@sst-provider/cloudflare5 5.0.0-alpha1

package/bin/accessOrganization.d.ts

@@ -0,0 +1,200 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as inputs from "./types/input";
+import * as outputs from "./types/output";
+export declare class AccessOrganization extends pulumi.CustomResource {
+    /**
+     * Get an existing AccessOrganization resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessOrganizationState, opts?: pulumi.CustomResourceOptions): AccessOrganization;
+    /**
+     * Returns true if the given object is an instance of AccessOrganization.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is AccessOrganization;
+    readonly accessOrganizationId: pulumi.Output<string>;
+    /**
+     * The account identifier to target for the resource. Conflicts with `zone_id`.
+     */
+    readonly accountId: pulumi.Output<string>;
+    /**
+     * When set to true, users can authenticate via WARP for any application in your organization. Application settings will
+     * take precedence over this value.
+     */
+    readonly allowAuthenticateViaWarp: pulumi.Output<boolean | undefined>;
+    /**
+     * The unique subdomain assigned to your Zero Trust organization.
+     */
+    readonly authDomain: pulumi.Output<string>;
+    /**
+     * When set to true, users skip the identity provider selection step during login.
+     */
+    readonly autoRedirectToIdentity: pulumi.Output<boolean | undefined>;
+    /**
+     * Custom pages for your Zero Trust organization.
+     */
+    readonly customPages: pulumi.Output<outputs.AccessOrganizationCustomPage[] | undefined>;
+    /**
+     * When set to true, this will disable all editing of Access resources via the Zero Trust Dashboard.
+     */
+    readonly isUiReadOnly: pulumi.Output<boolean | undefined>;
+    readonly loginDesigns: pulumi.Output<outputs.AccessOrganizationLoginDesign[] | undefined>;
+    /**
+     * The name of your Zero Trust organization.
+     */
+    readonly name: pulumi.Output<string>;
+    /**
+     * How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`.
+     */
+    readonly sessionDuration: pulumi.Output<string | undefined>;
+    /**
+     * A description of the reason why the UI read only field is being toggled.
+     */
+    readonly uiReadOnlyToggleReason: pulumi.Output<string | undefined>;
+    /**
+     * The amount of time a user seat is inactive before it expires. When the user seat exceeds the set time of inactivity, the
+     * user is removed as an active seat and no longer counts against your Teams seat count. Must be in the format `300ms` or
+     * `2h45m`.
+     */
+    readonly userSeatExpirationInactiveTime: pulumi.Output<string | undefined>;
+    /**
+     * The amount of time that tokens issued for applications will be valid. Must be in the format 30m or 2h45m. Valid time
+     * units are: m, h.
+     */
+    readonly warpAuthSessionDuration: pulumi.Output<string | undefined>;
+    /**
+     * The zone identifier to target for the resource. Conflicts with `account_id`.
+     */
+    readonly zoneId: pulumi.Output<string>;
+    /**
+     * Create a AccessOrganization resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: AccessOrganizationArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering AccessOrganization resources.
+ */
+export interface AccessOrganizationState {
+    accessOrganizationId?: pulumi.Input<string>;
+    /**
+     * The account identifier to target for the resource. Conflicts with `zone_id`.
+     */
+    accountId?: pulumi.Input<string>;
+    /**
+     * When set to true, users can authenticate via WARP for any application in your organization. Application settings will
+     * take precedence over this value.
+     */
+    allowAuthenticateViaWarp?: pulumi.Input<boolean>;
+    /**
+     * The unique subdomain assigned to your Zero Trust organization.
+     */
+    authDomain?: pulumi.Input<string>;
+    /**
+     * When set to true, users skip the identity provider selection step during login.
+     */
+    autoRedirectToIdentity?: pulumi.Input<boolean>;
+    /**
+     * Custom pages for your Zero Trust organization.
+     */
+    customPages?: pulumi.Input<pulumi.Input<inputs.AccessOrganizationCustomPage>[]>;
+    /**
+     * When set to true, this will disable all editing of Access resources via the Zero Trust Dashboard.
+     */
+    isUiReadOnly?: pulumi.Input<boolean>;
+    loginDesigns?: pulumi.Input<pulumi.Input<inputs.AccessOrganizationLoginDesign>[]>;
+    /**
+     * The name of your Zero Trust organization.
+     */
+    name?: pulumi.Input<string>;
+    /**
+     * How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`.
+     */
+    sessionDuration?: pulumi.Input<string>;
+    /**
+     * A description of the reason why the UI read only field is being toggled.
+     */
+    uiReadOnlyToggleReason?: pulumi.Input<string>;
+    /**
+     * The amount of time a user seat is inactive before it expires. When the user seat exceeds the set time of inactivity, the
+     * user is removed as an active seat and no longer counts against your Teams seat count. Must be in the format `300ms` or
+     * `2h45m`.
+     */
+    userSeatExpirationInactiveTime?: pulumi.Input<string>;
+    /**
+     * The amount of time that tokens issued for applications will be valid. Must be in the format 30m or 2h45m. Valid time
+     * units are: m, h.
+     */
+    warpAuthSessionDuration?: pulumi.Input<string>;
+    /**
+     * The zone identifier to target for the resource. Conflicts with `account_id`.
+     */
+    zoneId?: pulumi.Input<string>;
+}
+/**
+ * The set of arguments for constructing a AccessOrganization resource.
+ */
+export interface AccessOrganizationArgs {
+    accessOrganizationId?: pulumi.Input<string>;
+    /**
+     * The account identifier to target for the resource. Conflicts with `zone_id`.
+     */
+    accountId?: pulumi.Input<string>;
+    /**
+     * When set to true, users can authenticate via WARP for any application in your organization. Application settings will
+     * take precedence over this value.
+     */
+    allowAuthenticateViaWarp?: pulumi.Input<boolean>;
+    /**
+     * The unique subdomain assigned to your Zero Trust organization.
+     */
+    authDomain: pulumi.Input<string>;
+    /**
+     * When set to true, users skip the identity provider selection step during login.
+     */
+    autoRedirectToIdentity?: pulumi.Input<boolean>;
+    /**
+     * Custom pages for your Zero Trust organization.
+     */
+    customPages?: pulumi.Input<pulumi.Input<inputs.AccessOrganizationCustomPage>[]>;
+    /**
+     * When set to true, this will disable all editing of Access resources via the Zero Trust Dashboard.
+     */
+    isUiReadOnly?: pulumi.Input<boolean>;
+    loginDesigns?: pulumi.Input<pulumi.Input<inputs.AccessOrganizationLoginDesign>[]>;
+    /**
+     * The name of your Zero Trust organization.
+     */
+    name?: pulumi.Input<string>;
+    /**
+     * How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`.
+     */
+    sessionDuration?: pulumi.Input<string>;
+    /**
+     * A description of the reason why the UI read only field is being toggled.
+     */
+    uiReadOnlyToggleReason?: pulumi.Input<string>;
+    /**
+     * The amount of time a user seat is inactive before it expires. When the user seat exceeds the set time of inactivity, the
+     * user is removed as an active seat and no longer counts against your Teams seat count. Must be in the format `300ms` or
+     * `2h45m`.
+     */
+    userSeatExpirationInactiveTime?: pulumi.Input<string>;
+    /**
+     * The amount of time that tokens issued for applications will be valid. Must be in the format 30m or 2h45m. Valid time
+     * units are: m, h.
+     */
+    warpAuthSessionDuration?: pulumi.Input<string>;
+    /**
+     * The zone identifier to target for the resource. Conflicts with `account_id`.
+     */
+    zoneId?: pulumi.Input<string>;
+}

package/bin/accessOrganization.js

@@ -0,0 +1,78 @@
+"use strict";
+// *** WARNING: this file was generated by pulumi-language-nodejs. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccessOrganization = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("./utilities");
+class AccessOrganization extends pulumi.CustomResource {
+    /**
+     * Get an existing AccessOrganization resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name, id, state, opts) {
+        return new AccessOrganization(name, state, Object.assign(Object.assign({}, opts), { id: id }));
+    }
+    /**
+     * Returns true if the given object is an instance of AccessOrganization.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === AccessOrganization.__pulumiType;
+    }
+    constructor(name, argsOrState, opts) {
+        let resourceInputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState;
+            resourceInputs["accessOrganizationId"] = state ? state.accessOrganizationId : undefined;
+            resourceInputs["accountId"] = state ? state.accountId : undefined;
+            resourceInputs["allowAuthenticateViaWarp"] = state ? state.allowAuthenticateViaWarp : undefined;
+            resourceInputs["authDomain"] = state ? state.authDomain : undefined;
+            resourceInputs["autoRedirectToIdentity"] = state ? state.autoRedirectToIdentity : undefined;
+            resourceInputs["customPages"] = state ? state.customPages : undefined;
+            resourceInputs["isUiReadOnly"] = state ? state.isUiReadOnly : undefined;
+            resourceInputs["loginDesigns"] = state ? state.loginDesigns : undefined;
+            resourceInputs["name"] = state ? state.name : undefined;
+            resourceInputs["sessionDuration"] = state ? state.sessionDuration : undefined;
+            resourceInputs["uiReadOnlyToggleReason"] = state ? state.uiReadOnlyToggleReason : undefined;
+            resourceInputs["userSeatExpirationInactiveTime"] = state ? state.userSeatExpirationInactiveTime : undefined;
+            resourceInputs["warpAuthSessionDuration"] = state ? state.warpAuthSessionDuration : undefined;
+            resourceInputs["zoneId"] = state ? state.zoneId : undefined;
+        }
+        else {
+            const args = argsOrState;
+            if ((!args || args.authDomain === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'authDomain'");
+            }
+            resourceInputs["accessOrganizationId"] = args ? args.accessOrganizationId : undefined;
+            resourceInputs["accountId"] = args ? args.accountId : undefined;
+            resourceInputs["allowAuthenticateViaWarp"] = args ? args.allowAuthenticateViaWarp : undefined;
+            resourceInputs["authDomain"] = args ? args.authDomain : undefined;
+            resourceInputs["autoRedirectToIdentity"] = args ? args.autoRedirectToIdentity : undefined;
+            resourceInputs["customPages"] = args ? args.customPages : undefined;
+            resourceInputs["isUiReadOnly"] = args ? args.isUiReadOnly : undefined;
+            resourceInputs["loginDesigns"] = args ? args.loginDesigns : undefined;
+            resourceInputs["name"] = args ? args.name : undefined;
+            resourceInputs["sessionDuration"] = args ? args.sessionDuration : undefined;
+            resourceInputs["uiReadOnlyToggleReason"] = args ? args.uiReadOnlyToggleReason : undefined;
+            resourceInputs["userSeatExpirationInactiveTime"] = args ? args.userSeatExpirationInactiveTime : undefined;
+            resourceInputs["warpAuthSessionDuration"] = args ? args.warpAuthSessionDuration : undefined;
+            resourceInputs["zoneId"] = args ? args.zoneId : undefined;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        super(AccessOrganization.__pulumiType, name, resourceInputs, opts, false /*dependency*/, utilities.getPackage());
+    }
+}
+exports.AccessOrganization = AccessOrganization;
+/** @internal */
+AccessOrganization.__pulumiType = 'cloudflare:index/accessOrganization:AccessOrganization';
+//# sourceMappingURL=accessOrganization.js.map

package/bin/accessOrganization.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"accessOrganization.js","sourceRoot":"","sources":["../accessOrganization.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC,MAAa,kBAAmB,SAAQ,MAAM,CAAC,cAAc;IACzD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA+B,EAAE,IAAmC;QAC7H,OAAO,IAAI,kBAAkB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACzE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,kBAAkB,CAAC,YAAY,CAAC;IACnE,CAAC;IAiED,YAAY,IAAY,EAAE,WAA8D,EAAE,IAAmC;QACzH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAkD,CAAC;YACjE,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,0BAA0B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChG,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,gCAAgC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5G,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;aAAM;YACH,MAAM,IAAI,GAAG,WAAiD,CAAC;YAC/D,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACvD,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;aAC7D;YACD,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,0BAA0B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,gCAAgC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1G,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,kBAAkB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,CAAC,cAAc,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC,CAAC;IACrH,CAAC;;AApIL,gDAqIC;AAvHG,gBAAgB;AACO,+BAAY,GAAG,wDAAwD,CAAC"}

package/bin/accessPolicy.d.ts

@@ -0,0 +1,197 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as inputs from "./types/input";
+import * as outputs from "./types/output";
+export declare class AccessPolicy extends pulumi.CustomResource {
+    /**
+     * Get an existing AccessPolicy resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessPolicyState, opts?: pulumi.CustomResourceOptions): AccessPolicy;
+    /**
+     * Returns true if the given object is an instance of AccessPolicy.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is AccessPolicy;
+    readonly accessPolicyId: pulumi.Output<string>;
+    /**
+     * The account identifier to target for the resource. Conflicts with `zone_id`.
+     */
+    readonly accountId: pulumi.Output<string | undefined>;
+    /**
+     * The ID of the application the policy is associated with. Required when using `precedence`. **Modifying this attribute
+     * will force creation of a new resource.**
+     */
+    readonly applicationId: pulumi.Output<string | undefined>;
+    readonly approvalGroups: pulumi.Output<outputs.AccessPolicyApprovalGroup[] | undefined>;
+    readonly approvalRequired: pulumi.Output<boolean | undefined>;
+    /**
+     * The rules that define how users may connect to the targets secured by your application.
+     */
+    readonly connectionRules: pulumi.Output<outputs.AccessPolicyConnectionRules | undefined>;
+    /**
+     * Defines the action Access will take if the policy matches the user. Available values: `allow`, `deny`, `non_identity`,
+     * `bypass`.
+     */
+    readonly decision: pulumi.Output<string>;
+    readonly excludes: pulumi.Output<outputs.AccessPolicyExclude[] | undefined>;
+    readonly includes: pulumi.Output<outputs.AccessPolicyInclude[]>;
+    /**
+     * Require this application to be served in an isolated browser for users matching this policy.
+     */
+    readonly isolationRequired: pulumi.Output<boolean | undefined>;
+    /**
+     * Friendly name of the Access Policy.
+     */
+    readonly name: pulumi.Output<string>;
+    /**
+     * The unique precedence for policies on a single application. Required when using `application_id`.
+     */
+    readonly precedence: pulumi.Output<number | undefined>;
+    /**
+     * The prompt to display to the user for a justification for accessing the resource. Required when using
+     * `purpose_justification_required`.
+     */
+    readonly purposeJustificationPrompt: pulumi.Output<string | undefined>;
+    /**
+     * Whether to prompt the user for a justification for accessing the resource.
+     */
+    readonly purposeJustificationRequired: pulumi.Output<boolean | undefined>;
+    readonly requires: pulumi.Output<outputs.AccessPolicyRequire[] | undefined>;
+    /**
+     * How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`.
+     */
+    readonly sessionDuration: pulumi.Output<string | undefined>;
+    /**
+     * The zone identifier to target for the resource. Conflicts with `account_id`.
+     */
+    readonly zoneId: pulumi.Output<string | undefined>;
+    /**
+     * Create a AccessPolicy resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: AccessPolicyArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering AccessPolicy resources.
+ */
+export interface AccessPolicyState {
+    accessPolicyId?: pulumi.Input<string>;
+    /**
+     * The account identifier to target for the resource. Conflicts with `zone_id`.
+     */
+    accountId?: pulumi.Input<string>;
+    /**
+     * The ID of the application the policy is associated with. Required when using `precedence`. **Modifying this attribute
+     * will force creation of a new resource.**
+     */
+    applicationId?: pulumi.Input<string>;
+    approvalGroups?: pulumi.Input<pulumi.Input<inputs.AccessPolicyApprovalGroup>[]>;
+    approvalRequired?: pulumi.Input<boolean>;
+    /**
+     * The rules that define how users may connect to the targets secured by your application.
+     */
+    connectionRules?: pulumi.Input<inputs.AccessPolicyConnectionRules>;
+    /**
+     * Defines the action Access will take if the policy matches the user. Available values: `allow`, `deny`, `non_identity`,
+     * `bypass`.
+     */
+    decision?: pulumi.Input<string>;
+    excludes?: pulumi.Input<pulumi.Input<inputs.AccessPolicyExclude>[]>;
+    includes?: pulumi.Input<pulumi.Input<inputs.AccessPolicyInclude>[]>;
+    /**
+     * Require this application to be served in an isolated browser for users matching this policy.
+     */
+    isolationRequired?: pulumi.Input<boolean>;
+    /**
+     * Friendly name of the Access Policy.
+     */
+    name?: pulumi.Input<string>;
+    /**
+     * The unique precedence for policies on a single application. Required when using `application_id`.
+     */
+    precedence?: pulumi.Input<number>;
+    /**
+     * The prompt to display to the user for a justification for accessing the resource. Required when using
+     * `purpose_justification_required`.
+     */
+    purposeJustificationPrompt?: pulumi.Input<string>;
+    /**
+     * Whether to prompt the user for a justification for accessing the resource.
+     */
+    purposeJustificationRequired?: pulumi.Input<boolean>;
+    requires?: pulumi.Input<pulumi.Input<inputs.AccessPolicyRequire>[]>;
+    /**
+     * How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`.
+     */
+    sessionDuration?: pulumi.Input<string>;
+    /**
+     * The zone identifier to target for the resource. Conflicts with `account_id`.
+     */
+    zoneId?: pulumi.Input<string>;
+}
+/**
+ * The set of arguments for constructing a AccessPolicy resource.
+ */
+export interface AccessPolicyArgs {
+    accessPolicyId?: pulumi.Input<string>;
+    /**
+     * The account identifier to target for the resource. Conflicts with `zone_id`.
+     */
+    accountId?: pulumi.Input<string>;
+    /**
+     * The ID of the application the policy is associated with. Required when using `precedence`. **Modifying this attribute
+     * will force creation of a new resource.**
+     */
+    applicationId?: pulumi.Input<string>;
+    approvalGroups?: pulumi.Input<pulumi.Input<inputs.AccessPolicyApprovalGroup>[]>;
+    approvalRequired?: pulumi.Input<boolean>;
+    /**
+     * The rules that define how users may connect to the targets secured by your application.
+     */
+    connectionRules?: pulumi.Input<inputs.AccessPolicyConnectionRules>;
+    /**
+     * Defines the action Access will take if the policy matches the user. Available values: `allow`, `deny`, `non_identity`,
+     * `bypass`.
+     */
+    decision: pulumi.Input<string>;
+    excludes?: pulumi.Input<pulumi.Input<inputs.AccessPolicyExclude>[]>;
+    includes: pulumi.Input<pulumi.Input<inputs.AccessPolicyInclude>[]>;
+    /**
+     * Require this application to be served in an isolated browser for users matching this policy.
+     */
+    isolationRequired?: pulumi.Input<boolean>;
+    /**
+     * Friendly name of the Access Policy.
+     */
+    name?: pulumi.Input<string>;
+    /**
+     * The unique precedence for policies on a single application. Required when using `application_id`.
+     */
+    precedence?: pulumi.Input<number>;
+    /**
+     * The prompt to display to the user for a justification for accessing the resource. Required when using
+     * `purpose_justification_required`.
+     */
+    purposeJustificationPrompt?: pulumi.Input<string>;
+    /**
+     * Whether to prompt the user for a justification for accessing the resource.
+     */
+    purposeJustificationRequired?: pulumi.Input<boolean>;
+    requires?: pulumi.Input<pulumi.Input<inputs.AccessPolicyRequire>[]>;
+    /**
+     * How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`.
+     */
+    sessionDuration?: pulumi.Input<string>;
+    /**
+     * The zone identifier to target for the resource. Conflicts with `account_id`.
+     */
+    zoneId?: pulumi.Input<string>;
+}

package/bin/accessPolicy.js

@@ -0,0 +1,87 @@
+"use strict";
+// *** WARNING: this file was generated by pulumi-language-nodejs. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccessPolicy = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("./utilities");
+class AccessPolicy extends pulumi.CustomResource {
+    /**
+     * Get an existing AccessPolicy resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name, id, state, opts) {
+        return new AccessPolicy(name, state, Object.assign(Object.assign({}, opts), { id: id }));
+    }
+    /**
+     * Returns true if the given object is an instance of AccessPolicy.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === AccessPolicy.__pulumiType;
+    }
+    constructor(name, argsOrState, opts) {
+        let resourceInputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState;
+            resourceInputs["accessPolicyId"] = state ? state.accessPolicyId : undefined;
+            resourceInputs["accountId"] = state ? state.accountId : undefined;
+            resourceInputs["applicationId"] = state ? state.applicationId : undefined;
+            resourceInputs["approvalGroups"] = state ? state.approvalGroups : undefined;
+            resourceInputs["approvalRequired"] = state ? state.approvalRequired : undefined;
+            resourceInputs["connectionRules"] = state ? state.connectionRules : undefined;
+            resourceInputs["decision"] = state ? state.decision : undefined;
+            resourceInputs["excludes"] = state ? state.excludes : undefined;
+            resourceInputs["includes"] = state ? state.includes : undefined;
+            resourceInputs["isolationRequired"] = state ? state.isolationRequired : undefined;
+            resourceInputs["name"] = state ? state.name : undefined;
+            resourceInputs["precedence"] = state ? state.precedence : undefined;
+            resourceInputs["purposeJustificationPrompt"] = state ? state.purposeJustificationPrompt : undefined;
+            resourceInputs["purposeJustificationRequired"] = state ? state.purposeJustificationRequired : undefined;
+            resourceInputs["requires"] = state ? state.requires : undefined;
+            resourceInputs["sessionDuration"] = state ? state.sessionDuration : undefined;
+            resourceInputs["zoneId"] = state ? state.zoneId : undefined;
+        }
+        else {
+            const args = argsOrState;
+            if ((!args || args.decision === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'decision'");
+            }
+            if ((!args || args.includes === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'includes'");
+            }
+            resourceInputs["accessPolicyId"] = args ? args.accessPolicyId : undefined;
+            resourceInputs["accountId"] = args ? args.accountId : undefined;
+            resourceInputs["applicationId"] = args ? args.applicationId : undefined;
+            resourceInputs["approvalGroups"] = args ? args.approvalGroups : undefined;
+            resourceInputs["approvalRequired"] = args ? args.approvalRequired : undefined;
+            resourceInputs["connectionRules"] = args ? args.connectionRules : undefined;
+            resourceInputs["decision"] = args ? args.decision : undefined;
+            resourceInputs["excludes"] = args ? args.excludes : undefined;
+            resourceInputs["includes"] = args ? args.includes : undefined;
+            resourceInputs["isolationRequired"] = args ? args.isolationRequired : undefined;
+            resourceInputs["name"] = args ? args.name : undefined;
+            resourceInputs["precedence"] = args ? args.precedence : undefined;
+            resourceInputs["purposeJustificationPrompt"] = args ? args.purposeJustificationPrompt : undefined;
+            resourceInputs["purposeJustificationRequired"] = args ? args.purposeJustificationRequired : undefined;
+            resourceInputs["requires"] = args ? args.requires : undefined;
+            resourceInputs["sessionDuration"] = args ? args.sessionDuration : undefined;
+            resourceInputs["zoneId"] = args ? args.zoneId : undefined;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        super(AccessPolicy.__pulumiType, name, resourceInputs, opts, false /*dependency*/, utilities.getPackage());
+    }
+}
+exports.AccessPolicy = AccessPolicy;
+/** @internal */
+AccessPolicy.__pulumiType = 'cloudflare:index/accessPolicy:AccessPolicy';
+//# sourceMappingURL=accessPolicy.js.map

package/bin/accessPolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"accessPolicy.js","sourceRoot":"","sources":["../accessPolicy.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC,MAAa,YAAa,SAAQ,MAAM,CAAC,cAAc;IACnD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAyB,EAAE,IAAmC;QACvH,OAAO,IAAI,YAAY,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACnE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,YAAY,CAAC,YAAY,CAAC;IAC7D,CAAC;IAgED,YAAY,IAAY,EAAE,WAAkD,EAAE,IAAmC;QAC7G,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA4C,CAAC;YAC3D,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,4BAA4B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC,CAAC,SAAS,CAAC;YACpG,cAAc,CAAC,8BAA8B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC,SAAS,CAAC;YACxG,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;aAAM;YACH,MAAM,IAAI,GAAG,WAA2C,CAAC;YACzD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACrD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACrD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,4BAA4B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,CAAC,SAAS,CAAC;YAClG,cAAc,CAAC,8BAA8B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC,SAAS,CAAC;YACtG,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,YAAY,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,CAAC,cAAc,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC,CAAC;IAC/G,CAAC;;AA5IL,oCA6IC;AA/HG,gBAAgB;AACO,yBAAY,GAAG,4CAA4C,CAAC"}