@pulumi/cloudflare 4.9.0 → 4.10.0-alpha.1661535818

package/types/output.d.ts

@@ -1,14 +1,52 @@
 import { output as outputs } from "../types";
 export interface AccessApplicationCorsHeader {
+    /**
+     * Value to determine whether all HTTP headers are exposed.
+     */
     allowAllHeaders?: boolean;
+    /**
+     * Value to determine whether all methods are exposed.
+     */
     allowAllMethods?: boolean;
+    /**
+     * Value to determine whether all origins are permitted to make CORS requests.
+     */
     allowAllOrigins?: boolean;
+    /**
+     * Value to determine if credentials (cookies, authorization headers, or TLS client certificates) are included with requests.
+     */
     allowCredentials?: boolean;
+    /**
+     * List of HTTP headers to expose via CORS.
+     */
     allowedHeaders?: string[];
+    /**
+     * List of methods to expose via CORS.
+     */
     allowedMethods?: string[];
+    /**
+     * List of origins permitted to make CORS requests.
+     */
     allowedOrigins?: string[];
+    /**
+     * The maximum time a preflight request will be cached.
+     */
     maxAge?: number;
 }
+export interface AccessApplicationSaasApp {
+    /**
+     * The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
+     */
+    consumerServiceUrl: string;
+    /**
+     * The format of the name identifier sent to the SaaS application. Defaults to `email`.
+     */
+    nameIdFormat?: string;
+    /**
+     * A globally unique name for an identity or service provider.
+     */
+    spEntityId: string;
+}
 export interface AccessGroupExclude {
     anyValidServiceToken?: boolean;
     authMethod?: string;
@@ -32,6 +70,9 @@ export interface AccessGroupExclude {
 }
 export interface AccessGroupExcludeAzure {
     identityProviderId?: string;
+    /**
+     * The ID of this resource.
+     */
     ids?: string[];
 }
 export interface AccessGroupExcludeExternalEvaluation {
@@ -79,6 +120,9 @@ export interface AccessGroupInclude {
 }
 export interface AccessGroupIncludeAzure {
     identityProviderId?: string;
+    /**
+     * The ID of this resource.
+     */
     ids?: string[];
 }
 export interface AccessGroupIncludeExternalEvaluation {
@@ -126,6 +170,9 @@ export interface AccessGroupRequire {
 }
 export interface AccessGroupRequireAzure {
     identityProviderId?: string;
+    /**
+     * The ID of this resource.
+     */
     ids?: string[];
 }
 export interface AccessGroupRequireExternalEvaluation {
@@ -174,7 +221,13 @@ export interface AccessIdentityProviderConfig {
     tokenUrl?: string;
 }
 export interface AccessPolicyApprovalGroup {
+    /**
+     * Number of approvals needed.
+     */
     approvalsNeeded: number;
+    /**
+     * List of emails to request approval from.
+     */
     emailAddresses?: string[];
     emailListUuid?: string;
 }
@@ -201,6 +254,9 @@ export interface AccessPolicyExclude {
 }
 export interface AccessPolicyExcludeAzure {
     identityProviderId?: string;
+    /**
+     * The ID of this resource.
+     */
     ids?: string[];
 }
 export interface AccessPolicyExcludeExternalEvaluation {
@@ -209,6 +265,9 @@ export interface AccessPolicyExcludeExternalEvaluation {
 }
 export interface AccessPolicyExcludeGithub {
     identityProviderId?: string;
+    /**
+     * Friendly name of the Access Policy.
+     */
     name?: string;
     teams?: string[];
 }
@@ -218,6 +277,9 @@ export interface AccessPolicyExcludeGsuite {
 }
 export interface AccessPolicyExcludeOkta {
     identityProviderId?: string;
+    /**
+     * Friendly name of the Access Policy.
+     */
     names?: string[];
 }
 export interface AccessPolicyExcludeSaml {
@@ -248,6 +310,9 @@ export interface AccessPolicyInclude {
 }
 export interface AccessPolicyIncludeAzure {
     identityProviderId?: string;
+    /**
+     * The ID of this resource.
+     */
     ids?: string[];
 }
 export interface AccessPolicyIncludeExternalEvaluation {
@@ -256,6 +321,9 @@ export interface AccessPolicyIncludeExternalEvaluation {
 }
 export interface AccessPolicyIncludeGithub {
     identityProviderId?: string;
+    /**
+     * Friendly name of the Access Policy.
+     */
     name?: string;
     teams?: string[];
 }
@@ -265,6 +333,9 @@ export interface AccessPolicyIncludeGsuite {
 }
 export interface AccessPolicyIncludeOkta {
     identityProviderId?: string;
+    /**
+     * Friendly name of the Access Policy.
+     */
     names?: string[];
 }
 export interface AccessPolicyIncludeSaml {
@@ -295,6 +366,9 @@ export interface AccessPolicyRequire {
 }
 export interface AccessPolicyRequireAzure {
     identityProviderId?: string;
+    /**
+     * The ID of this resource.
+     */
     ids?: string[];
 }
 export interface AccessPolicyRequireExternalEvaluation {
@@ -303,6 +377,9 @@ export interface AccessPolicyRequireExternalEvaluation {
 }
 export interface AccessPolicyRequireGithub {
     identityProviderId?: string;
+    /**
+     * Friendly name of the Access Policy.
+     */
     name?: string;
     teams?: string[];
 }
@@ -312,6 +389,9 @@ export interface AccessPolicyRequireGsuite {
 }
 export interface AccessPolicyRequireOkta {
     identityProviderId?: string;
+    /**
+     * Friendly name of the Access Policy.
+     */
     names?: string[];
 }
 export interface AccessPolicyRequireSaml {
@@ -320,10 +400,19 @@ export interface AccessPolicyRequireSaml {
     identityProviderId?: string;
 }
 export interface AccessRuleConfiguration {
+    /**
+     * The request property to target. Available values: `ip`, `ip6`, `ipRange`, `asn`, `country`.
+     */
     target: string;
+    /**
+     * The value to target. Depends on target's type.
+     */
     value: string;
 }
 export interface ApiTokenCondition {
+    /**
+     * Request IP related conditions.
+     */
     requestIp?: outputs.ApiTokenConditionRequestIp;
 }
 export interface ApiTokenConditionRequestIp {
@@ -331,8 +420,17 @@ export interface ApiTokenConditionRequestIp {
     notIns?: string[];
 }
 export interface ApiTokenPolicy {
+    /**
+     * Effect of the policy. Available values: `allow`, `deny`. Defaults to `allow`.
+     */
     effect?: string;
+    /**
+     * List of permissions groups IDs. See [documentation](https://developers.cloudflare.com/api/tokens/create/permissions) for more information.
+     */
     permissionGroups: string[];
+    /**
+     * Describes what operations against which resources are allowed or denied.
+     */
     resources: {
         [key: string]: string;
     };
@@ -360,17 +458,19 @@ export interface CustomHostnameSsl {
      */
     customKey?: string;
     /**
-     * Domain control validation (DCV) method used for this
-     * hostname. Valid values are `"txt"`, `"http"` and `"email"`.
+     * Domain control validation (DCV) method used for this hostname. Available values: `http`, `txt`, `email`.
      */
     method?: string;
     /**
-     * SSL/TLS settings for the certificate. See further notes below.
+     * SSL/TLS settings for the certificate.
      */
     settings: outputs.CustomHostnameSslSetting[];
+    /**
+     * Status of the certificate.
+     */
     status: string;
     /**
-     * Level of validation to be used for this hostname. Domain validation ("dv") must be used.
+     * Level of validation to be used for this hostname. Available values: `dv`. Defaults to `dv`.
      */
     type?: string;
     validationErrors: outputs.CustomHostnameSslValidationError[];
@@ -381,26 +481,10 @@ export interface CustomHostnameSsl {
     wildcard?: boolean;
 }
 export interface CustomHostnameSslSetting {
-    /**
-     * List of SSL/TLS ciphers to associate with this certificate.
-     */
     ciphers?: string[];
-    /**
-     * Whether or not early hints should be supported. Valid values are `"on"` or `"off"`.
-     */
     earlyHints?: string;
-    /**
-     * Whether or not HTTP2 should be supported. Valid values are `"on"` or `"off"`.
-     */
     http2?: string;
-    /**
-     * Lowest version of TLS this certificate should
-     * support. Valid values are `"1.0"`, `"1.1"`, `"1.2"` and `"1.3"`.
-     */
     minTlsVersion?: string;
-    /**
-     * Whether or not TLSv1.3 should be supported. Valid values are `"on"` or `"off"`.
-     */
     tls13?: string;
 }
 export interface CustomHostnameSslValidationError {
@@ -537,12 +621,18 @@ export interface FallbackDomainDomain {
 }
 export interface GetAccountRolesRole {
     description?: string;
+    /**
+     * The ID of this resource.
+     */
     id?: string;
     name?: string;
 }
 export interface GetDevicesDevice {
     created?: string;
     deviceType?: string;
+    /**
+     * The ID of this resource.
+     */
     id?: string;
     ip?: string;
     key?: string;
@@ -562,6 +652,9 @@ export interface GetWafGroupsFilter {
 }
 export interface GetWafGroupsGroup {
     description?: string;
+    /**
+     * The ID of this resource.
+     */
     id?: string;
     mode?: string;
     modifiedRulesCount?: number;
@@ -579,6 +672,9 @@ export interface GetWafPackagesPackage {
     actionMode?: string;
     description?: string;
     detectionMode?: string;
+    /**
+     * The ID of this resource.
+     */
     id?: string;
     name?: string;
     sensitivity?: string;
@@ -594,25 +690,46 @@ export interface GetWafRulesRule {
     description?: string;
     groupId?: string;
     groupName?: string;
+    /**
+     * The ID of this resource.
+     */
     id?: string;
     mode?: string;
     packageId?: string;
     priority?: string;
 }
 export interface GetZonesFilter {
+    /**
+     * The account identifier to target for the resource.
+     */
     accountId?: string;
+    /**
+     * Defaults to `exact`.
+     */
     lookupType?: string;
     match?: string;
     name?: string;
+    /**
+     * Defaults to `false`.
+     */
     paused?: boolean;
     status?: string;
 }
 export interface GetZonesZone {
+    /**
+     * The ID of this resource.
+     */
     id?: string;
     name?: string;
 }
 export interface HealthcheckHeader {
+    /**
+     * The header name.
+     */
     header: string;
+    /**
+     * A list of string values for the header.
+     */
     values: string[];
 }
 export interface IpListItem {
@@ -626,6 +743,9 @@ export interface IpListItem {
     value: string;
 }
 export interface ListItem {
+    /**
+     * An optional comment for the item.
+     */
     comment?: string;
     value: outputs.ListItemValue;
 }
@@ -642,6 +762,16 @@ export interface ListItemValueRedirect {
     subpathMatching?: string;
     targetUrl: string;
 }
+export interface LoadBalancerCountryPool {
+    /**
+     * A country code which can be determined with the Load Balancing Regions API described [here](https://developers.cloudflare.com/load-balancing/reference/region-mapping-api/). Multiple entries should not be specified with the same country.
+     */
+    country: string;
+    /**
+     * A list of pool IDs in failover priority to use for traffic reaching the given PoP.
+     */
+    poolIds: string[];
+}
 export interface LoadBalancerMonitorHeader {
     /**
      * The header name.
@@ -724,7 +854,7 @@ export interface LoadBalancerRegionPool {
      */
     poolIds: string[];
     /**
-     * A region code which must be in the list defined [here](https://support.cloudflare.com/hc/en-us/articles/115000540888-Load-Balancing-Geographic-Regions). Multiple entries should not be specified with the same region.
+     * A region code which must be in the list defined [here](https://developers.cloudflare.com/load-balancing/reference/region-mapping-api/#list-of-load-balancer-regions). Multiple entries should not be specified with the same region.
      */
     region: string;
 }
@@ -777,6 +907,10 @@ export interface LoadBalancerRuleFixedResponse {
     statusCode?: number;
 }
 export interface LoadBalancerRuleOverride {
+    /**
+     * See countryPools above.
+     */
+    countryPools?: outputs.LoadBalancerRuleOverrideCountryPool[];
     /**
      * See defaultPoolIds above.
      */
@@ -816,6 +950,16 @@ export interface LoadBalancerRuleOverride {
      */
     ttl?: number;
 }
+export interface LoadBalancerRuleOverrideCountryPool {
+    /**
+     * A country code which can be determined with the Load Balancing Regions API described [here](https://developers.cloudflare.com/load-balancing/reference/region-mapping-api/). Multiple entries should not be specified with the same country.
+     */
+    country: string;
+    /**
+     * A list of pool IDs in failover priority to use for traffic reaching the given PoP.
+     */
+    poolIds: string[];
+}
 export interface LoadBalancerRuleOverridePopPool {
     /**
      * A list of pool IDs in failover priority to use for traffic reaching the given PoP.
@@ -832,46 +976,135 @@ export interface LoadBalancerRuleOverrideRegionPool {
      */
     poolIds: string[];
     /**
-     * A region code which must be in the list defined [here](https://support.cloudflare.com/hc/en-us/articles/115000540888-Load-Balancing-Geographic-Regions). Multiple entries should not be specified with the same region.
+     * A region code which must be in the list defined [here](https://developers.cloudflare.com/load-balancing/reference/region-mapping-api/#list-of-load-balancer-regions). Multiple entries should not be specified with the same region.
      */
     region: string;
 }
 export interface ManagedHeadersManagedRequestHeader {
+    /**
+     * Whether the headers rule is active.
+     */
     enabled: boolean;
+    /**
+     * Unique headers rule identifier.
+     */
     id: string;
 }
 export interface ManagedHeadersManagedResponseHeader {
+    /**
+     * Whether the headers rule is active.
+     */
     enabled: boolean;
+    /**
+     * Unique headers rule identifier.
+     */
     id: string;
 }
 export interface NotificationPolicyEmailIntegration {
+    /**
+     * The ID of this resource.
+     */
     id: string;
+    /**
+     * The name of the notification policy.
+     */
     name?: string;
 }
 export interface NotificationPolicyFilters {
+    /**
+     * State of the pool to alert on.
+     */
     enableds?: string[];
+    /**
+     * Source configuration to alert on for pool or origin.
+     */
+    eventSources?: string[];
+    /**
+     * Stream event type to alert on.
+     */
+    eventTypes?: string[];
+    /**
+     * Identifier health check.
+     */
     healthCheckIds?: string[];
+    /**
+     * Stream input id to alert on.
+     */
+    inputIds?: string[];
+    /**
+     * A numerical limit. Example: `100`.
+     */
     limits?: string[];
+    /**
+     * Health status to alert on for pool or origin.
+     */
+    newHealths?: string[];
+    /**
+     * Packets per second threshold for dos alert.
+     */
+    packetsPerSeconds?: string[];
+    /**
+     * Load balancer pool identifier.
+     */
     poolIds?: string[];
+    /**
+     * Product name. Available values: `workerRequests`, `workerDurableObjectsRequests`, `workerDurableObjectsDuration`, `workerDurableObjectsDataTransfer`, `workerDurableObjectsStoredData`, `workerDurableObjectsStorageDeletes`, `workerDurableObjectsStorageWrites`, `workerDurableObjectsStorageReads`.
+     */
     products?: string[];
+    /**
+     * Protocol to alert on for dos.
+     */
+    protocols?: string[];
+    /**
+     * Requests per second threshold for dos alert.
+     */
+    requestsPerSeconds?: string[];
+    /**
+     * A list of clickhouse services to alert on.
+     */
     services?: string[];
+    /**
+     * A numerical limit. Example: `99.9`.
+     */
     slos?: string[];
+    /**
+     * Status to alert on.
+     */
     statuses?: string[];
+    /**
+     * Target host to alert on for dos.
+     */
+    targetHosts?: string[];
+    /**
+     * Target domain to alert on.
+     */
+    targetZoneNames?: string[];
+    /**
+     * A list of zone identifiers.
+     */
     zones?: string[];
 }
 export interface NotificationPolicyPagerdutyIntegration {
+    /**
+     * The ID of this resource.
+     */
     id: string;
+    /**
+     * The name of the notification policy.
+     */
     name?: string;
 }
 export interface NotificationPolicyWebhooksIntegration {
+    /**
+     * The ID of this resource.
+     */
     id: string;
+    /**
+     * The name of the notification policy.
+     */
     name?: string;
 }
 export interface PageRuleActions {
-    /**
-     * Whether this action is `"on"` or `"off"`.
-     */
-    alwaysOnline?: string;
     /**
      * Boolean of whether this action is enabled. Default: false.
      */
@@ -1260,48 +1493,113 @@ export interface RecordData {
     weight?: number;
 }
 export interface RulesetRule {
+    /**
+     * Action to perform in the ruleset rule. Available values: `block`, `challenge`, `ddosDynamic`, `execute`, `forceConnectionClose`, `jsChallenge`, `log`, `logCustomField`, `managedChallenge`, `redirect`, `rewrite`, `route`, `score`, `setCacheSettings`, `serveError`, `skip`.
+     */
     action?: string;
+    /**
+     * List of parameters that configure the behavior of the ruleset rule action.
+     */
     actionParameters?: outputs.RulesetRuleActionParameters;
+    /**
+     * Brief summary of the ruleset rule and its intended use.
+     */
     description?: string;
+    /**
+     * Whether the rule is active.
+     */
     enabled?: boolean;
+    /**
+     * List of parameters that configure exposed credential checks.
+     */
     exposedCredentialCheck?: outputs.RulesetRuleExposedCredentialCheck;
+    /**
+     * Criteria for an HTTP request to trigger the ruleset rule action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the [Firewall Rules language](https://developers.cloudflare.com/firewall/cf-firewall-language) documentation for all available fields, operators, and functions.
+     */
     expression: string;
+    /**
+     * Unique rule identifier.
+     */
     id: string;
+    /**
+     * List parameters to configure how the rule generates logs.
+     */
     logging?: outputs.RulesetRuleLogging;
+    /**
+     * List of parameters that configure HTTP rate limiting behaviour.
+     */
     ratelimit?: outputs.RulesetRuleRatelimit;
+    /**
+     * Rule reference.
+     */
     ref: string;
+    /**
+     * Version of the ruleset to deploy.
+     */
     version: string;
 }
 export interface RulesetRuleActionParameters {
+    automaticHttpsRewrites?: boolean;
+    autominifies?: outputs.RulesetRuleActionParametersAutominify[];
+    bic?: boolean;
     browserTtl?: outputs.RulesetRuleActionParametersBrowserTtl;
-    bypassCache?: boolean;
+    cache?: boolean;
     cacheKey?: outputs.RulesetRuleActionParametersCacheKey;
+    content?: string;
+    contentType?: string;
     cookieFields?: string[];
+    disableApps?: boolean;
+    disableRailgun?: boolean;
+    disableZaraz?: boolean;
     edgeTtl?: outputs.RulesetRuleActionParametersEdgeTtl;
+    emailObfuscation?: boolean;
     fromList?: outputs.RulesetRuleActionParametersFromList;
+    fromValue?: outputs.RulesetRuleActionParametersFromValue;
     headers?: outputs.RulesetRuleActionParametersHeader[];
     hostHeader?: string;
+    hotlinkProtection?: boolean;
+    /**
+     * The ID of this resource.
+     */
     id?: string;
     increment?: number;
     matchedData?: outputs.RulesetRuleActionParametersMatchedData;
+    mirage?: boolean;
+    opportunisticEncryption?: boolean;
     origin?: outputs.RulesetRuleActionParametersOrigin;
     originErrorPagePassthru?: boolean;
     overrides?: outputs.RulesetRuleActionParametersOverrides;
     phases?: string[];
+    polish?: string;
     products?: string[];
     requestFields?: string[];
     respectStrongEtags?: boolean;
     responseFields?: string[];
     responses?: outputs.RulesetRuleActionParametersResponse[];
+    rocketLoader?: boolean;
+    /**
+     * List of rules to apply to the ruleset.
+     */
     rules?: {
         [key: string]: string;
     };
     ruleset?: string;
     rulesets?: string[];
+    securityLevel?: string;
     serveStale?: outputs.RulesetRuleActionParametersServeStale;
+    serverSideExcludes?: boolean;
+    sni?: outputs.RulesetRuleActionParametersSni;
+    ssl?: string;
+    statusCode?: number;
+    sxg?: boolean;
     uri?: outputs.RulesetRuleActionParametersUri;
     version: string;
 }
+export interface RulesetRuleActionParametersAutominify {
+    css?: boolean;
+    html?: boolean;
+    js?: boolean;
+}
 export interface RulesetRuleActionParametersBrowserTtl {
     default?: number;
     mode: string;
@@ -1356,10 +1654,25 @@ export interface RulesetRuleActionParametersEdgeTtlStatusCodeTtlStatusCodeRange
 }
 export interface RulesetRuleActionParametersFromList {
     key: string;
+    /**
+     * Name of the ruleset.
+     */
     name: string;
 }
+export interface RulesetRuleActionParametersFromValue {
+    preserveQueryString?: boolean;
+    statusCode?: number;
+    targetUrl?: outputs.RulesetRuleActionParametersFromValueTargetUrl;
+}
+export interface RulesetRuleActionParametersFromValueTargetUrl {
+    expression?: string;
+    value?: string;
+}
 export interface RulesetRuleActionParametersHeader {
     expression?: string;
+    /**
+     * Name of the ruleset.
+     */
     name?: string;
     operation?: string;
     value?: string;
@@ -1378,6 +1691,9 @@ export interface RulesetRuleActionParametersOverrides {
      * @deprecated Use `status` instead. Continuing to use `enabled` will result in an inconsistent state for your Ruleset configuration.
      */
     enabled?: boolean;
+    /**
+     * List of rules to apply to the ruleset.
+     */
     rules?: outputs.RulesetRuleActionParametersOverridesRule[];
     status?: string;
 }
@@ -1391,11 +1707,19 @@ export interface RulesetRuleActionParametersOverridesCategory {
     status?: string;
 }
 export interface RulesetRuleActionParametersOverridesRule {
+    /**
+     * Action to perform in the ruleset rule. Available values: `block`, `challenge`, `ddosDynamic`, `execute`, `forceConnectionClose`, `jsChallenge`, `log`, `logCustomField`, `managedChallenge`, `redirect`, `rewrite`, `route`, `score`, `setCacheSettings`, `serveError`, `skip`.
+     */
     action?: string;
     /**
+     * Whether the rule is active.
+     *
      * @deprecated Use `status` instead. Continuing to use `enabled` will result in an inconsistent state for your Ruleset configuration.
      */
     enabled?: boolean;
+    /**
+     * Unique rule identifier.
+     */
     id?: string;
     scoreThreshold?: number;
     sensitivityLevel?: string;
@@ -1409,6 +1733,9 @@ export interface RulesetRuleActionParametersResponse {
 export interface RulesetRuleActionParametersServeStale {
     disableStaleWhileUpdating?: boolean;
 }
+export interface RulesetRuleActionParametersSni {
+    value?: string;
+}
 export interface RulesetRuleActionParametersUri {
     origin?: boolean;
     path?: outputs.RulesetRuleActionParametersUriPath;
@@ -1672,6 +1999,16 @@ export interface WorkerScriptPlainTextBinding {
      */
     text: string;
 }
+export interface WorkerScriptR2BucketBinding {
+    /**
+     * The name of the Bucket to bind to.
+     */
+    bucketName: string;
+    /**
+     * The global variable for the binding in your Worker code.
+     */
+    name: string;
+}
 export interface WorkerScriptSecretTextBinding {
     /**
      * The global variable for the binding in your Worker code.