + +- `usernames` (List of String) Contains the Unix usernames that may be used when connecting over SSH. + +Optional: + +- `allow_email_alias` (Boolean) Enables using Identity Provider email alias as SSH username. + + + ### Nested Schema for `policies.exclude` diff --git a/docs/resources/zero_trust_access_policy.md b/docs/resources/zero_trust_access_policy.md index f76fec47de..f7c8648203 100644 --- a/docs/resources/zero_trust_access_policy.md +++ b/docs/resources/zero_trust_access_policy.md @@ -26,16 +26,30 @@ resource "cloudflare_zero_trust_access_policy" "example_zero_trust_access_policy } }] name = "Allow devs" + approval_groups = [{ + approvals_needed = 1 + email_addresses = ["test1@cloudflare.com", "test2@cloudflare.com"] + email_list_uuid = "email_list_uuid" + }, { + approvals_needed = 3 + email_addresses = ["test@cloudflare.com", "test2@cloudflare.com"] + email_list_uuid = "597147a1-976b-4ef2-9af0-81d5d007fc34" + }] + approval_required = true exclude = [{ group = { id = "aa0a4aab-672b-4bdb-bc33-a59f1130a11f" } }] + isolation_required = false + purpose_justification_prompt = "Please enter a justification for entering this protected domain." + purpose_justification_required = true require = [{ group = { id = "aa0a4aab-672b-4bdb-bc33-a59f1130a11f" } }] + session_duration = "24h" } ``` @@ -50,13 +64,21 @@ resource "cloudflare_zero_trust_access_policy" "example_zero_trust_access_policy ### Optional +- `approval_groups` (Attributes List) Administrators who can approve a temporary authentication request. (see [below for nested schema](#nestedatt--approval_groups)) +- `approval_required` (Boolean) Requires the user to request access from an administrator at the start of each session. - `exclude` (Attributes List) Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules. (see [below for nested schema](#nestedatt--exclude)) +- `isolation_required` (Boolean) Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature. +- `purpose_justification_prompt` (String) A custom message that will appear on the purpose justification screen. +- `purpose_justification_required` (Boolean) Require users to enter a justification when they log in to the application. - `require` (Attributes List) Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules. (see [below for nested schema](#nestedatt--require)) +- `session_duration` (String) The amount of time that tokens issued for the application will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. ### Read-Only +- `app_count` (Number) Number of access applications currently using this policy. - `created_at` (String) - `id` (String) The UUID of the policy +- `reusable` (Boolean) - `updated_at` (String) @@ -256,6 +278,19 @@ Required: + +### Nested Schema for `approval_groups` + +Required: + +- `approvals_needed` (Number) The number of approvals needed to obtain access. + +Optional: + +- `email_addresses` (List of String) A list of emails that can approve the access request. +- `email_list_uuid` (String) The UUID of an re-usable email list. + + ### Nested Schema for `exclude`