@pulumi/cloudflare 3.4.0 → 4.0.0

package/ruleset.d.ts

@@ -0,0 +1,311 @@
+import * as pulumi from "@pulumi/pulumi";
+import { input as inputs, output as outputs } from "./types";
+/**
+ * The [Cloudflare Ruleset Engine](https://developers.cloudflare.com/firewall/cf-rulesets)
+ * allows you to create and deploy rules and rulesets.
+ * The engine syntax, inspired by the Wireshark Display Filter language, is the
+ * same syntax used in custom Firewall Rules. Cloudflare uses the Ruleset Engine
+ * in different products, allowing you to configure several products using the same
+ * basic syntax.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as cloudflare from "@pulumi/cloudflare";
+ *
+ * // Magic Transit
+ * const magicTransitExample = new cloudflare.Ruleset("magic_transit_example", {
+ *     accountId: "d41d8cd98f00b204e9800998ecf8427e",
+ *     description: "example magic transit ruleset description",
+ *     kind: "root",
+ *     name: "account magic transit",
+ *     phase: "magic_transit",
+ *     rules: [{
+ *         action: "allow",
+ *         description: "Allow TCP Ephemeral Ports",
+ *         expression: "tcp.dstport in { 32768..65535 }",
+ *     }],
+ * });
+ * // Zone-level WAF Managed Ruleset
+ * const zoneLevelManagedWaf = new cloudflare.Ruleset("zone_level_managed_waf", {
+ *     description: "managed WAF ruleset description",
+ *     kind: "zone",
+ *     name: "managed WAF",
+ *     phase: "http_request_firewall_managed",
+ *     rules: [{
+ *         action: "execute",
+ *         actionParameters: {
+ *             id: "efb7b8c949ac4650a09736fc376e9aee",
+ *         },
+ *         description: "Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset",
+ *         enabled: true,
+ *         expression: "true",
+ *     }],
+ *     zoneId: "cb029e245cfdd66dc8d2e570d5dd3322",
+ * });
+ * // Zone-level WAF with tag-based overrides
+ * const zoneLevelManagedWafWithCategoryBasedOverrides = new cloudflare.Ruleset("zone_level_managed_waf_with_category_based_overrides", {
+ *     description: "managed WAF with tag-based overrides ruleset description",
+ *     kind: "zone",
+ *     name: "managed WAF with tag-based overrides",
+ *     phase: "http_request_firewall_managed",
+ *     rules: [{
+ *         action: "execute",
+ *         actionParameters: {
+ *             id: "efb7b8c949ac4650a09736fc376e9aee",
+ *             overrides: {
+ *                 categories: [
+ *                     {
+ *                         action: "block",
+ *                         category: "wordpress",
+ *                         enabled: true,
+ *                     },
+ *                     {
+ *                         action: "block",
+ *                         category: "joomla",
+ *                         enabled: true,
+ *                     },
+ *                 ],
+ *             },
+ *         },
+ *         description: "overrides to only enable wordpress rules to block",
+ *         enabled: false,
+ *         expression: "true",
+ *     }],
+ *     zoneId: "cb029e245cfdd66dc8d2e570d5dd3322",
+ * });
+ * // Rewrite the URI path component to a static path
+ * const transformUriRulePath = new cloudflare.Ruleset("transform_uri_rule_path", {
+ *     description: "change the URI path to a new static path",
+ *     kind: "zone",
+ *     name: "transform rule for URI path",
+ *     phase: "http_request_transform",
+ *     rules: [{
+ *         action: "rewrite",
+ *         actionParameters: {
+ *             uri: {
+ *                 path: {
+ *                     value: "/my-new-route",
+ *                 },
+ *             },
+ *         },
+ *         description: "example URI path transform rule",
+ *         enabled: true,
+ *         expression: "(http.host eq \"example.com\" and http.uri.path eq \"/old-path\")",
+ *     }],
+ *     zoneId: "cb029e245cfdd66dc8d2e570d5dd3322",
+ * });
+ * // Rewrite the URI query component to a static query
+ * const transformUriRuleQuery = new cloudflare.Ruleset("transform_uri_rule_query", {
+ *     description: "change the URI query to a new static query",
+ *     kind: "zone",
+ *     name: "transform rule for URI query parameter",
+ *     phase: "http_request_transform",
+ *     rules: [{
+ *         action: "rewrite",
+ *         actionParameters: {
+ *             uri: {
+ *                 query: {
+ *                     value: "old=new_again",
+ *                 },
+ *             },
+ *         },
+ *         description: "URI transformation query example",
+ *         enabled: true,
+ *         expression: "true",
+ *     }],
+ *     zoneId: "cb029e245cfdd66dc8d2e570d5dd3322",
+ * });
+ * // Rewrite HTTP headers to a modified values
+ * const transformUriHttpHeaders = new cloudflare.Ruleset("transform_uri_http_headers", {
+ *     description: "modify HTTP headers before reaching origin",
+ *     kind: "zone",
+ *     name: "transform rule for HTTP headers",
+ *     phase: "http_request_late_transform",
+ *     rules: [{
+ *         action: "rewrite",
+ *         actionParameters: {
+ *             headers: [
+ *                 {
+ *                     name: "example-http-header-1",
+ *                     operation: "set",
+ *                     value: "my-http-header-value-1",
+ *                 },
+ *                 {
+ *                     expression: "cf.zone.name",
+ *                     name: "example-http-header-2",
+ *                     operation: "set",
+ *                 },
+ *                 {
+ *                     name: "example-http-header-3-to-remove",
+ *                     operation: "remove",
+ *                 },
+ *             ],
+ *         },
+ *         description: "example request header transform rule",
+ *         enabled: false,
+ *         expression: "true",
+ *     }],
+ *     zoneId: "cb029e245cfdd66dc8d2e570d5dd3322",
+ * });
+ * // HTTP rate limit for an API route
+ * const rateLimitingExample = new cloudflare.Ruleset("rate_limiting_example", {
+ *     description: "apply HTTP rate limiting for a route",
+ *     kind: "zone",
+ *     name: "restrict API requests count",
+ *     phase: "http_ratelimit",
+ *     rules: [{
+ *         action: "block",
+ *         description: "rate limit for API",
+ *         enabled: true,
+ *         expression: "(http.request.uri.path matches \"^/api/\")",
+ *         ratelimit: {
+ *             characteristics: [
+ *                 "cf.colo.id",
+ *                 "ip.src",
+ *             ],
+ *             mitigationTimeout: 600,
+ *             period: 60,
+ *             requestsPerPeriod: 100,
+ *         },
+ *     }],
+ *     zoneId: "cb029e245cfdd66dc8d2e570d5dd3322",
+ * });
+ * ```
+ *
+ * ## Import
+ *
+ * Currently, you cannot import rulesets.
+ */
+export declare class Ruleset extends pulumi.CustomResource {
+    /**
+     * Get an existing Ruleset resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RulesetState, opts?: pulumi.CustomResourceOptions): Ruleset;
+    /**
+     * Returns true if the given object is an instance of Ruleset.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is Ruleset;
+    /**
+     * The ID of the account where the ruleset is being created. Conflicts with `"zoneId"`.
+     */
+    readonly accountId: pulumi.Output<string | undefined>;
+    /**
+     * Brief summary of the ruleset rule and its intended use.
+     */
+    readonly description: pulumi.Output<string>;
+    /**
+     * Type of Ruleset to create. Valid values are `"custom"`, `"managed"`, `"root"`, `"schema"` or `"zone"`.
+     */
+    readonly kind: pulumi.Output<string>;
+    /**
+     * Name of the HTTP request header to target.
+     */
+    readonly name: pulumi.Output<string>;
+    /**
+     * Point in the request/response lifecycle where the ruleset will be created. Valid values are `"ddosL4"`, `"ddosL7"`, `"httpRequestFirewallCustom"`, `"httpRequestFirewallManaged"`, `"httpRequestLateTransform"`, `"httpRequestMain"`, `"httpRequestSanitize"`, `"httpRequestTransform"`, `"httpResponseFirewallManaged"`, `"magicTransit"`, or `"httpRatelimit"`.
+     */
+    readonly phase: pulumi.Output<string>;
+    /**
+     * List of rule-based overrides (refer to the nested schema).
+     */
+    readonly rules: pulumi.Output<outputs.RulesetRule[] | undefined>;
+    /**
+     * Name of entitlement that is shareable between entities.
+     */
+    readonly shareableEntitlementName: pulumi.Output<string | undefined>;
+    /**
+     * The ID of the zone where the ruleset is being created. Conflicts with `"accountId"`.
+     */
+    readonly zoneId: pulumi.Output<string | undefined>;
+    /**
+     * Create a Ruleset resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: RulesetArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering Ruleset resources.
+ */
+export interface RulesetState {
+    /**
+     * The ID of the account where the ruleset is being created. Conflicts with `"zoneId"`.
+     */
+    accountId?: pulumi.Input<string>;
+    /**
+     * Brief summary of the ruleset rule and its intended use.
+     */
+    description?: pulumi.Input<string>;
+    /**
+     * Type of Ruleset to create. Valid values are `"custom"`, `"managed"`, `"root"`, `"schema"` or `"zone"`.
+     */
+    kind?: pulumi.Input<string>;
+    /**
+     * Name of the HTTP request header to target.
+     */
+    name?: pulumi.Input<string>;
+    /**
+     * Point in the request/response lifecycle where the ruleset will be created. Valid values are `"ddosL4"`, `"ddosL7"`, `"httpRequestFirewallCustom"`, `"httpRequestFirewallManaged"`, `"httpRequestLateTransform"`, `"httpRequestMain"`, `"httpRequestSanitize"`, `"httpRequestTransform"`, `"httpResponseFirewallManaged"`, `"magicTransit"`, or `"httpRatelimit"`.
+     */
+    phase?: pulumi.Input<string>;
+    /**
+     * List of rule-based overrides (refer to the nested schema).
+     */
+    rules?: pulumi.Input<pulumi.Input<inputs.RulesetRule>[]>;
+    /**
+     * Name of entitlement that is shareable between entities.
+     */
+    shareableEntitlementName?: pulumi.Input<string>;
+    /**
+     * The ID of the zone where the ruleset is being created. Conflicts with `"accountId"`.
+     */
+    zoneId?: pulumi.Input<string>;
+}
+/**
+ * The set of arguments for constructing a Ruleset resource.
+ */
+export interface RulesetArgs {
+    /**
+     * The ID of the account where the ruleset is being created. Conflicts with `"zoneId"`.
+     */
+    accountId?: pulumi.Input<string>;
+    /**
+     * Brief summary of the ruleset rule and its intended use.
+     */
+    description: pulumi.Input<string>;
+    /**
+     * Type of Ruleset to create. Valid values are `"custom"`, `"managed"`, `"root"`, `"schema"` or `"zone"`.
+     */
+    kind: pulumi.Input<string>;
+    /**
+     * Name of the HTTP request header to target.
+     */
+    name: pulumi.Input<string>;
+    /**
+     * Point in the request/response lifecycle where the ruleset will be created. Valid values are `"ddosL4"`, `"ddosL7"`, `"httpRequestFirewallCustom"`, `"httpRequestFirewallManaged"`, `"httpRequestLateTransform"`, `"httpRequestMain"`, `"httpRequestSanitize"`, `"httpRequestTransform"`, `"httpResponseFirewallManaged"`, `"magicTransit"`, or `"httpRatelimit"`.
+     */
+    phase: pulumi.Input<string>;
+    /**
+     * List of rule-based overrides (refer to the nested schema).
+     */
+    rules?: pulumi.Input<pulumi.Input<inputs.RulesetRule>[]>;
+    /**
+     * Name of entitlement that is shareable between entities.
+     */
+    shareableEntitlementName?: pulumi.Input<string>;
+    /**
+     * The ID of the zone where the ruleset is being created. Conflicts with `"accountId"`.
+     */
+    zoneId?: pulumi.Input<string>;
+}

package/ruleset.js

@@ -0,0 +1,254 @@
+"use strict";
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("./utilities");
+/**
+ * The [Cloudflare Ruleset Engine](https://developers.cloudflare.com/firewall/cf-rulesets)
+ * allows you to create and deploy rules and rulesets.
+ * The engine syntax, inspired by the Wireshark Display Filter language, is the
+ * same syntax used in custom Firewall Rules. Cloudflare uses the Ruleset Engine
+ * in different products, allowing you to configure several products using the same
+ * basic syntax.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as cloudflare from "@pulumi/cloudflare";
+ *
+ * // Magic Transit
+ * const magicTransitExample = new cloudflare.Ruleset("magic_transit_example", {
+ *     accountId: "d41d8cd98f00b204e9800998ecf8427e",
+ *     description: "example magic transit ruleset description",
+ *     kind: "root",
+ *     name: "account magic transit",
+ *     phase: "magic_transit",
+ *     rules: [{
+ *         action: "allow",
+ *         description: "Allow TCP Ephemeral Ports",
+ *         expression: "tcp.dstport in { 32768..65535 }",
+ *     }],
+ * });
+ * // Zone-level WAF Managed Ruleset
+ * const zoneLevelManagedWaf = new cloudflare.Ruleset("zone_level_managed_waf", {
+ *     description: "managed WAF ruleset description",
+ *     kind: "zone",
+ *     name: "managed WAF",
+ *     phase: "http_request_firewall_managed",
+ *     rules: [{
+ *         action: "execute",
+ *         actionParameters: {
+ *             id: "efb7b8c949ac4650a09736fc376e9aee",
+ *         },
+ *         description: "Execute Cloudflare Managed Ruleset on my zone-level phase entry point ruleset",
+ *         enabled: true,
+ *         expression: "true",
+ *     }],
+ *     zoneId: "cb029e245cfdd66dc8d2e570d5dd3322",
+ * });
+ * // Zone-level WAF with tag-based overrides
+ * const zoneLevelManagedWafWithCategoryBasedOverrides = new cloudflare.Ruleset("zone_level_managed_waf_with_category_based_overrides", {
+ *     description: "managed WAF with tag-based overrides ruleset description",
+ *     kind: "zone",
+ *     name: "managed WAF with tag-based overrides",
+ *     phase: "http_request_firewall_managed",
+ *     rules: [{
+ *         action: "execute",
+ *         actionParameters: {
+ *             id: "efb7b8c949ac4650a09736fc376e9aee",
+ *             overrides: {
+ *                 categories: [
+ *                     {
+ *                         action: "block",
+ *                         category: "wordpress",
+ *                         enabled: true,
+ *                     },
+ *                     {
+ *                         action: "block",
+ *                         category: "joomla",
+ *                         enabled: true,
+ *                     },
+ *                 ],
+ *             },
+ *         },
+ *         description: "overrides to only enable wordpress rules to block",
+ *         enabled: false,
+ *         expression: "true",
+ *     }],
+ *     zoneId: "cb029e245cfdd66dc8d2e570d5dd3322",
+ * });
+ * // Rewrite the URI path component to a static path
+ * const transformUriRulePath = new cloudflare.Ruleset("transform_uri_rule_path", {
+ *     description: "change the URI path to a new static path",
+ *     kind: "zone",
+ *     name: "transform rule for URI path",
+ *     phase: "http_request_transform",
+ *     rules: [{
+ *         action: "rewrite",
+ *         actionParameters: {
+ *             uri: {
+ *                 path: {
+ *                     value: "/my-new-route",
+ *                 },
+ *             },
+ *         },
+ *         description: "example URI path transform rule",
+ *         enabled: true,
+ *         expression: "(http.host eq \"example.com\" and http.uri.path eq \"/old-path\")",
+ *     }],
+ *     zoneId: "cb029e245cfdd66dc8d2e570d5dd3322",
+ * });
+ * // Rewrite the URI query component to a static query
+ * const transformUriRuleQuery = new cloudflare.Ruleset("transform_uri_rule_query", {
+ *     description: "change the URI query to a new static query",
+ *     kind: "zone",
+ *     name: "transform rule for URI query parameter",
+ *     phase: "http_request_transform",
+ *     rules: [{
+ *         action: "rewrite",
+ *         actionParameters: {
+ *             uri: {
+ *                 query: {
+ *                     value: "old=new_again",
+ *                 },
+ *             },
+ *         },
+ *         description: "URI transformation query example",
+ *         enabled: true,
+ *         expression: "true",
+ *     }],
+ *     zoneId: "cb029e245cfdd66dc8d2e570d5dd3322",
+ * });
+ * // Rewrite HTTP headers to a modified values
+ * const transformUriHttpHeaders = new cloudflare.Ruleset("transform_uri_http_headers", {
+ *     description: "modify HTTP headers before reaching origin",
+ *     kind: "zone",
+ *     name: "transform rule for HTTP headers",
+ *     phase: "http_request_late_transform",
+ *     rules: [{
+ *         action: "rewrite",
+ *         actionParameters: {
+ *             headers: [
+ *                 {
+ *                     name: "example-http-header-1",
+ *                     operation: "set",
+ *                     value: "my-http-header-value-1",
+ *                 },
+ *                 {
+ *                     expression: "cf.zone.name",
+ *                     name: "example-http-header-2",
+ *                     operation: "set",
+ *                 },
+ *                 {
+ *                     name: "example-http-header-3-to-remove",
+ *                     operation: "remove",
+ *                 },
+ *             ],
+ *         },
+ *         description: "example request header transform rule",
+ *         enabled: false,
+ *         expression: "true",
+ *     }],
+ *     zoneId: "cb029e245cfdd66dc8d2e570d5dd3322",
+ * });
+ * // HTTP rate limit for an API route
+ * const rateLimitingExample = new cloudflare.Ruleset("rate_limiting_example", {
+ *     description: "apply HTTP rate limiting for a route",
+ *     kind: "zone",
+ *     name: "restrict API requests count",
+ *     phase: "http_ratelimit",
+ *     rules: [{
+ *         action: "block",
+ *         description: "rate limit for API",
+ *         enabled: true,
+ *         expression: "(http.request.uri.path matches \"^/api/\")",
+ *         ratelimit: {
+ *             characteristics: [
+ *                 "cf.colo.id",
+ *                 "ip.src",
+ *             ],
+ *             mitigationTimeout: 600,
+ *             period: 60,
+ *             requestsPerPeriod: 100,
+ *         },
+ *     }],
+ *     zoneId: "cb029e245cfdd66dc8d2e570d5dd3322",
+ * });
+ * ```
+ *
+ * ## Import
+ *
+ * Currently, you cannot import rulesets.
+ */
+class Ruleset extends pulumi.CustomResource {
+    constructor(name, argsOrState, opts) {
+        let inputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState;
+            inputs["accountId"] = state ? state.accountId : undefined;
+            inputs["description"] = state ? state.description : undefined;
+            inputs["kind"] = state ? state.kind : undefined;
+            inputs["name"] = state ? state.name : undefined;
+            inputs["phase"] = state ? state.phase : undefined;
+            inputs["rules"] = state ? state.rules : undefined;
+            inputs["shareableEntitlementName"] = state ? state.shareableEntitlementName : undefined;
+            inputs["zoneId"] = state ? state.zoneId : undefined;
+        }
+        else {
+            const args = argsOrState;
+            if ((!args || args.description === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'description'");
+            }
+            if ((!args || args.kind === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'kind'");
+            }
+            if ((!args || args.name === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'name'");
+            }
+            if ((!args || args.phase === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'phase'");
+            }
+            inputs["accountId"] = args ? args.accountId : undefined;
+            inputs["description"] = args ? args.description : undefined;
+            inputs["kind"] = args ? args.kind : undefined;
+            inputs["name"] = args ? args.name : undefined;
+            inputs["phase"] = args ? args.phase : undefined;
+            inputs["rules"] = args ? args.rules : undefined;
+            inputs["shareableEntitlementName"] = args ? args.shareableEntitlementName : undefined;
+            inputs["zoneId"] = args ? args.zoneId : undefined;
+        }
+        if (!opts.version) {
+            opts = pulumi.mergeOptions(opts, { version: utilities.getVersion() });
+        }
+        super(Ruleset.__pulumiType, name, inputs, opts);
+    }
+    /**
+     * Get an existing Ruleset resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name, id, state, opts) {
+        return new Ruleset(name, state, Object.assign(Object.assign({}, opts), { id: id }));
+    }
+    /**
+     * Returns true if the given object is an instance of Ruleset.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === Ruleset.__pulumiType;
+    }
+}
+exports.Ruleset = Ruleset;
+/** @internal */
+Ruleset.__pulumiType = 'cloudflare:index/ruleset:Ruleset';
+//# sourceMappingURL=ruleset.js.map

package/ruleset.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ruleset.js","sourceRoot":"","sources":["../ruleset.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;AAEjF,yCAAyC;AAEzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiLG;AACH,MAAa,OAAQ,SAAQ,MAAM,CAAC,cAAc;IAqE9C,YAAY,IAAY,EAAE,WAAwC,EAAE,IAAmC;QACnG,IAAI,MAAM,GAAkB,EAAE,CAAC;QAC/B,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAuC,CAAC;YACtD,MAAM,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,MAAM,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,MAAM,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YAChD,MAAM,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAClD,MAAM,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAClD,MAAM,CAAC,0BAA0B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,MAAM,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SACvD;aAAM;YACH,MAAM,IAAI,GAAG,WAAsC,CAAC;YACpD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACxD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;aAC9D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAClD,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;aACxD;YACD,MAAM,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,MAAM,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9C,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAChD,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAChD,MAAM,CAAC,0BAA0B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,MAAM,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SACrD;QACD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE;YACf,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,EAAC,CAAC,CAAC;SACxE;QACD,KAAK,CAAC,OAAO,CAAC,YAAY,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;IACpD,CAAC;IA5GD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAoB,EAAE,IAAmC;QAClH,OAAO,IAAI,OAAO,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC9D,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,OAAO,CAAC,YAAY,CAAC;IACxD,CAAC;;AA1BL,0BA8GC;AAhGG,gBAAgB;AACO,oBAAY,GAAG,kCAAkC,CAAC"}

package/teamsAccount.d.ts

@@ -0,0 +1,117 @@
+import * as pulumi from "@pulumi/pulumi";
+import { input as inputs, output as outputs } from "./types";
+/**
+ * Provides a Cloudflare Teams Account resource. The Teams Account resource defines configuration for secure web gateway.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as cloudflare from "@pulumi/cloudflare";
+ *
+ * const main = new cloudflare.TeamsAccount("main", {
+ *     accountId: "1d5fdc9e88c8a8c4518b068cd94331fe",
+ *     blockPage: {
+ *         backgroundColor: "#000000",
+ *         footerText: "hello",
+ *         headerText: "hello",
+ *         logoPath: "https://google.com",
+ *     },
+ *     tlsDecryptEnabled: true,
+ * });
+ * ```
+ *
+ * ## Import
+ *
+ * Since a Teams account does not have a unique resource ID, configuration can be imported using the account ID.
+ *
+ * ```sh
+ *  $ pulumi import cloudflare:index/teamsAccount:TeamsAccount example cb029e245cfdd66dc8d2e570d5dd3322
+ * ```
+ */
+export declare class TeamsAccount extends pulumi.CustomResource {
+    /**
+     * Get an existing TeamsAccount resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TeamsAccountState, opts?: pulumi.CustomResourceOptions): TeamsAccount;
+    /**
+     * Returns true if the given object is an instance of TeamsAccount.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is TeamsAccount;
+    /**
+     * The account to which the teams location should be added.
+     */
+    readonly accountId: pulumi.Output<string>;
+    readonly activityLogEnabled: pulumi.Output<boolean | undefined>;
+    /**
+     * Configuration for antivirus traffic scanning.
+     */
+    readonly antivirus: pulumi.Output<outputs.TeamsAccountAntivirus | undefined>;
+    /**
+     * Configuration for a custom block page.
+     */
+    readonly blockPage: pulumi.Output<outputs.TeamsAccountBlockPage | undefined>;
+    /**
+     * Indicator that decryption of TLS traffic is enabled.
+     */
+    readonly tlsDecryptEnabled: pulumi.Output<boolean | undefined>;
+    /**
+     * Create a TeamsAccount resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: TeamsAccountArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering TeamsAccount resources.
+ */
+export interface TeamsAccountState {
+    /**
+     * The account to which the teams location should be added.
+     */
+    accountId?: pulumi.Input<string>;
+    activityLogEnabled?: pulumi.Input<boolean>;
+    /**
+     * Configuration for antivirus traffic scanning.
+     */
+    antivirus?: pulumi.Input<inputs.TeamsAccountAntivirus>;
+    /**
+     * Configuration for a custom block page.
+     */
+    blockPage?: pulumi.Input<inputs.TeamsAccountBlockPage>;
+    /**
+     * Indicator that decryption of TLS traffic is enabled.
+     */
+    tlsDecryptEnabled?: pulumi.Input<boolean>;
+}
+/**
+ * The set of arguments for constructing a TeamsAccount resource.
+ */
+export interface TeamsAccountArgs {
+    /**
+     * The account to which the teams location should be added.
+     */
+    accountId: pulumi.Input<string>;
+    activityLogEnabled?: pulumi.Input<boolean>;
+    /**
+     * Configuration for antivirus traffic scanning.
+     */
+    antivirus?: pulumi.Input<inputs.TeamsAccountAntivirus>;
+    /**
+     * Configuration for a custom block page.
+     */
+    blockPage?: pulumi.Input<inputs.TeamsAccountBlockPage>;
+    /**
+     * Indicator that decryption of TLS traffic is enabled.
+     */
+    tlsDecryptEnabled?: pulumi.Input<boolean>;
+}