Skip to content

Commit

Permalink
make docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@jacobbednarz
jacobbednarz committed Sep 27, 2024
1 parent a58a345 commit 5bd631a
Show file tree
Hide file tree
Showing 5 changed files with 170 additions and 3 deletions.
42 changes: 41 additions & 1 deletion docs/resources/access_application.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,25 @@ resource "cloudflare_access_application" "staging_app" {
max_age = 10
}
}
# Infrastructure application configuration
resource "cloudflare_zero_trust_access_application" "infra-app-example" {
account_id = "0da42c8d2132a9ddaf714f9e7c920711"
name = "infra-app"
type = "infrastructure"
target_criteria {
port = 22
protocol = "SSH"
target_attributes {
name = "hostname"
values = ["tfgo-tests-useast", "tfgo-tests-uswest"]
}
}
# specify existing access policies by id
policies = []
}
```
<!-- schema generated by tfplugindocs -->
## Schema
Expand Down Expand Up @@ -90,7 +109,8 @@ resource "cloudflare_access_application" "staging_app" {
- `skip_app_launcher_login_page` (Boolean) Option to skip the App Launcher landing page. Defaults to `false`.
- `skip_interstitial` (Boolean) Option to skip the authorization interstitial when using the CLI. Defaults to `false`.
- `tags` (Set of String) The itags associated with the application.
- `type` (String) The application type. Available values: `app_launcher`, `bookmark`, `biso`, `dash_sso`, `saas`, `self_hosted`, `ssh`, `vnc`, `warp`. Defaults to `self_hosted`.
- `target_criteria` (Block List) A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned. (see [below for nested schema](#nestedblock--target_criteria))
- `type` (String) The application type. Available values: `app_launcher`, `bookmark`, `biso`, `dash_sso`, `saas`, `self_hosted`, `ssh`, `vnc`, `warp`, `infrastructure`. Defaults to `self_hosted`.
- `zone_id` (String) The zone identifier to target for the resource. Conflicts with `account_id`.

### Read-Only
Expand Down Expand Up @@ -294,6 +314,26 @@ Optional:
- `delete` (Boolean) Whether or not this mapping applies to DELETE operations.
- `update` (Boolean) Whether or not this mapping applies to update (PATCH/PUT) operations.




<a id="nestedblock--target_criteria"></a>
### Nested Schema for `target_criteria`

Required:

- `port` (Number) The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
- `protocol` (String) The communication protocol your application secures.
- `target_attributes` (Block List, Min: 1) Contains a map of target attribute keys to target attribute values. (see [below for nested schema](#nestedblock--target_criteria--target_attributes))

<a id="nestedblock--target_criteria--target_attributes"></a>
### Nested Schema for `target_criteria.target_attributes`

Required:

- `name` (String) The key of the attribute.
- `values` (List of String) The values of the attribute.

## Import

Import is supported using the following syntax:
Expand Down
55 changes: 55 additions & 0 deletions docs/resources/access_policy.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,44 @@ resource "cloudflare_access_policy" "test_policy" {
ip = [var.office_ip]
}
}
# Access policy for an infrastructure application
resource "cloudflare_access_policy" "infra-app-example-allow" {
application_id = cloudflare_zero_trust_access_application.infra-app-example.id
account_id = "0da42c8d2132a9ddaf714f9e7c920711"
name = "infra-app-example-allow"
decision = "allow"
precedence = 1
include {
email = ["[email protected]"]
}
connection_rules {
ssh {
usernames = ["ec2-user"]
}
}
}
# Infrastructure application configuration for infra-app-example-allow
resource "cloudflare_zero_trust_access_application" "infra-app-example" {
account_id = "0da42c8d2132a9ddaf714f9e7c920711"
name = "infra-app"
type = "infrastructure"
target_criteria {
port = 22
protocol = "SSH"
target_attributes {
name = "hostname"
values = ["tfgo-tests-useast", "tfgo-tests-uswest"]
}
}
# specify existing access policies by id
policies = []
}
```
<!-- schema generated by tfplugindocs -->
## Schema
Expand All @@ -70,6 +108,7 @@ resource "cloudflare_access_policy" "test_policy" {
- `application_id` (String) The ID of the application the policy is associated with. Required when using `precedence`. **Modifying this attribute will force creation of a new resource.**
- `approval_group` (Block List) (see [below for nested schema](#nestedblock--approval_group))
- `approval_required` (Boolean)
- `connection_rules` (Block List, Max: 1) The rules that define how users may connect to the targets secured by your application. (see [below for nested schema](#nestedblock--connection_rules))
- `exclude` (Block List) A series of access conditions, see [Access Groups](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/access_group#conditions). (see [below for nested schema](#nestedblock--exclude))
- `isolation_required` (Boolean) Require this application to be served in an isolated browser for users matching this policy.
- `precedence` (Number) The unique precedence for policies on a single application. Required when using `application_id`.
Expand Down Expand Up @@ -192,6 +231,22 @@ Optional:
- `email_list_uuid` (String)


<a id="nestedblock--connection_rules"></a>
### Nested Schema for `connection_rules`

Required:

- `ssh` (Block List, Min: 1, Max: 1) The SSH-specific rules that define how users may connect to the targets secured by your application. (see [below for nested schema](#nestedblock--connection_rules--ssh))

<a id="nestedblock--connection_rules--ssh"></a>
### Nested Schema for `connection_rules.ssh`

Required:

- `usernames` (List of String) Contains the Unix usernames that may be used when connecting over SSH.



<a id="nestedblock--exclude"></a>
### Nested Schema for `exclude`

Expand Down
36 changes: 35 additions & 1 deletion docs/resources/infrastructure_access_target.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,35 @@ description: |-

The [Infrastructure Access Target](https://developers.cloudflare.com/cloudflare-one/insights/risk-score/) resource allows you to configure Cloudflare Risk Behaviors for an account.


## Example Usage

```terraform
resource "cloudflare_infrastructure_access_target" "example" {
account_id = "f037e56e89293a057740de681ac9abbe"
hostname = "example-target"
ip = {
ipv4 = {
ip_addr = "210.26.29.230"
virtual_network_id = "238dccd1-149b-463d-8228-560ab83a54fd"
}
ipv6 = {
ip_addr = "24c0:64e8:f0b4:8dbf:7104:72b0:ef8f:f5e0"
virtual_network_id = "238dccd1-149b-463d-8228-560ab83a54fd"
}
}
}
resource "cloudflare_infrastructure_access_target" "ipv4_only_example" {
account_id = "f037e56e89293a057740de681ac9abbe"
hostname = "example-ipv4-only"
ip = {
ipv4 = {
ip_addr = "210.26.29.230"
virtual_network_id = "238dccd1-149b-463d-8228-560ab83a54fd"
}
}
}
```
<!-- schema generated by tfplugindocs -->
## Schema

Expand Down Expand Up @@ -50,4 +78,10 @@ Required:
- `ip_addr` (String) The IP address of the target.
- `virtual_network_id` (String) The private virtual network identifier for the target.

## Import

Import is supported using the following syntax:

```shell
$ terraform import cloudflare_infrastructure_access_target.example <account_id>
```
23 changes: 22 additions & 1 deletion docs/resources/zero_trust_access_application.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,8 @@ resource "cloudflare_zero_trust_access_application" "staging_app" {
- `skip_app_launcher_login_page` (Boolean) Option to skip the App Launcher landing page. Defaults to `false`.
- `skip_interstitial` (Boolean) Option to skip the authorization interstitial when using the CLI. Defaults to `false`.
- `tags` (Set of String) The itags associated with the application.
- `type` (String) The application type. Available values: `app_launcher`, `bookmark`, `biso`, `dash_sso`, `saas`, `self_hosted`, `ssh`, `vnc`, `warp`. Defaults to `self_hosted`.
- `target_criteria` (Block List) A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or filter the resources to be provisioned. (see [below for nested schema](#nestedblock--target_criteria))
- `type` (String) The application type. Available values: `app_launcher`, `bookmark`, `biso`, `dash_sso`, `saas`, `self_hosted`, `ssh`, `vnc`, `warp`, `infrastructure`. Defaults to `self_hosted`.
- `zone_id` (String) The zone identifier to target for the resource. Conflicts with `account_id`.

### Read-Only
Expand Down Expand Up @@ -294,6 +295,26 @@ Optional:
- `delete` (Boolean) Whether or not this mapping applies to DELETE operations.
- `update` (Boolean) Whether or not this mapping applies to update (PATCH/PUT) operations.




<a id="nestedblock--target_criteria"></a>
### Nested Schema for `target_criteria`

Required:

- `port` (Number) The port that the targets use for the chosen communication protocol. A port cannot be assigned to multiple protocols.
- `protocol` (String) The communication protocol your application secures.
- `target_attributes` (Block List, Min: 1) Contains a map of target attribute keys to target attribute values. (see [below for nested schema](#nestedblock--target_criteria--target_attributes))

<a id="nestedblock--target_criteria--target_attributes"></a>
### Nested Schema for `target_criteria.target_attributes`

Required:

- `name` (String) The key of the attribute.
- `values` (List of String) The values of the attribute.

## Import

Import is supported using the following syntax:
Expand Down
17 changes: 17 additions & 0 deletions docs/resources/zero_trust_access_policy.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ resource "cloudflare_zero_trust_access_policy" "test_policy" {
- `application_id` (String) The ID of the application the policy is associated with. Required when using `precedence`. **Modifying this attribute will force creation of a new resource.**
- `approval_group` (Block List) (see [below for nested schema](#nestedblock--approval_group))
- `approval_required` (Boolean)
- `connection_rules` (Block List, Max: 1) The rules that define how users may connect to the targets secured by your application. (see [below for nested schema](#nestedblock--connection_rules))
- `exclude` (Block List) A series of access conditions, see [Access Groups](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/access_group#conditions). (see [below for nested schema](#nestedblock--exclude))
- `isolation_required` (Boolean) Require this application to be served in an isolated browser for users matching this policy.
- `precedence` (Number) The unique precedence for policies on a single application. Required when using `application_id`.
Expand Down Expand Up @@ -192,6 +193,22 @@ Optional:
- `email_list_uuid` (String)


<a id="nestedblock--connection_rules"></a>
### Nested Schema for `connection_rules`

Required:

- `ssh` (Block List, Min: 1, Max: 1) The SSH-specific rules that define how users may connect to the targets secured by your application. (see [below for nested schema](#nestedblock--connection_rules--ssh))

<a id="nestedblock--connection_rules--ssh"></a>
### Nested Schema for `connection_rules.ssh`

Required:

- `usernames` (List of String) Contains the Unix usernames that may be used when connecting over SSH.



<a id="nestedblock--exclude"></a>
### Nested Schema for `exclude`

Expand Down

0 comments on commit 5bd631a

Please sign in to comment.