@gradientedge/cdk-utils 9.89.0 → 10.0.0

package/src/lib/cloudflare/construct/pages-static-site/main.ts

@@ -1,18 +1,12 @@
-import { DataAwsSecretsmanagerSecretVersion } from '@cdktf/provider-aws/lib/data-aws-secretsmanager-secret-version/index.js'
-import { DataAwsSecretsmanagerSecret } from '@cdktf/provider-aws/lib/data-aws-secretsmanager-secret/index.js'
-import { DataAzurermKeyVaultSecret } from '@cdktf/provider-azurerm/lib/data-azurerm-key-vault-secret/index.js'
-import { DataAzurermKeyVault } from '@cdktf/provider-azurerm/lib/data-azurerm-key-vault/index.js'
-import { DataCloudflareZone } from '@cdktf/provider-cloudflare/lib/data-cloudflare-zone/index.js'
-import { DnsRecord } from '@cdktf/provider-cloudflare/lib/dns-record/index.js'
-import { PagesDomain } from '@cdktf/provider-cloudflare/lib/pages-domain/index.js'
+import * as aws from '@pulumi/aws'
+import * as azure from '@pulumi/azure-native'
+import { DnsRecord, PagesDomain, PagesProject, Zone } from '@pulumi/cloudflare'
 import {
-  PagesProject,
   PagesProjectDeploymentConfigsPreviewEnvVars,
   PagesProjectDeploymentConfigsProductionEnvVars,
-} from '@cdktf/provider-cloudflare/lib/pages-project/index.js'
-import { Zone } from '@cdktf/provider-cloudflare/lib/zone/index.js'
-import { Fn } from 'cdktf'
-import { Construct } from 'constructs'
+} from '@pulumi/cloudflare/types/input.js'
+import { ComponentResourceOptions } from '@pulumi/pulumi'
+import * as std from '@pulumi/std'
 import { CommonCloudflareConstruct } from '../../common/index.js'
 import { CloudflarePagesStaticSiteProps } from './types.js'
 
@@ -38,16 +32,17 @@ export class CloudflarePagesStaticSite extends CommonCloudflareConstruct {
   sitePagesCnameRecord: DnsRecord
   sitePagesDomain: PagesDomain
   sitePagesProject: PagesProject
-  siteZone: DataCloudflareZone | Zone
+  siteZone: Zone
   sitePagesEnvironmentVariables: { [key: string]: PagesProjectDeploymentConfigsProductionEnvVars }
   sitePagesPreviewEnvironmentVariables: { [key: string]: PagesProjectDeploymentConfigsPreviewEnvVars }
   sitePagesSecrets: { [key: string]: PagesProjectDeploymentConfigsProductionEnvVars }
   sitePagesPreviewSecrets: { [key: string]: PagesProjectDeploymentConfigsPreviewEnvVars }
   siteDeploymentDependsOn: any
 
-  constructor(parent: Construct, id: string, props: CloudflarePagesStaticSiteProps) {
-    super(parent, id, props)
+  constructor(id: string, props: CloudflarePagesStaticSiteProps, options?: ComponentResourceOptions) {
+    super(id, props)
     this.props = props
+    this.options = options
     this.id = id
   }
 
@@ -116,14 +111,11 @@ export class CloudflarePagesStaticSite extends CommonCloudflareConstruct {
    * @returns the secret value
    */
   protected resolveSecretFromAWS(secretName: string, secretKey: string) {
-    if (!this.awsProvider) return
-    const secret = new DataAwsSecretsmanagerSecret(this, `${this.id}-${secretName}-${secretKey}`, { name: secretName })
-    const secretVersion = new DataAwsSecretsmanagerSecretVersion(this, `${this.id}-${secretName}-${secretKey}-ver`, {
-      provider: this.awsProvider,
-      secretId: secret.id,
-    })
+    if (this.config.require('secretsProvider') !== 'aws') return
+    const secret = aws.secretsmanager.getSecretOutput({ name: secretName })
+    const secretVersion = aws.secretsmanager.getSecretVersionOutput({ secretId: secret.id })
     if (!secretVersion) throw new Error(`Unable to resolve secret:${secretName}`)
-    return Fn.lookup(Fn.jsondecode(secretVersion.secretString), secretKey)
+    return std.jsondecodeOutput({ input: secretVersion.secretString })
   }
 
   /**
@@ -135,26 +127,14 @@ export class CloudflarePagesStaticSite extends CommonCloudflareConstruct {
    * @returns the secret value
    */
   protected resolveSecretFromAzure(resourceGroupName: string, keyVaultName: string, secretKey: string) {
-    const keyVaultData = new DataAzurermKeyVault(
-      this,
-      `${this.id}-${resourceGroupName}-${keyVaultName}-${secretKey}-vault`,
-      {
-        resourceGroupName: resourceGroupName,
-        name: keyVaultName,
-        provider: this.azurermProvider,
-      }
-    )
-    const secretValueData = new DataAzurermKeyVaultSecret(
-      this,
-      `${this.id}-${resourceGroupName}-${keyVaultName}-${secretKey}-secret`,
-      {
-        name: secretKey,
-        keyVaultId: keyVaultData.id,
-        provider: this.azurermProvider,
-      }
-    )
+    if (this.config.require('secretsProvider') !== 'azure') return
+    const secretValueData = azure.keyvault.getSecretOutput({
+      resourceGroupName,
+      secretName: secretKey,
+      vaultName: keyVaultName,
+    })
     if (!secretValueData) throw new Error(`Unable to resolve secret:${secretKey}`)
-    return secretValueData.value
+    return secretValueData.properties?.value
   }
 
   /**
@@ -201,7 +181,7 @@ export class CloudflarePagesStaticSite extends CommonCloudflareConstruct {
       branch: this.props.siteBranch ?? 'main',
       directory: this.props.siteAssetDir,
       message: this.props.siteDeployMessage,
-      projectName: this.sitePagesProject.name,
+      projectName: String(this.sitePagesProject.name),
       dependsOn: this.siteDeploymentDependsOn,
     })
   }

package/src/lib/cloudflare/construct/worker-site/main.ts

@@ -1,12 +1,10 @@
-import { DataAwsSecretsmanagerSecretVersion } from '@cdktf/provider-aws/lib/data-aws-secretsmanager-secret-version/index.js'
-import { DataAwsSecretsmanagerSecret } from '@cdktf/provider-aws/lib/data-aws-secretsmanager-secret/index.js'
-import { DataAzurermKeyVaultSecret } from '@cdktf/provider-azurerm/lib/data-azurerm-key-vault-secret/index.js'
-import { DataAzurermKeyVault } from '@cdktf/provider-azurerm/lib/data-azurerm-key-vault/index.js'
-import { DataCloudflareZone } from '@cdktf/provider-cloudflare/lib/data-cloudflare-zone/index.js'
-import { WorkersScript, WorkersScriptBindings } from '@cdktf/provider-cloudflare/lib/workers-script/index.js'
-import { Zone } from '@cdktf/provider-cloudflare/lib/zone/index.js'
-import { AssetType, Fn, TerraformAsset } from 'cdktf'
-import { Construct } from 'constructs'
+import * as aws from '@pulumi/aws'
+import * as azure from '@pulumi/azure-native'
+import { Ruleset, WorkersCustomDomain, WorkersScript, Zone, ZoneSetting } from '@pulumi/cloudflare'
+import { WorkersScriptBinding } from '@pulumi/cloudflare/types/input.js'
+import { ComponentResourceOptions } from '@pulumi/pulumi'
+import * as std from '@pulumi/std'
+import fs from 'fs'
 import { CommonCloudflareConstruct } from '../../common/index.js'
 import { CloudflareWorkerSiteProps } from './types.js'
 
@@ -29,14 +27,18 @@ export class CloudflareWorkerSite extends CommonCloudflareConstruct {
   declare props: CloudflareWorkerSiteProps
 
   /* worker site resources */
-  siteZone: DataCloudflareZone | Zone
+  siteZone: Zone
   siteWorkerScript: WorkersScript
-  workerPlainTextBindingEnvironmentVariables: WorkersScriptBindings[] = []
-  workerSecretTextBindingEnvironmentVariables: WorkersScriptBindings[] = []
+  siteWorkerDomain: WorkersCustomDomain
+  siteRuleSet: Ruleset
+  siteZoneSetting: ZoneSetting
+  workerPlainTextBindingEnvironmentVariables: WorkersScriptBinding[] = []
+  workerSecretTextBindingEnvironmentVariables: WorkersScriptBinding[] = []
 
-  constructor(parent: Construct, id: string, props: CloudflareWorkerSiteProps) {
-    super(parent, id, props)
+  constructor(id: string, props: CloudflareWorkerSiteProps, options?: ComponentResourceOptions) {
+    super(id, props)
     this.props = props
+    this.options = options
     this.id = id
   }
 
@@ -79,14 +81,10 @@ export class CloudflareWorkerSite extends CommonCloudflareConstruct {
    * @summary Create the worker
    */
   protected createWorker() {
-    const workerContent = new TerraformAsset(this, `${this.id}-worker-content`, {
-      path: this.props.siteWorkerAsset,
-      type: AssetType.FILE,
-    })
-
+    const workerContent = fs.readFileSync(this.props.siteWorkerAsset, 'utf-8')
     this.siteWorkerScript = this.workerManager.createWorkerScript(`${this.id}-worker-script`, this, {
       ...this.props.siteWorkerScript,
-      content: Fn.file(workerContent.path),
+      content: workerContent,
     })
   }
 
@@ -94,7 +92,7 @@ export class CloudflareWorkerSite extends CommonCloudflareConstruct {
    * @summary Create the worker domain
    */
   protected createWorkerDomain() {
-    this.workerManager.createWorkerDomain(`${this.id}-worker-domain`, this, {
+    this.siteWorkerDomain = this.workerManager.createWorkerDomain(`${this.id}-worker-domain`, this, {
       ...this.props.siteWorkerDomain,
       environment: this.props.siteWorkerDomain.environment ?? 'production',
       hostname: `${this.props.siteSubDomain}.${this.props.domainName}`,
@@ -108,23 +106,12 @@ export class CloudflareWorkerSite extends CommonCloudflareConstruct {
    * @param secretKey the secret key
    * @returns the secret value
    */
-  protected resolveSecretFromAWS(secretName: string, secretKey: string, id?: string) {
-    if (!this.awsProvider) {
-      throw new Error(`Unable to resolve secret:${secretKey}. AWS provider not found`)
-    }
-    const secret = new DataAwsSecretsmanagerSecret(this, id ?? `${this.id}-${secretName}-${secretKey}`, {
-      name: secretName,
-    })
-    const secretVersion = new DataAwsSecretsmanagerSecretVersion(
-      this,
-      id ? `${id}-ver` : `${this.id}-${secretName}-${secretKey}-ver`,
-      {
-        provider: this.awsProvider,
-        secretId: secret.id,
-      }
-    )
+  protected resolveSecretFromAWS(secretName: string, secretKey: string) {
+    if (this.config.require('secretsProvider') !== 'aws') return
+    const secret = aws.secretsmanager.getSecretOutput({ name: secretName })
+    const secretVersion = aws.secretsmanager.getSecretVersionOutput({ secretId: secret.id })
     if (!secretVersion) throw new Error(`Unable to resolve secret:${secretName}`)
-    return Fn.lookup(Fn.jsondecode(secretVersion.secretString), secretKey)
+    return std.jsondecodeOutput({ input: secretVersion.secretString })
   }
 
   /**
@@ -135,30 +122,15 @@ export class CloudflareWorkerSite extends CommonCloudflareConstruct {
    * @param secretKey the secret key
    * @returns the secret value
    */
-  protected resolveSecretFromAzure(resourceGroupName: string, keyVaultName: string, secretKey: string, id?: string) {
-    if (!this.azurermProvider) {
-      throw new Error(`Unable to resolve secret:${secretKey}. Azurerm provider not found`)
-    }
-    const keyVaultData = new DataAzurermKeyVault(
-      this,
-      id ? `${id}-vault` : `${this.id}-${resourceGroupName}-${keyVaultName}-${secretKey}-vault`,
-      {
-        resourceGroupName: resourceGroupName,
-        name: keyVaultName,
-        provider: this.azurermProvider,
-      }
-    )
-    const secretValueData = new DataAzurermKeyVaultSecret(
-      this,
-      id ? `${id}-secret` : `${this.id}-${resourceGroupName}-${keyVaultName}-${secretKey}-secret`,
-      {
-        name: secretKey,
-        keyVaultId: keyVaultData.id,
-        provider: this.azurermProvider,
-      }
-    )
+  protected resolveSecretFromAzure(resourceGroupName: string, keyVaultName: string, secretKey: string) {
+    if (this.config.require('secretsProvider') !== 'azure') return
+    const secretValueData = azure.keyvault.getSecretOutput({
+      resourceGroupName,
+      secretName: secretKey,
+      vaultName: keyVaultName,
+    })
     if (!secretValueData) throw new Error(`Unable to resolve secret:${secretKey}`)
-    return secretValueData.value
+    return secretValueData.properties?.value
   }
 
   /**
@@ -166,7 +138,7 @@ export class CloudflareWorkerSite extends CommonCloudflareConstruct {
    */
   protected createRuleset() {
     if (!this.props.siteRuleSet) return
-    this.ruleSetManager.createRuleSet(`${this.id}-rule`, this, this.props.siteRuleSet)
+    this.siteRuleSet = this.ruleSetManager.createRuleSet(`${this.id}-rule`, this, this.props.siteRuleSet)
   }
 
   /**
@@ -174,6 +146,10 @@ export class CloudflareWorkerSite extends CommonCloudflareConstruct {
    */
   protected createZoneSetting() {
     if (!this.props.siteZoneSetting) return
-    this.zoneManager.createZoneSetting(`${this.id}-zone-setting`, this, this.props.siteZoneSetting)
+    this.siteZoneSetting = this.zoneManager.createZoneSetting(
+      `${this.id}-zone-setting`,
+      this,
+      this.props.siteZoneSetting
+    )
   }
 }

package/src/lib/cloudflare/index.ts

@@ -2,4 +2,3 @@ export * from './common/index.js'
 export * from './construct/index.js'
 export * from './services/index.js'
 export * from './types/index.js'
-export * from './utils/index.js'

package/src/lib/cloudflare/services/access/main.ts

@@ -1,16 +1,5 @@
-import { AccessRule } from '@cdktf/provider-cloudflare/lib/access-rule/index.js'
-import { ZeroTrustAccessApplication } from '@cdktf/provider-cloudflare/lib/zero-trust-access-application/index.js'
-import { ZeroTrustAccessCustomPage } from '@cdktf/provider-cloudflare/lib/zero-trust-access-custom-page/index.js'
-import { ZeroTrustAccessGroup } from '@cdktf/provider-cloudflare/lib/zero-trust-access-group/index.js'
-import { ZeroTrustAccessIdentityProvider } from '@cdktf/provider-cloudflare/lib/zero-trust-access-identity-provider/index.js'
-import { ZeroTrustAccessMtlsCertificate } from '@cdktf/provider-cloudflare/lib/zero-trust-access-mtls-certificate/index.js'
-import { ZeroTrustAccessPolicy } from '@cdktf/provider-cloudflare/lib/zero-trust-access-policy/index.js'
-import { ZeroTrustAccessServiceToken } from '@cdktf/provider-cloudflare/lib/zero-trust-access-service-token/index.js'
-import { ZeroTrustAccessShortLivedCertificate } from '@cdktf/provider-cloudflare/lib/zero-trust-access-short-lived-certificate/index.js'
-import { ZeroTrustAccessTag } from '@cdktf/provider-cloudflare/lib/zero-trust-access-tag/index.js'
-import { ZeroTrustOrganization } from '@cdktf/provider-cloudflare/lib/zero-trust-organization/index.js'
-import { CommonCloudflareConstruct } from '../../common/index.js'
-import { createCloudflareTfOutput } from '../../utils/index.js'
+import * as cloudflare from '@pulumi/cloudflare'
+import { CommonCloudflareConstruct } from '../../common/construct.js'
 import {
   AccessRuleProps,
   ZeroTrustAccessApplicationProps,
@@ -27,17 +16,16 @@ import {
 
 /**
  * @classdesc Provides operations on Cloudflare Access
- * - A new instance of this class is injected into {@link CommonCloudflareConstruct} constructor.
- * - If a custom construct extends {@link CommonCloudflareConstruct}, an instance is available within the context.
+ * - A new instance of this class is injected into {@link CommonCloudflareComponent} constructor.
+ * - If a custom component extends {@link CommonCloudflareComponent}, an instance is available within the context.
  * @example
  * ```
- * import { CommonCloudflareConstruct, CommonCloudflareConstruct } from '@gradientedge/cdk-utils'
+ * import { CommonCloudflareComponent, CloudflareAccessManager } from '@gradientedge/cdk-utils'
  *
- * class CustomConstruct extends CommonCloudflareConstruct {
- *   constructor(parent: Construct, id: string, props: CommonCloudflareStackProps) {
- *     super(parent, id, props)
- *     this.props = props
- *     this.accessManager.createApiShield('MyAppAccess', this, props)
+ * class CustomComponent extends CommonCloudflareComponent {
+ *   constructor(name: string, args: any, opts?: pulumi.ComponentResourceOptions) {
+ *     super(name, args, opts)
+ *     this.accessManager.createAccessApplication('MyAppAccess', this, props)
  *   }
  * }
  * ```
@@ -48,34 +36,31 @@ export class CloudflareAccessManager {
    * @param id scoped id of the resource
    * @param scope scope in which this resource is defined
    * @param props access application properties
-   * @see [CDKTF Access Application Module]{@link https://github.com/cdktf/cdktf-provider-cloudflare/blob/main/docs/zeroTrustAccessApplication.typescript.md}
+   * @see [Pulumi Cloudflare Access Application]{@link https://www.pulumi.com/registry/packages/cloudflare/api-docs/zerotrustaccessapplication/}
    */
   public createAccessApplication(id: string, scope: CommonCloudflareConstruct, props: ZeroTrustAccessApplicationProps) {
     if (!props) throw `Props undefined for ${id}`
 
     const zoneId = props.zoneId
       ? props.zoneId
-      : scope.zoneManager.resolveZone(`${id}-data-zone`, scope, { name: scope.props.domainName })?.zoneId
+      : scope.zoneManager.resolveZone(`${id}-data-zone`, scope, {
+          filter: { name: scope.props.domainName },
+        })?.id
 
-    const accessApplication = new ZeroTrustAccessApplication(scope, `${id}`, {
+    return new cloudflare.ZeroTrustAccessApplication(`${id}`, {
       ...props,
       domain: `${props.domain}-${scope.props.domainName}`,
       name: `${props.name}-${scope.props.stage}`,
       zoneId,
     })
-
-    createCloudflareTfOutput(`${id}-accessApplicationFriendlyUniqueId`, scope, accessApplication.friendlyUniqueId)
-    createCloudflareTfOutput(`${id}-accessApplicationId`, scope, accessApplication.id)
-
-    return accessApplication
   }
 
   /**
    * @summary Method to create a new Cloudflare Application Access Short Lived Certificate
    * @param id scoped id of the resource
    * @param scope scope in which this resource is defined
-   * @param props access short lived  certificate properties
-   * @see [CDKTF Access Short Lived Certificate Module]{@link https://github.com/cdktf/cdktf-provider-cloudflare/blob/main/docs/zeroTrustAccessShortLivedCertificate.typescript.md}
+   * @param props access short lived certificate properties
+   * @see [Pulumi Cloudflare Access Short Lived Certificate]{@link https://www.pulumi.com/registry/packages/cloudflare/api-docs/zerotrustaccessshortlivedcertificate/}
    */
   public createAccessShortLivedCertificate(
     id: string,
@@ -86,21 +71,14 @@ export class CloudflareAccessManager {
 
     const zoneId = props.zoneId
       ? props.zoneId
-      : scope.zoneManager.resolveZone(`${id}-data-zone`, scope, { name: scope.props.domainName })?.zoneId
+      : scope.zoneManager.resolveZone(`${id}-data-zone`, scope, {
+          filter: { name: scope.props.domainName },
+        })?.id
 
-    const accessShortLivedCertificate = new ZeroTrustAccessShortLivedCertificate(scope, `${id}`, {
+    return new cloudflare.ZeroTrustAccessShortLivedCertificate(`${id}`, {
       ...props,
       zoneId,
     })
-
-    createCloudflareTfOutput(
-      `${id}-accessShortLivedCertificateFriendlyUniqueId`,
-      scope,
-      accessShortLivedCertificate.friendlyUniqueId
-    )
-    createCloudflareTfOutput(`${id}-accessShortLivedCertificateId`, scope, accessShortLivedCertificate.id)
-
-    return accessShortLivedCertificate
   }
 
   /**
@@ -108,21 +86,16 @@ export class CloudflareAccessManager {
    * @param id scoped id of the resource
    * @param scope scope in which this resource is defined
    * @param props access custom page properties
-   * @see [CDKTF Access Custom Page Module]{@link https://github.com/cdktf/cdktf-provider-cloudflare/blob/main/docs/zeroTrustAccessCustomPage.typescript.md}
+   * @see [Pulumi Cloudflare Access Custom Page]{@link https://www.pulumi.com/registry/packages/cloudflare/api-docs/zerotrustaccesscustompage/}
    */
   public createAccessCustomPage(id: string, scope: CommonCloudflareConstruct, props: ZeroTrustAccessCustomPageProps) {
     if (!props) throw `Props undefined for ${id}`
 
-    const accessCustomPage = new ZeroTrustAccessCustomPage(scope, `${id}`, {
+    return new cloudflare.ZeroTrustAccessCustomPage(`${id}`, {
       ...props,
       accountId: props.accountId ?? scope.props.accountId,
       name: `${props.name}-${scope.props.stage}`,
     })
-
-    createCloudflareTfOutput(`${id}-accessCustomPageFriendlyUniqueId`, scope, accessCustomPage.friendlyUniqueId)
-    createCloudflareTfOutput(`${id}-accessCustomPageId`, scope, accessCustomPage.id)
-
-    return accessCustomPage
   }
 
   /**
@@ -130,25 +103,22 @@ export class CloudflareAccessManager {
    * @param id scoped id of the resource
    * @param scope scope in which this resource is defined
    * @param props access group properties
-   * @see [CDKTF Access Group Module]{@link https://github.com/cdktf/cdktf-provider-cloudflare/blob/main/docs/zeroTrustAccessGroup.typescript.md}
+   * @see [Pulumi Cloudflare Access Group]{@link https://www.pulumi.com/registry/packages/cloudflare/api-docs/zerotrustaccessgroup/}
    */
   public createAccessGroup(id: string, scope: CommonCloudflareConstruct, props: ZeroTrustAccessGroupProps) {
     if (!props) throw `Props undefined for ${id}`
 
     const zoneId = props.zoneId
       ? props.zoneId
-      : scope.zoneManager.resolveZone(`${id}-data-zone`, scope, { name: scope.props.domainName })?.zoneId
+      : scope.zoneManager.resolveZone(`${id}-data-zone`, scope, {
+          filter: { name: scope.props.domainName },
+        })?.id
 
-    const accessGroup = new ZeroTrustAccessGroup(scope, `${id}`, {
+    return new cloudflare.ZeroTrustAccessGroup(`${id}`, {
       ...props,
       name: `${props.name} - ${scope.props.stage.toUpperCase()}`,
       zoneId,
     })
-
-    createCloudflareTfOutput(`${id}-accessGroupFriendlyUniqueId`, scope, accessGroup.friendlyUniqueId)
-    createCloudflareTfOutput(`${id}-accessGroupId`, scope, accessGroup.id)
-
-    return accessGroup
   }
 
   /**
@@ -156,7 +126,7 @@ export class CloudflareAccessManager {
    * @param id scoped id of the resource
    * @param scope scope in which this resource is defined
    * @param props access identity provider properties
-   * @see [CDKTF Access Identity Provider Module]{@link https://github.com/cdktf/cdktf-provider-cloudflare/blob/main/docs/zeroTrustAccessIdentityProvider.typescript.md}
+   * @see [Pulumi Cloudflare Access Identity Provider]{@link https://www.pulumi.com/registry/packages/cloudflare/api-docs/zerotrustaccessidentityprovider/}
    */
   public createAccessIdentityProvider(
     id: string,
@@ -167,22 +137,16 @@ export class CloudflareAccessManager {
 
     const zoneId = props.zoneId
       ? props.zoneId
-      : scope.zoneManager.resolveZone(`${id}-data-zone`, scope, { name: scope.props.domainName })?.zoneId
+      : scope.zoneManager.resolveZone(`${id}-data-zone`, scope, {
+          filter: { name: scope.props.domainName },
+        })?.id
 
-    const accessIdentityProvider = new ZeroTrustAccessIdentityProvider(scope, `${id}`, {
+    return new cloudflare.ZeroTrustAccessIdentityProvider(`${id}`, {
       ...props,
+      config: props.config ?? {},
       name: `${props.name}-${scope.props.stage}`,
       zoneId,
     })
-
-    createCloudflareTfOutput(
-      `${id}-accessIdentityProviderFriendlyUniqueId`,
-      scope,
-      accessIdentityProvider.friendlyUniqueId
-    )
-    createCloudflareTfOutput(`${id}-accessIdentityProviderId`, scope, accessIdentityProvider.id)
-
-    return accessIdentityProvider
   }
 
   /**
@@ -190,7 +154,7 @@ export class CloudflareAccessManager {
    * @param id scoped id of the resource
    * @param scope scope in which this resource is defined
    * @param props access mutual tls certificate properties
-   * @see [CDKTF Access Mutual Tls Certificate Module]{@link https://github.com/cdktf/cdktf-provider-cloudflare/blob/main/docs/zeroTrustAccessMtlsCertificate.typescript.md}
+   * @see [Pulumi Cloudflare Access Mutual Tls Certificate]{@link https://www.pulumi.com/registry/packages/cloudflare/api-docs/zerotrustaccessmtlscertificate/}
    */
   public createAccessMutualTlsCertificate(
     id: string,
@@ -201,22 +165,15 @@ export class CloudflareAccessManager {
 
     const zoneId = props.zoneId
       ? props.zoneId
-      : scope.zoneManager.resolveZone(`${id}-data-zone`, scope, { name: scope.props.domainName })?.zoneId
+      : scope.zoneManager.resolveZone(`${id}-data-zone`, scope, {
+          filter: { name: scope.props.domainName },
+        })?.id
 
-    const accessMutualTlsCertificate = new ZeroTrustAccessMtlsCertificate(scope, `${id}`, {
+    return new cloudflare.ZeroTrustAccessMtlsCertificate(`${id}`, {
       ...props,
       name: `${props.name}-${scope.props.stage}`,
       zoneId,
     })
-
-    createCloudflareTfOutput(
-      `${id}-accessMutualTlsCertificateFriendlyUniqueId`,
-      scope,
-      accessMutualTlsCertificate.friendlyUniqueId
-    )
-    createCloudflareTfOutput(`${id}-accessMutualTlsCertificateId`, scope, accessMutualTlsCertificate.id)
-
-    return accessMutualTlsCertificate
   }
 
   /**
@@ -224,24 +181,22 @@ export class CloudflareAccessManager {
    * @param id scoped id of the resource
    * @param scope scope in which this resource is defined
    * @param props access organisation properties
-   * @see [CDKTF Access Organisation Module]{@link https://github.com/cdktf/cdktf-provider-cloudflare/blob/main/docs/zeroTrustAccessOrganization.typescript.md}
+   * @see [Pulumi Cloudflare Zero Trust Organization]{@link https://www.pulumi.com/registry/packages/cloudflare/api-docs/zerotrustorganization/}
    */
   public createAccessOrganization(id: string, scope: CommonCloudflareConstruct, props: ZeroTrustOrganizationProps) {
     if (!props) throw `Props undefined for ${id}`
 
     const zoneId = props.zoneId
       ? props.zoneId
-      : scope.zoneManager.resolveZone(`${id}-data-zone`, scope, { name: scope.props.domainName })?.zoneId
+      : scope.zoneManager.resolveZone(`${id}-data-zone`, scope, {
+          filter: { name: scope.props.domainName },
+        })?.id
 
-    const accessOrganization = new ZeroTrustOrganization(scope, `${id}`, {
+    return new cloudflare.ZeroTrustOrganization(`${id}`, {
       ...props,
       name: `${props.name}-${scope.props.stage}`,
       zoneId,
     })
-
-    createCloudflareTfOutput(`${id}-accessOrganizationFriendlyUniqueId`, scope, accessOrganization.friendlyUniqueId)
-
-    return accessOrganization
   }
 
   /**
@@ -249,21 +204,16 @@ export class CloudflareAccessManager {
    * @param id scoped id of the resource
    * @param scope scope in which this resource is defined
    * @param props access policy properties
-   * @see [CDKTF Access Policy Module]{@link https://github.com/cdktf/cdktf-provider-cloudflare/blob/main/docs/zeroTrustAccessPolicy.typescript.md}
+   * @see [Pulumi Cloudflare Access Policy]{@link https://www.pulumi.com/registry/packages/cloudflare/api-docs/zerotrustaccesspolicy/}
    */
   public createAccessPolicy(id: string, scope: CommonCloudflareConstruct, props: ZeroTrustAccessPolicyProps) {
     if (!props) throw `Props undefined for ${id}`
 
-    const accessPolicy = new ZeroTrustAccessPolicy(scope, `${id}`, {
+    return new cloudflare.ZeroTrustAccessPolicy(`${id}`, {
       ...props,
       name: `${props.name}-${scope.props.stage}`,
       accountId: props.accountId ?? scope.props.accountId,
     })
-
-    createCloudflareTfOutput(`${id}-accessPolicyFriendlyUniqueId`, scope, accessPolicy.friendlyUniqueId)
-    createCloudflareTfOutput(`${id}-accessPolicyId`, scope, accessPolicy.id)
-
-    return accessPolicy
   }
 
   /**
@@ -271,25 +221,22 @@ export class CloudflareAccessManager {
    * @param id scoped id of the resource
    * @param scope scope in which this resource is defined
    * @param props access rule properties
-   * @see [CDKTF Access Rule Module]{@link https://github.com/cdktf/cdktf-provider-cloudflare/blob/main/docs/accessRule.typescript.md}
+   * @see [Pulumi Cloudflare Access Rule]{@link https://www.pulumi.com/registry/packages/cloudflare/api-docs/accessrule/}
    */
   public createAccessRule(id: string, scope: CommonCloudflareConstruct, props: AccessRuleProps) {
     if (!props) throw `Props undefined for ${id}`
 
     const zoneId = props.zoneId
       ? props.zoneId
-      : scope.zoneManager.resolveZone(`${id}-data-zone`, scope, { name: scope.props.domainName })?.zoneId
+      : scope.zoneManager.resolveZone(`${id}-data-zone`, scope, {
+          filter: { name: scope.props.domainName },
+        })?.id
 
-    const accessRule = new AccessRule(scope, `${id}`, {
+    return new cloudflare.AccessRule(`${id}`, {
       ...props,
       zoneId,
       accountId: props.accountId ?? scope.props.accountId,
     })
-
-    createCloudflareTfOutput(`${id}-accessRuleFriendlyUniqueId`, scope, accessRule.friendlyUniqueId)
-    createCloudflareTfOutput(`${id}-accessRuleId`, scope, accessRule.id)
-
-    return accessRule
   }
 
   /**
@@ -297,7 +244,7 @@ export class CloudflareAccessManager {
    * @param id scoped id of the resource
    * @param scope scope in which this resource is defined
    * @param props access service token properties
-   * @see [CDKTF Access Service Token Module]{@link https://github.com/cdktf/cdktf-provider-cloudflare/blob/main/docs/zeroTrustAccessServiceToken.typescript.md}
+   * @see [Pulumi Cloudflare Access Service Token]{@link https://www.pulumi.com/registry/packages/cloudflare/api-docs/zerotrustaccessservicetoken/}
    */
   public createAccessServiceToken(
     id: string,
@@ -308,19 +255,16 @@ export class CloudflareAccessManager {
 
     const zoneId = props.zoneId
       ? props.zoneId
-      : scope.zoneManager.resolveZone(`${id}-data-zone`, scope, { name: scope.props.domainName })?.zoneId
+      : scope.zoneManager.resolveZone(`${id}-data-zone`, scope, {
+          filter: { name: scope.props.domainName },
+        })?.id
 
-    const accessServiceToken = new ZeroTrustAccessServiceToken(scope, `${id}`, {
+    return new cloudflare.ZeroTrustAccessServiceToken(`${id}`, {
       ...props,
       name: `${props.name}-${scope.props.stage}`,
       accountId: props.accountId ?? scope.props.accountId,
       zoneId,
     })
-
-    createCloudflareTfOutput(`${id}-accessServiceTokenFriendlyUniqueId`, scope, accessServiceToken.friendlyUniqueId)
-    createCloudflareTfOutput(`${id}-accessServiceTokenId`, scope, accessServiceToken.id)
-
-    return accessServiceToken
   }
 
   /**
@@ -328,20 +272,15 @@ export class CloudflareAccessManager {
    * @param id scoped id of the resource
    * @param scope scope in which this resource is defined
    * @param props access tag properties
-   * @see [CDKTF Access Tag Token Module]{@link https://github.com/cdktf/cdktf-provider-cloudflare/blob/main/docs/zeroTrustAccessTag.typescript.md}
+   * @see [Pulumi Cloudflare Access Tag]{@link https://www.pulumi.com/registry/packages/cloudflare/api-docs/zerotrustaccesstag/}
    */
   public createAccessTag(id: string, scope: CommonCloudflareConstruct, props: ZeroTrustAccessTagProps) {
     if (!props) throw `Props undefined for ${id}`
 
-    const accessTag = new ZeroTrustAccessTag(scope, `${id}`, {
+    return new cloudflare.ZeroTrustAccessTag(`${id}`, {
       ...props,
       name: `${props.name}-${scope.props.stage}`,
       accountId: props.accountId ?? scope.props.accountId,
     })
-
-    createCloudflareTfOutput(`${id}-accessTagFriendlyUniqueId`, scope, accessTag.friendlyUniqueId)
-    createCloudflareTfOutput(`${id}-accessTagId`, scope, accessTag.id)
-
-    return accessTag
   }
 }