/
firewallRule.go
375 lines (315 loc) · 14.5 KB
/
firewallRule.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package cloudflare
import (
"context"
"reflect"
"github.com/pkg/errors"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
// Define Firewall rules using filter expressions for more control over how traffic is matched to the rule.
// A filter expression permits selecting traffic by multiple criteria allowing greater freedom in rule creation.
//
// Filter expressions needs to be created first before using Firewall Rule. See Filter.
//
// ## Example Usage
//
// ```go
// package main
//
// import (
// "github.com/pulumi/pulumi-cloudflare/sdk/v3/go/cloudflare"
// "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
// )
//
// func main() {
// pulumi.Run(func(ctx *pulumi.Context) error {
// wordpressFilter, err := cloudflare.NewFilter(ctx, "wordpressFilter", &cloudflare.FilterArgs{
// ZoneId: pulumi.String("d41d8cd98f00b204e9800998ecf8427e"),
// Description: pulumi.String("Wordpress break-in attempts that are outside of the office"),
// Expression: pulumi.String("(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.src ne 192.0.2.1"),
// })
// if err != nil {
// return err
// }
// _, err = cloudflare.NewFirewallRule(ctx, "wordpressFirewallRule", &cloudflare.FirewallRuleArgs{
// ZoneId: pulumi.String("d41d8cd98f00b204e9800998ecf8427e"),
// Description: pulumi.String("Block wordpress break-in attempts"),
// FilterId: wordpressFilter.ID(),
// Action: pulumi.String("block"),
// })
// if err != nil {
// return err
// }
// return nil
// })
// }
// ```
//
// ## Import
//
// Firewall Rule can be imported using a composite ID formed of zone ID and rule ID, e.g.
//
// ```sh
// $ pulumi import cloudflare:index/firewallRule:FirewallRule default d41d8cd98f00b204e9800998ecf8427e/9e107d9d372bb6826bd81d3542a419d6
// ```
//
// where* `d41d8cd98f00b204e9800998ecf8427e` - zone ID * `9e107d9d372bb6826bd81d3542a419d6` - rule ID as returned by [API](https://api.cloudflare.com/#zone-firewall-filter-rules)
type FirewallRule struct {
pulumi.CustomResourceState
// The action to apply to a matched request. Allowed values: "block", "challenge", "allow", "jsChallenge", "bypass". Enterprise plan also allows "log".
Action pulumi.StringOutput `pulumi:"action"`
// A description of the rule to help identify it.
Description pulumi.StringPtrOutput `pulumi:"description"`
FilterId pulumi.StringOutput `pulumi:"filterId"`
// Whether this filter based firewall rule is currently paused. Boolean value.
Paused pulumi.BoolPtrOutput `pulumi:"paused"`
// The priority of the rule to allow control of processing order. A lower number indicates high priority. If not provided, any rules with a priority will be sequenced before those without.
Priority pulumi.IntPtrOutput `pulumi:"priority"`
// List of products to bypass for a request when the bypass action is used. Allowed values: "zoneLockdown", "uaBlock", "bic", "hot", "securityLevel", "rateLimit", "waf".
Products pulumi.StringArrayOutput `pulumi:"products"`
// The DNS zone to which the Filter should be added.
ZoneId pulumi.StringOutput `pulumi:"zoneId"`
}
// NewFirewallRule registers a new resource with the given unique name, arguments, and options.
func NewFirewallRule(ctx *pulumi.Context,
name string, args *FirewallRuleArgs, opts ...pulumi.ResourceOption) (*FirewallRule, error) {
if args == nil {
return nil, errors.New("missing one or more required arguments")
}
if args.Action == nil {
return nil, errors.New("invalid value for required argument 'Action'")
}
if args.FilterId == nil {
return nil, errors.New("invalid value for required argument 'FilterId'")
}
if args.ZoneId == nil {
return nil, errors.New("invalid value for required argument 'ZoneId'")
}
var resource FirewallRule
err := ctx.RegisterResource("cloudflare:index/firewallRule:FirewallRule", name, args, &resource, opts...)
if err != nil {
return nil, err
}
return &resource, nil
}
// GetFirewallRule gets an existing FirewallRule resource's state with the given name, ID, and optional
// state properties that are used to uniquely qualify the lookup (nil if not required).
func GetFirewallRule(ctx *pulumi.Context,
name string, id pulumi.IDInput, state *FirewallRuleState, opts ...pulumi.ResourceOption) (*FirewallRule, error) {
var resource FirewallRule
err := ctx.ReadResource("cloudflare:index/firewallRule:FirewallRule", name, id, state, &resource, opts...)
if err != nil {
return nil, err
}
return &resource, nil
}
// Input properties used for looking up and filtering FirewallRule resources.
type firewallRuleState struct {
// The action to apply to a matched request. Allowed values: "block", "challenge", "allow", "jsChallenge", "bypass". Enterprise plan also allows "log".
Action *string `pulumi:"action"`
// A description of the rule to help identify it.
Description *string `pulumi:"description"`
FilterId *string `pulumi:"filterId"`
// Whether this filter based firewall rule is currently paused. Boolean value.
Paused *bool `pulumi:"paused"`
// The priority of the rule to allow control of processing order. A lower number indicates high priority. If not provided, any rules with a priority will be sequenced before those without.
Priority *int `pulumi:"priority"`
// List of products to bypass for a request when the bypass action is used. Allowed values: "zoneLockdown", "uaBlock", "bic", "hot", "securityLevel", "rateLimit", "waf".
Products []string `pulumi:"products"`
// The DNS zone to which the Filter should be added.
ZoneId *string `pulumi:"zoneId"`
}
type FirewallRuleState struct {
// The action to apply to a matched request. Allowed values: "block", "challenge", "allow", "jsChallenge", "bypass". Enterprise plan also allows "log".
Action pulumi.StringPtrInput
// A description of the rule to help identify it.
Description pulumi.StringPtrInput
FilterId pulumi.StringPtrInput
// Whether this filter based firewall rule is currently paused. Boolean value.
Paused pulumi.BoolPtrInput
// The priority of the rule to allow control of processing order. A lower number indicates high priority. If not provided, any rules with a priority will be sequenced before those without.
Priority pulumi.IntPtrInput
// List of products to bypass for a request when the bypass action is used. Allowed values: "zoneLockdown", "uaBlock", "bic", "hot", "securityLevel", "rateLimit", "waf".
Products pulumi.StringArrayInput
// The DNS zone to which the Filter should be added.
ZoneId pulumi.StringPtrInput
}
func (FirewallRuleState) ElementType() reflect.Type {
return reflect.TypeOf((*firewallRuleState)(nil)).Elem()
}
type firewallRuleArgs struct {
// The action to apply to a matched request. Allowed values: "block", "challenge", "allow", "jsChallenge", "bypass". Enterprise plan also allows "log".
Action string `pulumi:"action"`
// A description of the rule to help identify it.
Description *string `pulumi:"description"`
FilterId string `pulumi:"filterId"`
// Whether this filter based firewall rule is currently paused. Boolean value.
Paused *bool `pulumi:"paused"`
// The priority of the rule to allow control of processing order. A lower number indicates high priority. If not provided, any rules with a priority will be sequenced before those without.
Priority *int `pulumi:"priority"`
// List of products to bypass for a request when the bypass action is used. Allowed values: "zoneLockdown", "uaBlock", "bic", "hot", "securityLevel", "rateLimit", "waf".
Products []string `pulumi:"products"`
// The DNS zone to which the Filter should be added.
ZoneId string `pulumi:"zoneId"`
}
// The set of arguments for constructing a FirewallRule resource.
type FirewallRuleArgs struct {
// The action to apply to a matched request. Allowed values: "block", "challenge", "allow", "jsChallenge", "bypass". Enterprise plan also allows "log".
Action pulumi.StringInput
// A description of the rule to help identify it.
Description pulumi.StringPtrInput
FilterId pulumi.StringInput
// Whether this filter based firewall rule is currently paused. Boolean value.
Paused pulumi.BoolPtrInput
// The priority of the rule to allow control of processing order. A lower number indicates high priority. If not provided, any rules with a priority will be sequenced before those without.
Priority pulumi.IntPtrInput
// List of products to bypass for a request when the bypass action is used. Allowed values: "zoneLockdown", "uaBlock", "bic", "hot", "securityLevel", "rateLimit", "waf".
Products pulumi.StringArrayInput
// The DNS zone to which the Filter should be added.
ZoneId pulumi.StringInput
}
func (FirewallRuleArgs) ElementType() reflect.Type {
return reflect.TypeOf((*firewallRuleArgs)(nil)).Elem()
}
type FirewallRuleInput interface {
pulumi.Input
ToFirewallRuleOutput() FirewallRuleOutput
ToFirewallRuleOutputWithContext(ctx context.Context) FirewallRuleOutput
}
func (*FirewallRule) ElementType() reflect.Type {
return reflect.TypeOf((*FirewallRule)(nil))
}
func (i *FirewallRule) ToFirewallRuleOutput() FirewallRuleOutput {
return i.ToFirewallRuleOutputWithContext(context.Background())
}
func (i *FirewallRule) ToFirewallRuleOutputWithContext(ctx context.Context) FirewallRuleOutput {
return pulumi.ToOutputWithContext(ctx, i).(FirewallRuleOutput)
}
func (i *FirewallRule) ToFirewallRulePtrOutput() FirewallRulePtrOutput {
return i.ToFirewallRulePtrOutputWithContext(context.Background())
}
func (i *FirewallRule) ToFirewallRulePtrOutputWithContext(ctx context.Context) FirewallRulePtrOutput {
return pulumi.ToOutputWithContext(ctx, i).(FirewallRulePtrOutput)
}
type FirewallRulePtrInput interface {
pulumi.Input
ToFirewallRulePtrOutput() FirewallRulePtrOutput
ToFirewallRulePtrOutputWithContext(ctx context.Context) FirewallRulePtrOutput
}
type firewallRulePtrType FirewallRuleArgs
func (*firewallRulePtrType) ElementType() reflect.Type {
return reflect.TypeOf((**FirewallRule)(nil))
}
func (i *firewallRulePtrType) ToFirewallRulePtrOutput() FirewallRulePtrOutput {
return i.ToFirewallRulePtrOutputWithContext(context.Background())
}
func (i *firewallRulePtrType) ToFirewallRulePtrOutputWithContext(ctx context.Context) FirewallRulePtrOutput {
return pulumi.ToOutputWithContext(ctx, i).(FirewallRulePtrOutput)
}
// FirewallRuleArrayInput is an input type that accepts FirewallRuleArray and FirewallRuleArrayOutput values.
// You can construct a concrete instance of `FirewallRuleArrayInput` via:
//
// FirewallRuleArray{ FirewallRuleArgs{...} }
type FirewallRuleArrayInput interface {
pulumi.Input
ToFirewallRuleArrayOutput() FirewallRuleArrayOutput
ToFirewallRuleArrayOutputWithContext(context.Context) FirewallRuleArrayOutput
}
type FirewallRuleArray []FirewallRuleInput
func (FirewallRuleArray) ElementType() reflect.Type {
return reflect.TypeOf(([]*FirewallRule)(nil))
}
func (i FirewallRuleArray) ToFirewallRuleArrayOutput() FirewallRuleArrayOutput {
return i.ToFirewallRuleArrayOutputWithContext(context.Background())
}
func (i FirewallRuleArray) ToFirewallRuleArrayOutputWithContext(ctx context.Context) FirewallRuleArrayOutput {
return pulumi.ToOutputWithContext(ctx, i).(FirewallRuleArrayOutput)
}
// FirewallRuleMapInput is an input type that accepts FirewallRuleMap and FirewallRuleMapOutput values.
// You can construct a concrete instance of `FirewallRuleMapInput` via:
//
// FirewallRuleMap{ "key": FirewallRuleArgs{...} }
type FirewallRuleMapInput interface {
pulumi.Input
ToFirewallRuleMapOutput() FirewallRuleMapOutput
ToFirewallRuleMapOutputWithContext(context.Context) FirewallRuleMapOutput
}
type FirewallRuleMap map[string]FirewallRuleInput
func (FirewallRuleMap) ElementType() reflect.Type {
return reflect.TypeOf((map[string]*FirewallRule)(nil))
}
func (i FirewallRuleMap) ToFirewallRuleMapOutput() FirewallRuleMapOutput {
return i.ToFirewallRuleMapOutputWithContext(context.Background())
}
func (i FirewallRuleMap) ToFirewallRuleMapOutputWithContext(ctx context.Context) FirewallRuleMapOutput {
return pulumi.ToOutputWithContext(ctx, i).(FirewallRuleMapOutput)
}
type FirewallRuleOutput struct {
*pulumi.OutputState
}
func (FirewallRuleOutput) ElementType() reflect.Type {
return reflect.TypeOf((*FirewallRule)(nil))
}
func (o FirewallRuleOutput) ToFirewallRuleOutput() FirewallRuleOutput {
return o
}
func (o FirewallRuleOutput) ToFirewallRuleOutputWithContext(ctx context.Context) FirewallRuleOutput {
return o
}
func (o FirewallRuleOutput) ToFirewallRulePtrOutput() FirewallRulePtrOutput {
return o.ToFirewallRulePtrOutputWithContext(context.Background())
}
func (o FirewallRuleOutput) ToFirewallRulePtrOutputWithContext(ctx context.Context) FirewallRulePtrOutput {
return o.ApplyT(func(v FirewallRule) *FirewallRule {
return &v
}).(FirewallRulePtrOutput)
}
type FirewallRulePtrOutput struct {
*pulumi.OutputState
}
func (FirewallRulePtrOutput) ElementType() reflect.Type {
return reflect.TypeOf((**FirewallRule)(nil))
}
func (o FirewallRulePtrOutput) ToFirewallRulePtrOutput() FirewallRulePtrOutput {
return o
}
func (o FirewallRulePtrOutput) ToFirewallRulePtrOutputWithContext(ctx context.Context) FirewallRulePtrOutput {
return o
}
type FirewallRuleArrayOutput struct{ *pulumi.OutputState }
func (FirewallRuleArrayOutput) ElementType() reflect.Type {
return reflect.TypeOf((*[]FirewallRule)(nil))
}
func (o FirewallRuleArrayOutput) ToFirewallRuleArrayOutput() FirewallRuleArrayOutput {
return o
}
func (o FirewallRuleArrayOutput) ToFirewallRuleArrayOutputWithContext(ctx context.Context) FirewallRuleArrayOutput {
return o
}
func (o FirewallRuleArrayOutput) Index(i pulumi.IntInput) FirewallRuleOutput {
return pulumi.All(o, i).ApplyT(func(vs []interface{}) FirewallRule {
return vs[0].([]FirewallRule)[vs[1].(int)]
}).(FirewallRuleOutput)
}
type FirewallRuleMapOutput struct{ *pulumi.OutputState }
func (FirewallRuleMapOutput) ElementType() reflect.Type {
return reflect.TypeOf((*map[string]FirewallRule)(nil))
}
func (o FirewallRuleMapOutput) ToFirewallRuleMapOutput() FirewallRuleMapOutput {
return o
}
func (o FirewallRuleMapOutput) ToFirewallRuleMapOutputWithContext(ctx context.Context) FirewallRuleMapOutput {
return o
}
func (o FirewallRuleMapOutput) MapIndex(k pulumi.StringInput) FirewallRuleOutput {
return pulumi.All(o, k).ApplyT(func(vs []interface{}) FirewallRule {
return vs[0].(map[string]FirewallRule)[vs[1].(string)]
}).(FirewallRuleOutput)
}
func init() {
pulumi.RegisterOutputType(FirewallRuleOutput{})
pulumi.RegisterOutputType(FirewallRulePtrOutput{})
pulumi.RegisterOutputType(FirewallRuleArrayOutput{})
pulumi.RegisterOutputType(FirewallRuleMapOutput{})
}