@quantcdn/pulumi-quant 0.1.0

package/types/output.ts

@@ -0,0 +1,591 @@
+// *** WARNING: this file was generated by pulumi-language-nodejs. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import * as pulumi from "@pulumi/pulumi";
+import * as inputs from "../types/input";
+import * as outputs from "../types/output";
+
+export interface CrawlerAssets {
+    /**
+     * Network intercept configuration for asset collection
+     */
+    networkIntercept: outputs.CrawlerAssetsNetworkIntercept;
+    /**
+     * Parser configuration for asset extraction
+     */
+    parser: outputs.CrawlerAssetsParser;
+}
+
+export interface CrawlerAssetsNetworkIntercept {
+    /**
+     * Enable network intercept
+     */
+    enabled: boolean;
+    /**
+     * Execute JavaScript during asset collection
+     */
+    executeJs: boolean;
+    /**
+     * Request timeout in seconds
+     */
+    timeout: number;
+}
+
+export interface CrawlerAssetsParser {
+    /**
+     * Enable parser
+     */
+    enabled: boolean;
+}
+
+export interface CrawlerSitemap {
+    /**
+     * Recursively follow sitemap links
+     */
+    recursive: boolean;
+    /**
+     * Sitemap URL
+     */
+    url: string;
+}
+
+export interface DomainDnsGoLiveRecord {
+    /**
+     * Human-readable instructions for configuring this DNS record
+     */
+    description: string;
+    /**
+     * DNS record name/host (@ for apex/root domains, subdomain name for subdomains)
+     */
+    name: string;
+    /**
+     * DNS record type (CNAME, A, or ALIAS)
+     */
+    type: string;
+    /**
+     * DNS record value (IP addresses for A records, domain name for CNAME/ALIAS)
+     */
+    value: string;
+}
+
+export interface DomainDnsValidationRecord {
+    /**
+     * DNS record name (host/subdomain)
+     */
+    name: string;
+    /**
+     * DNS record type (typically CNAME)
+     */
+    type: string;
+    /**
+     * DNS record value to point to
+     */
+    value: string;
+}
+
+export interface GetProjectsProject {
+    machineName: string;
+    name: string;
+}
+
+export interface RuleAuthActionConfig {
+    /**
+     * Authentication password
+     */
+    authPass: string;
+    /**
+     * Authentication username
+     */
+    authUser: string;
+}
+
+export interface RuleBotChallengeActionConfig {
+    /**
+     * Challenge TTL in seconds
+     */
+    robotChallengeChallengeTtl: number;
+    /**
+     * Challenge type (invisible or checkbox)
+     */
+    robotChallengeType: string;
+    /**
+     * Verification TTL in seconds
+     */
+    robotChallengeVerificationTtl: number;
+}
+
+export interface RuleContentFilterActionConfig {
+    /**
+     * Function UUID
+     */
+    fnUuid: string;
+}
+
+export interface RuleCustomResponseActionConfig {
+    /**
+     * Custom response body content
+     */
+    customResponseBody: string;
+    /**
+     * HTTP status code for custom response
+     */
+    customResponseStatusCode: number;
+}
+
+export interface RuleFunctionActionConfig {
+    /**
+     * Function UUID
+     */
+    fnUuid: string;
+}
+
+export interface RuleHeadersActionConfig {
+    /**
+     * Headers to set
+     */
+    headers: {[key: string]: string};
+}
+
+export interface RuleProxyActionConfig {
+    /**
+     * Quant Cloud application container (required when applicationProxy is true)
+     */
+    applicationContainer: string;
+    /**
+     * Quant Cloud application environment (required when applicationProxy is true)
+     */
+    applicationEnvironment: string;
+    /**
+     * Quant Cloud application name (required when applicationProxy is true)
+     */
+    applicationName: string;
+    /**
+     * Quant Cloud application port (required when applicationProxy is true)
+     */
+    applicationPort: number;
+    /**
+     * Enable Quant Cloud application proxy mode
+     */
+    applicationProxy: boolean;
+    /**
+     * Basic auth password
+     */
+    authPass: string;
+    /**
+     * Basic auth username
+     */
+    authUser: string;
+    /**
+     * Cache lifetime
+     */
+    cacheLifetime: string;
+    /**
+     * Disable SSL verification
+     */
+    disableSslVerify: boolean;
+    /**
+     * Failover cache lifetime
+     */
+    failoverLifetime: string;
+    /**
+     * Enable failover mode
+     */
+    failoverMode: boolean;
+    /**
+     * Status codes for failover (default: 200,404,301,302,304)
+     */
+    failoverOriginStatusCodes: string[];
+    /**
+     * Failover TTFB threshold
+     */
+    failoverOriginTtfb: string;
+    /**
+     * Host header override
+     */
+    host: string;
+    /**
+     * Headers to inject
+     */
+    injectHeaders: {[key: string]: string};
+    /**
+     * Notification type (none, slack)
+     */
+    notify: string;
+    /**
+     * Notification configuration (required when notify is slack)
+     */
+    notifyConfig: outputs.RuleProxyActionConfigNotifyConfig;
+    /**
+     * Only proxy 404 responses
+     */
+    onlyProxy404: boolean;
+    /**
+     * Origin timeout
+     */
+    originTimeout: string;
+    /**
+     * Proxy alert enabled
+     */
+    proxyAlertEnabled: boolean;
+    /**
+     * Proxy inline function enabled
+     */
+    proxyInlineFnEnabled: boolean;
+    /**
+     * Headers to strip from response
+     */
+    proxyStripHeaders: string[];
+    /**
+     * Headers to strip from request
+     */
+    proxyStripRequestHeaders: string[];
+    /**
+     * Quant Cloud application proxy selection (populated automatically when applicationProxy is enabled)
+     */
+    quantCloudSelection: outputs.RuleProxyActionConfigQuantCloudSelection;
+    /**
+     * Static error page content (HTML) to serve on origin errors
+     */
+    staticErrorPage: string;
+    /**
+     * Origin status codes that trigger static error page
+     */
+    staticErrorPageStatusCodes: string[];
+    /**
+     * Target URL to proxy to
+     */
+    to: string;
+    /**
+     * Web Application Firewall configuration
+     */
+    wafConfig: outputs.RuleProxyActionConfigWafConfig;
+    /**
+     * WAF enabled
+     */
+    wafEnabled: boolean;
+}
+
+export interface RuleProxyActionConfigNotifyConfig {
+    /**
+     * Slack webhook URL
+     */
+    webhookUrl: string;
+}
+
+export interface RuleProxyActionConfigQuantCloudSelection {
+    /**
+     * Application name
+     */
+    app: string;
+    /**
+     * Container name
+     */
+    container: string;
+    /**
+     * Environment name
+     */
+    env: string;
+    /**
+     * Container port
+     */
+    port: number;
+}
+
+export interface RuleProxyActionConfigWafConfig {
+    /**
+     * IP addresses to allow
+     */
+    allowIps: string[];
+    /**
+     * WAF rule IDs to allow/whitelist
+     */
+    allowRules: string[];
+    /**
+     * ASN numbers to block
+     */
+    blockAsns: string[];
+    /**
+     * IP addresses to block
+     */
+    blockIps: string[];
+    /**
+     * Enable predefined block lists
+     */
+    blockLists: outputs.RuleProxyActionConfigWafConfigBlockLists;
+    /**
+     * Referer patterns to block
+     */
+    blockReferers: string[];
+    /**
+     * User agent patterns to block
+     */
+    blockUas: string[];
+    /**
+     * Project Honey Pot HTTP:BL configuration
+     */
+    httpbl: outputs.RuleProxyActionConfigWafConfigHttpbl;
+    /**
+     * WAF operation mode
+     */
+    mode: string;
+    /**
+     * Email addresses for notifications
+     */
+    notifyEmails: string[];
+    /**
+     * Slack webhook URL for notifications
+     */
+    notifySlack: string;
+    /**
+     * Minimum hits per minute to trigger Slack notification
+     */
+    notifySlackHitsRpm: number;
+    /**
+     * OWASP paranoia level
+     */
+    paranoiaLevel: number;
+    /**
+     * Rate limiting thresholds
+     */
+    thresholds: outputs.RuleProxyActionConfigWafConfigThreshold[];
+}
+
+export interface RuleProxyActionConfigWafConfigBlockLists {
+    /**
+     * Block AI crawlers
+     */
+    ai: boolean;
+    /**
+     * Block known bad IPs
+     */
+    ip: boolean;
+    /**
+     * Block known bad referers
+     */
+    referer: boolean;
+    /**
+     * Block known bad user agents
+     */
+    userAgent: boolean;
+}
+
+export interface RuleProxyActionConfigWafConfigHttpbl {
+    /**
+     * Block email harvesters
+     */
+    blockHarvester: boolean;
+    /**
+     * Block search engines
+     */
+    blockSearchEngine: boolean;
+    /**
+     * Block spam sources
+     */
+    blockSpam: boolean;
+    /**
+     * Block suspicious IPs
+     */
+    blockSuspicious: boolean;
+    /**
+     * Enable HTTP:BL
+     */
+    httpblEnabled: boolean;
+    /**
+     * HTTP:BL API key
+     */
+    httpblKey: string;
+}
+
+export interface RuleProxyActionConfigWafConfigThreshold {
+    /**
+     * Cooldown period in seconds
+     */
+    cooldown: number;
+    /**
+     * Hit count limit (for waf_hit_by_ip)
+     */
+    hits: number;
+    /**
+     * Time window in minutes (for waf_hit_by_ip)
+     */
+    minutes: number;
+    /**
+     * Threshold enforcement mode
+     */
+    mode: string;
+    /**
+     * Slack webhook for this threshold
+     */
+    notifySlack: string;
+    /**
+     * Requests per second limit (for ip/header)
+     */
+    rps: number;
+    /**
+     * Threshold type
+     */
+    type: string;
+    /**
+     * Header name (for header type)
+     */
+    value: string;
+}
+
+export interface RuleProxyWafConfig {
+    /**
+     * IP addresses to allow
+     */
+    allowIps: string[];
+    /**
+     * WAF rule IDs to allow/whitelist
+     */
+    allowRules: string[];
+    /**
+     * ASN numbers to block
+     */
+    blockAsns: string[];
+    /**
+     * IP addresses to block
+     */
+    blockIps: string[];
+    /**
+     * Enable predefined block lists
+     */
+    blockLists: outputs.RuleProxyWafConfigBlockLists;
+    /**
+     * Referer patterns to block
+     */
+    blockReferers: string[];
+    /**
+     * User agent patterns to block
+     */
+    blockUas: string[];
+    /**
+     * Project Honey Pot HTTP:BL configuration
+     */
+    httpbl: outputs.RuleProxyWafConfigHttpbl;
+    /**
+     * WAF operation mode
+     */
+    mode: string;
+    /**
+     * Email addresses for notifications
+     */
+    notifyEmails: string[];
+    /**
+     * Slack webhook URL for notifications
+     */
+    notifySlack: string;
+    /**
+     * Minimum hits per minute to trigger Slack notification
+     */
+    notifySlackHitsRpm: number;
+    /**
+     * OWASP paranoia level
+     */
+    paranoiaLevel: number;
+    /**
+     * Rate limiting thresholds
+     */
+    thresholds: outputs.RuleProxyWafConfigThreshold[];
+}
+
+export interface RuleProxyWafConfigBlockLists {
+    /**
+     * Block AI crawlers
+     */
+    ai: boolean;
+    /**
+     * Block known bad IPs
+     */
+    ip: boolean;
+    /**
+     * Block known bad referers
+     */
+    referer: boolean;
+    /**
+     * Block known bad user agents
+     */
+    userAgent: boolean;
+}
+
+export interface RuleProxyWafConfigHttpbl {
+    /**
+     * Block email harvesters
+     */
+    blockHarvester: boolean;
+    /**
+     * Block search engines
+     */
+    blockSearchEngine: boolean;
+    /**
+     * Block spam sources
+     */
+    blockSpam: boolean;
+    /**
+     * Block suspicious IPs
+     */
+    blockSuspicious: boolean;
+    /**
+     * Enable HTTP:BL
+     */
+    httpblEnabled: boolean;
+    /**
+     * HTTP:BL API key
+     */
+    httpblKey: string;
+}
+
+export interface RuleProxyWafConfigThreshold {
+    /**
+     * Cooldown period in seconds
+     */
+    cooldown: number;
+    /**
+     * Hit count limit (for waf_hit_by_ip)
+     */
+    hits: number;
+    /**
+     * Time window in minutes (for waf_hit_by_ip)
+     */
+    minutes: number;
+    /**
+     * Threshold enforcement mode
+     */
+    mode: string;
+    /**
+     * Slack webhook for this threshold
+     */
+    notifySlack: string;
+    /**
+     * Requests per second limit (for ip/header)
+     */
+    rps: number;
+    /**
+     * Threshold type
+     */
+    type: string;
+    /**
+     * Header name (for header type)
+     */
+    value: string;
+}
+
+export interface RuleRedirectActionConfig {
+    /**
+     * HTTP status code for redirect
+     */
+    statusCode: string;
+    /**
+     * Redirect destination URL
+     */
+    to: string;
+}
+
+export interface RuleServeStaticActionConfig {
+    /**
+     * Path to the static file to serve
+     */
+    staticFilePath: string;
+}
+

package/utilities.ts

@@ -0,0 +1,96 @@
+// *** WARNING: this file was generated by pulumi-language-nodejs. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+
+import * as runtime from "@pulumi/pulumi/runtime";
+import * as pulumi from "@pulumi/pulumi";
+
+export function getEnv(...vars: string[]): string | undefined {
+    for (const v of vars) {
+        const value = process.env[v];
+        if (value) {
+            return value;
+        }
+    }
+    return undefined;
+}
+
+export function getEnvBoolean(...vars: string[]): boolean | undefined {
+    const s = getEnv(...vars);
+    if (s !== undefined) {
+        // NOTE: these values are taken from https://golang.org/src/strconv/atob.go?s=351:391#L1, which is what
+        // Terraform uses internally when parsing boolean values.
+        if (["1", "t", "T", "true", "TRUE", "True"].find(v => v === s) !== undefined) {
+            return true;
+        }
+        if (["0", "f", "F", "false", "FALSE", "False"].find(v => v === s) !== undefined) {
+            return false;
+        }
+    }
+    return undefined;
+}
+
+export function getEnvNumber(...vars: string[]): number | undefined {
+    const s = getEnv(...vars);
+    if (s !== undefined) {
+        const f = parseFloat(s);
+        if (!isNaN(f)) {
+            return f;
+        }
+    }
+    return undefined;
+}
+
+export function getVersion(): string {
+    let version = require('./package.json').version;
+    // Node allows for the version to be prefixed by a "v", while semver doesn't.
+    // If there is a v, strip it off.
+    if (version.indexOf('v') === 0) {
+        version = version.slice(1);
+    }
+    return version;
+}
+
+/** @internal */
+export function resourceOptsDefaults(): any {
+    return { version: getVersion(), pluginDownloadURL: "github://api.github.com/quantcdn/pulumi-quant" };
+}
+
+/** @internal */
+export function lazyLoad(exports: any, props: string[], loadModule: any) {
+    for (let property of props) {
+        Object.defineProperty(exports, property, {
+            enumerable: true,
+            get: function() {
+                return loadModule()[property];
+            },
+        });
+    }
+}
+
+/** @internal */
+export async function callAsync<T>(
+    tok: string,
+    props: pulumi.Inputs,
+    res?: pulumi.Resource,
+    opts?: {property?: string},
+): Promise<T> {
+    const o: any = runtime.call<T>(tok, props, res);
+    const value = await o.promise(true /*withUnknowns*/);
+    const isKnown = await o.isKnown;
+    const isSecret = await o.isSecret;
+    const problem: string|undefined =
+        !isKnown ? "an unknown value"
+        : isSecret ? "a secret value"
+        : undefined;
+    // Ingoring o.resources silently. They are typically non-empty, r.f() calls include r as a dependency.
+    if (problem) {
+        throw new Error(`Plain resource method "${tok}" incorrectly returned ${problem}. ` +
+            "This is an error in the provider, please report this to the provider developer.");
+    }
+    // Extract a single property if requested.
+    if (opts && opts.property) {
+        return value[opts.property];
+    }
+    return value;
+}