1. Packages
  2. Cloudflare Provider
  3. API Docs
  4. ZeroTrustGatewayPolicy
Cloudflare v5.43.0 published on Wednesday, Nov 13, 2024 by Pulumi

cloudflare.ZeroTrustGatewayPolicy

Explore with Pulumi AI

cloudflare logo
Cloudflare v5.43.0 published on Wednesday, Nov 13, 2024 by Pulumi

    Provides a Cloudflare Teams rule resource. Teams rules comprise secure web gateway policies.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as cloudflare from "@pulumi/cloudflare";
    
    const example = new cloudflare.ZeroTrustGatewayPolicy("example", {
        accountId: "f037e56e89293a057740de681ac9abbe",
        name: "office",
        description: "desc",
        precedence: 1,
        action: "block",
        filters: ["http"],
        traffic: "http.request.uri == \"https://www.example.com/malicious\"",
        ruleSettings: {
            blockPageEnabled: true,
            blockPageReason: "access not permitted",
        },
    });
    
    import pulumi
    import pulumi_cloudflare as cloudflare
    
    example = cloudflare.ZeroTrustGatewayPolicy("example",
        account_id="f037e56e89293a057740de681ac9abbe",
        name="office",
        description="desc",
        precedence=1,
        action="block",
        filters=["http"],
        traffic="http.request.uri == \"https://www.example.com/malicious\"",
        rule_settings={
            "block_page_enabled": True,
            "block_page_reason": "access not permitted",
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := cloudflare.NewZeroTrustGatewayPolicy(ctx, "example", &cloudflare.ZeroTrustGatewayPolicyArgs{
    			AccountId:   pulumi.String("f037e56e89293a057740de681ac9abbe"),
    			Name:        pulumi.String("office"),
    			Description: pulumi.String("desc"),
    			Precedence:  pulumi.Int(1),
    			Action:      pulumi.String("block"),
    			Filters: pulumi.StringArray{
    				pulumi.String("http"),
    			},
    			Traffic: pulumi.String("http.request.uri == \"https://www.example.com/malicious\""),
    			RuleSettings: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsArgs{
    				BlockPageEnabled: pulumi.Bool(true),
    				BlockPageReason:  pulumi.String("access not permitted"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Cloudflare = Pulumi.Cloudflare;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Cloudflare.ZeroTrustGatewayPolicy("example", new()
        {
            AccountId = "f037e56e89293a057740de681ac9abbe",
            Name = "office",
            Description = "desc",
            Precedence = 1,
            Action = "block",
            Filters = new[]
            {
                "http",
            },
            Traffic = "http.request.uri == \"https://www.example.com/malicious\"",
            RuleSettings = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsArgs
            {
                BlockPageEnabled = true,
                BlockPageReason = "access not permitted",
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.cloudflare.ZeroTrustGatewayPolicy;
    import com.pulumi.cloudflare.ZeroTrustGatewayPolicyArgs;
    import com.pulumi.cloudflare.inputs.ZeroTrustGatewayPolicyRuleSettingsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ZeroTrustGatewayPolicy("example", ZeroTrustGatewayPolicyArgs.builder()
                .accountId("f037e56e89293a057740de681ac9abbe")
                .name("office")
                .description("desc")
                .precedence(1)
                .action("block")
                .filters("http")
                .traffic("http.request.uri == \"https://www.example.com/malicious\"")
                .ruleSettings(ZeroTrustGatewayPolicyRuleSettingsArgs.builder()
                    .blockPageEnabled(true)
                    .blockPageReason("access not permitted")
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: cloudflare:ZeroTrustGatewayPolicy
        properties:
          accountId: f037e56e89293a057740de681ac9abbe
          name: office
          description: desc
          precedence: 1
          action: block
          filters:
            - http
          traffic: http.request.uri == "https://www.example.com/malicious"
          ruleSettings:
            blockPageEnabled: true
            blockPageReason: access not permitted
    

    Create ZeroTrustGatewayPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ZeroTrustGatewayPolicy(name: string, args: ZeroTrustGatewayPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def ZeroTrustGatewayPolicy(resource_name: str,
                               args: ZeroTrustGatewayPolicyArgs,
                               opts: Optional[ResourceOptions] = None)
    
    @overload
    def ZeroTrustGatewayPolicy(resource_name: str,
                               opts: Optional[ResourceOptions] = None,
                               account_id: Optional[str] = None,
                               action: Optional[str] = None,
                               description: Optional[str] = None,
                               name: Optional[str] = None,
                               precedence: Optional[int] = None,
                               device_posture: Optional[str] = None,
                               enabled: Optional[bool] = None,
                               filters: Optional[Sequence[str]] = None,
                               identity: Optional[str] = None,
                               rule_settings: Optional[ZeroTrustGatewayPolicyRuleSettingsArgs] = None,
                               traffic: Optional[str] = None)
    func NewZeroTrustGatewayPolicy(ctx *Context, name string, args ZeroTrustGatewayPolicyArgs, opts ...ResourceOption) (*ZeroTrustGatewayPolicy, error)
    public ZeroTrustGatewayPolicy(string name, ZeroTrustGatewayPolicyArgs args, CustomResourceOptions? opts = null)
    public ZeroTrustGatewayPolicy(String name, ZeroTrustGatewayPolicyArgs args)
    public ZeroTrustGatewayPolicy(String name, ZeroTrustGatewayPolicyArgs args, CustomResourceOptions options)
    
    type: cloudflare:ZeroTrustGatewayPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ZeroTrustGatewayPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ZeroTrustGatewayPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ZeroTrustGatewayPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ZeroTrustGatewayPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ZeroTrustGatewayPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var zeroTrustGatewayPolicyResource = new Cloudflare.ZeroTrustGatewayPolicy("zeroTrustGatewayPolicyResource", new()
    {
        AccountId = "string",
        Action = "string",
        Description = "string",
        Name = "string",
        Precedence = 0,
        DevicePosture = "string",
        Enabled = false,
        Filters = new[]
        {
            "string",
        },
        Identity = "string",
        RuleSettings = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsArgs
        {
            AddHeaders = 
            {
                { "string", "string" },
            },
            AllowChildBypass = false,
            AuditSsh = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsAuditSshArgs
            {
                CommandLogging = false,
            },
            BisoAdminControls = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsBisoAdminControlsArgs
            {
                DisableClipboardRedirection = false,
                DisableCopyPaste = false,
                DisableDownload = false,
                DisableKeyboard = false,
                DisablePrinting = false,
                DisableUpload = false,
            },
            BlockPageEnabled = false,
            BlockPageReason = "string",
            BypassParentRule = false,
            CheckSession = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsCheckSessionArgs
            {
                Duration = "string",
                Enforce = false,
            },
            DnsResolvers = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsDnsResolversArgs
            {
                Ipv4s = new[]
                {
                    new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4Args
                    {
                        Ip = "string",
                        Port = 0,
                        RouteThroughPrivateNetwork = false,
                        VnetId = "string",
                    },
                },
                Ipv6s = new[]
                {
                    new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6Args
                    {
                        Ip = "string",
                        Port = 0,
                        RouteThroughPrivateNetwork = false,
                        VnetId = "string",
                    },
                },
            },
            Egress = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsEgressArgs
            {
                Ipv4 = "string",
                Ipv6 = "string",
                Ipv4Fallback = "string",
            },
            IgnoreCnameCategoryMatches = false,
            InsecureDisableDnssecValidation = false,
            IpCategories = false,
            L4override = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsL4overrideArgs
            {
                Ip = "string",
                Port = 0,
            },
            NotificationSettings = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsNotificationSettingsArgs
            {
                Enabled = false,
                Message = "string",
                SupportUrl = "string",
            },
            OverrideHost = "string",
            OverrideIps = new[]
            {
                "string",
            },
            PayloadLog = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsPayloadLogArgs
            {
                Enabled = false,
            },
            ResolveDnsThroughCloudflare = false,
            UntrustedCert = new Cloudflare.Inputs.ZeroTrustGatewayPolicyRuleSettingsUntrustedCertArgs
            {
                Action = "string",
            },
        },
        Traffic = "string",
    });
    
    example, err := cloudflare.NewZeroTrustGatewayPolicy(ctx, "zeroTrustGatewayPolicyResource", &cloudflare.ZeroTrustGatewayPolicyArgs{
    	AccountId:     pulumi.String("string"),
    	Action:        pulumi.String("string"),
    	Description:   pulumi.String("string"),
    	Name:          pulumi.String("string"),
    	Precedence:    pulumi.Int(0),
    	DevicePosture: pulumi.String("string"),
    	Enabled:       pulumi.Bool(false),
    	Filters: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Identity: pulumi.String("string"),
    	RuleSettings: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsArgs{
    		AddHeaders: pulumi.StringMap{
    			"string": pulumi.String("string"),
    		},
    		AllowChildBypass: pulumi.Bool(false),
    		AuditSsh: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsAuditSshArgs{
    			CommandLogging: pulumi.Bool(false),
    		},
    		BisoAdminControls: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsBisoAdminControlsArgs{
    			DisableClipboardRedirection: pulumi.Bool(false),
    			DisableCopyPaste:            pulumi.Bool(false),
    			DisableDownload:             pulumi.Bool(false),
    			DisableKeyboard:             pulumi.Bool(false),
    			DisablePrinting:             pulumi.Bool(false),
    			DisableUpload:               pulumi.Bool(false),
    		},
    		BlockPageEnabled: pulumi.Bool(false),
    		BlockPageReason:  pulumi.String("string"),
    		BypassParentRule: pulumi.Bool(false),
    		CheckSession: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsCheckSessionArgs{
    			Duration: pulumi.String("string"),
    			Enforce:  pulumi.Bool(false),
    		},
    		DnsResolvers: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsDnsResolversArgs{
    			Ipv4s: cloudflare.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4Array{
    				&cloudflare.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4Args{
    					Ip:                         pulumi.String("string"),
    					Port:                       pulumi.Int(0),
    					RouteThroughPrivateNetwork: pulumi.Bool(false),
    					VnetId:                     pulumi.String("string"),
    				},
    			},
    			Ipv6s: cloudflare.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6Array{
    				&cloudflare.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6Args{
    					Ip:                         pulumi.String("string"),
    					Port:                       pulumi.Int(0),
    					RouteThroughPrivateNetwork: pulumi.Bool(false),
    					VnetId:                     pulumi.String("string"),
    				},
    			},
    		},
    		Egress: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsEgressArgs{
    			Ipv4:         pulumi.String("string"),
    			Ipv6:         pulumi.String("string"),
    			Ipv4Fallback: pulumi.String("string"),
    		},
    		IgnoreCnameCategoryMatches:      pulumi.Bool(false),
    		InsecureDisableDnssecValidation: pulumi.Bool(false),
    		IpCategories:                    pulumi.Bool(false),
    		L4override: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsL4overrideArgs{
    			Ip:   pulumi.String("string"),
    			Port: pulumi.Int(0),
    		},
    		NotificationSettings: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsNotificationSettingsArgs{
    			Enabled:    pulumi.Bool(false),
    			Message:    pulumi.String("string"),
    			SupportUrl: pulumi.String("string"),
    		},
    		OverrideHost: pulumi.String("string"),
    		OverrideIps: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		PayloadLog: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsPayloadLogArgs{
    			Enabled: pulumi.Bool(false),
    		},
    		ResolveDnsThroughCloudflare: pulumi.Bool(false),
    		UntrustedCert: &cloudflare.ZeroTrustGatewayPolicyRuleSettingsUntrustedCertArgs{
    			Action: pulumi.String("string"),
    		},
    	},
    	Traffic: pulumi.String("string"),
    })
    
    var zeroTrustGatewayPolicyResource = new ZeroTrustGatewayPolicy("zeroTrustGatewayPolicyResource", ZeroTrustGatewayPolicyArgs.builder()
        .accountId("string")
        .action("string")
        .description("string")
        .name("string")
        .precedence(0)
        .devicePosture("string")
        .enabled(false)
        .filters("string")
        .identity("string")
        .ruleSettings(ZeroTrustGatewayPolicyRuleSettingsArgs.builder()
            .addHeaders(Map.of("string", "string"))
            .allowChildBypass(false)
            .auditSsh(ZeroTrustGatewayPolicyRuleSettingsAuditSshArgs.builder()
                .commandLogging(false)
                .build())
            .bisoAdminControls(ZeroTrustGatewayPolicyRuleSettingsBisoAdminControlsArgs.builder()
                .disableClipboardRedirection(false)
                .disableCopyPaste(false)
                .disableDownload(false)
                .disableKeyboard(false)
                .disablePrinting(false)
                .disableUpload(false)
                .build())
            .blockPageEnabled(false)
            .blockPageReason("string")
            .bypassParentRule(false)
            .checkSession(ZeroTrustGatewayPolicyRuleSettingsCheckSessionArgs.builder()
                .duration("string")
                .enforce(false)
                .build())
            .dnsResolvers(ZeroTrustGatewayPolicyRuleSettingsDnsResolversArgs.builder()
                .ipv4s(ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4Args.builder()
                    .ip("string")
                    .port(0)
                    .routeThroughPrivateNetwork(false)
                    .vnetId("string")
                    .build())
                .ipv6s(ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6Args.builder()
                    .ip("string")
                    .port(0)
                    .routeThroughPrivateNetwork(false)
                    .vnetId("string")
                    .build())
                .build())
            .egress(ZeroTrustGatewayPolicyRuleSettingsEgressArgs.builder()
                .ipv4("string")
                .ipv6("string")
                .ipv4Fallback("string")
                .build())
            .ignoreCnameCategoryMatches(false)
            .insecureDisableDnssecValidation(false)
            .ipCategories(false)
            .l4override(ZeroTrustGatewayPolicyRuleSettingsL4overrideArgs.builder()
                .ip("string")
                .port(0)
                .build())
            .notificationSettings(ZeroTrustGatewayPolicyRuleSettingsNotificationSettingsArgs.builder()
                .enabled(false)
                .message("string")
                .supportUrl("string")
                .build())
            .overrideHost("string")
            .overrideIps("string")
            .payloadLog(ZeroTrustGatewayPolicyRuleSettingsPayloadLogArgs.builder()
                .enabled(false)
                .build())
            .resolveDnsThroughCloudflare(false)
            .untrustedCert(ZeroTrustGatewayPolicyRuleSettingsUntrustedCertArgs.builder()
                .action("string")
                .build())
            .build())
        .traffic("string")
        .build());
    
    zero_trust_gateway_policy_resource = cloudflare.ZeroTrustGatewayPolicy("zeroTrustGatewayPolicyResource",
        account_id="string",
        action="string",
        description="string",
        name="string",
        precedence=0,
        device_posture="string",
        enabled=False,
        filters=["string"],
        identity="string",
        rule_settings={
            "add_headers": {
                "string": "string",
            },
            "allow_child_bypass": False,
            "audit_ssh": {
                "command_logging": False,
            },
            "biso_admin_controls": {
                "disable_clipboard_redirection": False,
                "disable_copy_paste": False,
                "disable_download": False,
                "disable_keyboard": False,
                "disable_printing": False,
                "disable_upload": False,
            },
            "block_page_enabled": False,
            "block_page_reason": "string",
            "bypass_parent_rule": False,
            "check_session": {
                "duration": "string",
                "enforce": False,
            },
            "dns_resolvers": {
                "ipv4s": [{
                    "ip": "string",
                    "port": 0,
                    "route_through_private_network": False,
                    "vnet_id": "string",
                }],
                "ipv6s": [{
                    "ip": "string",
                    "port": 0,
                    "route_through_private_network": False,
                    "vnet_id": "string",
                }],
            },
            "egress": {
                "ipv4": "string",
                "ipv6": "string",
                "ipv4_fallback": "string",
            },
            "ignore_cname_category_matches": False,
            "insecure_disable_dnssec_validation": False,
            "ip_categories": False,
            "l4override": {
                "ip": "string",
                "port": 0,
            },
            "notification_settings": {
                "enabled": False,
                "message": "string",
                "support_url": "string",
            },
            "override_host": "string",
            "override_ips": ["string"],
            "payload_log": {
                "enabled": False,
            },
            "resolve_dns_through_cloudflare": False,
            "untrusted_cert": {
                "action": "string",
            },
        },
        traffic="string")
    
    const zeroTrustGatewayPolicyResource = new cloudflare.ZeroTrustGatewayPolicy("zeroTrustGatewayPolicyResource", {
        accountId: "string",
        action: "string",
        description: "string",
        name: "string",
        precedence: 0,
        devicePosture: "string",
        enabled: false,
        filters: ["string"],
        identity: "string",
        ruleSettings: {
            addHeaders: {
                string: "string",
            },
            allowChildBypass: false,
            auditSsh: {
                commandLogging: false,
            },
            bisoAdminControls: {
                disableClipboardRedirection: false,
                disableCopyPaste: false,
                disableDownload: false,
                disableKeyboard: false,
                disablePrinting: false,
                disableUpload: false,
            },
            blockPageEnabled: false,
            blockPageReason: "string",
            bypassParentRule: false,
            checkSession: {
                duration: "string",
                enforce: false,
            },
            dnsResolvers: {
                ipv4s: [{
                    ip: "string",
                    port: 0,
                    routeThroughPrivateNetwork: false,
                    vnetId: "string",
                }],
                ipv6s: [{
                    ip: "string",
                    port: 0,
                    routeThroughPrivateNetwork: false,
                    vnetId: "string",
                }],
            },
            egress: {
                ipv4: "string",
                ipv6: "string",
                ipv4Fallback: "string",
            },
            ignoreCnameCategoryMatches: false,
            insecureDisableDnssecValidation: false,
            ipCategories: false,
            l4override: {
                ip: "string",
                port: 0,
            },
            notificationSettings: {
                enabled: false,
                message: "string",
                supportUrl: "string",
            },
            overrideHost: "string",
            overrideIps: ["string"],
            payloadLog: {
                enabled: false,
            },
            resolveDnsThroughCloudflare: false,
            untrustedCert: {
                action: "string",
            },
        },
        traffic: "string",
    });
    
    type: cloudflare:ZeroTrustGatewayPolicy
    properties:
        accountId: string
        action: string
        description: string
        devicePosture: string
        enabled: false
        filters:
            - string
        identity: string
        name: string
        precedence: 0
        ruleSettings:
            addHeaders:
                string: string
            allowChildBypass: false
            auditSsh:
                commandLogging: false
            bisoAdminControls:
                disableClipboardRedirection: false
                disableCopyPaste: false
                disableDownload: false
                disableKeyboard: false
                disablePrinting: false
                disableUpload: false
            blockPageEnabled: false
            blockPageReason: string
            bypassParentRule: false
            checkSession:
                duration: string
                enforce: false
            dnsResolvers:
                ipv4s:
                    - ip: string
                      port: 0
                      routeThroughPrivateNetwork: false
                      vnetId: string
                ipv6s:
                    - ip: string
                      port: 0
                      routeThroughPrivateNetwork: false
                      vnetId: string
            egress:
                ipv4: string
                ipv4Fallback: string
                ipv6: string
            ignoreCnameCategoryMatches: false
            insecureDisableDnssecValidation: false
            ipCategories: false
            l4override:
                ip: string
                port: 0
            notificationSettings:
                enabled: false
                message: string
                supportUrl: string
            overrideHost: string
            overrideIps:
                - string
            payloadLog:
                enabled: false
            resolveDnsThroughCloudflare: false
            untrustedCert:
                action: string
        traffic: string
    

    ZeroTrustGatewayPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ZeroTrustGatewayPolicy resource accepts the following input properties:

    AccountId string
    The account identifier to target for the resource.
    Action string
    The action executed by matched teams rule. Available values: allow, block, safesearch, ytrestricted, on, off, scan, noscan, isolate, noisolate, override, l4_override, egress, audit_ssh, resolve.
    Description string
    The description of the teams rule.
    Name string
    The name of the teams rule.
    Precedence int
    The evaluation precedence of the teams rule.
    DevicePosture string
    The wirefilter expression to be used for device_posture check matching.
    Enabled bool
    Indicator of rule enablement.
    Filters List<string>
    The protocol or layer to evaluate the traffic and identity expressions.
    Identity string
    The wirefilter expression to be used for identity matching.
    RuleSettings ZeroTrustGatewayPolicyRuleSettings
    Additional rule settings.
    Traffic string
    The wirefilter expression to be used for traffic matching.
    AccountId string
    The account identifier to target for the resource.
    Action string
    The action executed by matched teams rule. Available values: allow, block, safesearch, ytrestricted, on, off, scan, noscan, isolate, noisolate, override, l4_override, egress, audit_ssh, resolve.
    Description string
    The description of the teams rule.
    Name string
    The name of the teams rule.
    Precedence int
    The evaluation precedence of the teams rule.
    DevicePosture string
    The wirefilter expression to be used for device_posture check matching.
    Enabled bool
    Indicator of rule enablement.
    Filters []string
    The protocol or layer to evaluate the traffic and identity expressions.
    Identity string
    The wirefilter expression to be used for identity matching.
    RuleSettings ZeroTrustGatewayPolicyRuleSettingsArgs
    Additional rule settings.
    Traffic string
    The wirefilter expression to be used for traffic matching.
    accountId String
    The account identifier to target for the resource.
    action String
    The action executed by matched teams rule. Available values: allow, block, safesearch, ytrestricted, on, off, scan, noscan, isolate, noisolate, override, l4_override, egress, audit_ssh, resolve.
    description String
    The description of the teams rule.
    name String
    The name of the teams rule.
    precedence Integer
    The evaluation precedence of the teams rule.
    devicePosture String
    The wirefilter expression to be used for device_posture check matching.
    enabled Boolean
    Indicator of rule enablement.
    filters List<String>
    The protocol or layer to evaluate the traffic and identity expressions.
    identity String
    The wirefilter expression to be used for identity matching.
    ruleSettings ZeroTrustGatewayPolicyRuleSettings
    Additional rule settings.
    traffic String
    The wirefilter expression to be used for traffic matching.
    accountId string
    The account identifier to target for the resource.
    action string
    The action executed by matched teams rule. Available values: allow, block, safesearch, ytrestricted, on, off, scan, noscan, isolate, noisolate, override, l4_override, egress, audit_ssh, resolve.
    description string
    The description of the teams rule.
    name string
    The name of the teams rule.
    precedence number
    The evaluation precedence of the teams rule.
    devicePosture string
    The wirefilter expression to be used for device_posture check matching.
    enabled boolean
    Indicator of rule enablement.
    filters string[]
    The protocol or layer to evaluate the traffic and identity expressions.
    identity string
    The wirefilter expression to be used for identity matching.
    ruleSettings ZeroTrustGatewayPolicyRuleSettings
    Additional rule settings.
    traffic string
    The wirefilter expression to be used for traffic matching.
    account_id str
    The account identifier to target for the resource.
    action str
    The action executed by matched teams rule. Available values: allow, block, safesearch, ytrestricted, on, off, scan, noscan, isolate, noisolate, override, l4_override, egress, audit_ssh, resolve.
    description str
    The description of the teams rule.
    name str
    The name of the teams rule.
    precedence int
    The evaluation precedence of the teams rule.
    device_posture str
    The wirefilter expression to be used for device_posture check matching.
    enabled bool
    Indicator of rule enablement.
    filters Sequence[str]
    The protocol or layer to evaluate the traffic and identity expressions.
    identity str
    The wirefilter expression to be used for identity matching.
    rule_settings ZeroTrustGatewayPolicyRuleSettingsArgs
    Additional rule settings.
    traffic str
    The wirefilter expression to be used for traffic matching.
    accountId String
    The account identifier to target for the resource.
    action String
    The action executed by matched teams rule. Available values: allow, block, safesearch, ytrestricted, on, off, scan, noscan, isolate, noisolate, override, l4_override, egress, audit_ssh, resolve.
    description String
    The description of the teams rule.
    name String
    The name of the teams rule.
    precedence Number
    The evaluation precedence of the teams rule.
    devicePosture String
    The wirefilter expression to be used for device_posture check matching.
    enabled Boolean
    Indicator of rule enablement.
    filters List<String>
    The protocol or layer to evaluate the traffic and identity expressions.
    identity String
    The wirefilter expression to be used for identity matching.
    ruleSettings Property Map
    Additional rule settings.
    traffic String
    The wirefilter expression to be used for traffic matching.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ZeroTrustGatewayPolicy resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Version int
    Id string
    The provider-assigned unique ID for this managed resource.
    Version int
    id String
    The provider-assigned unique ID for this managed resource.
    version Integer
    id string
    The provider-assigned unique ID for this managed resource.
    version number
    id str
    The provider-assigned unique ID for this managed resource.
    version int
    id String
    The provider-assigned unique ID for this managed resource.
    version Number

    Look up Existing ZeroTrustGatewayPolicy Resource

    Get an existing ZeroTrustGatewayPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ZeroTrustGatewayPolicyState, opts?: CustomResourceOptions): ZeroTrustGatewayPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            account_id: Optional[str] = None,
            action: Optional[str] = None,
            description: Optional[str] = None,
            device_posture: Optional[str] = None,
            enabled: Optional[bool] = None,
            filters: Optional[Sequence[str]] = None,
            identity: Optional[str] = None,
            name: Optional[str] = None,
            precedence: Optional[int] = None,
            rule_settings: Optional[ZeroTrustGatewayPolicyRuleSettingsArgs] = None,
            traffic: Optional[str] = None,
            version: Optional[int] = None) -> ZeroTrustGatewayPolicy
    func GetZeroTrustGatewayPolicy(ctx *Context, name string, id IDInput, state *ZeroTrustGatewayPolicyState, opts ...ResourceOption) (*ZeroTrustGatewayPolicy, error)
    public static ZeroTrustGatewayPolicy Get(string name, Input<string> id, ZeroTrustGatewayPolicyState? state, CustomResourceOptions? opts = null)
    public static ZeroTrustGatewayPolicy get(String name, Output<String> id, ZeroTrustGatewayPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccountId string
    The account identifier to target for the resource.
    Action string
    The action executed by matched teams rule. Available values: allow, block, safesearch, ytrestricted, on, off, scan, noscan, isolate, noisolate, override, l4_override, egress, audit_ssh, resolve.
    Description string
    The description of the teams rule.
    DevicePosture string
    The wirefilter expression to be used for device_posture check matching.
    Enabled bool
    Indicator of rule enablement.
    Filters List<string>
    The protocol or layer to evaluate the traffic and identity expressions.
    Identity string
    The wirefilter expression to be used for identity matching.
    Name string
    The name of the teams rule.
    Precedence int
    The evaluation precedence of the teams rule.
    RuleSettings ZeroTrustGatewayPolicyRuleSettings
    Additional rule settings.
    Traffic string
    The wirefilter expression to be used for traffic matching.
    Version int
    AccountId string
    The account identifier to target for the resource.
    Action string
    The action executed by matched teams rule. Available values: allow, block, safesearch, ytrestricted, on, off, scan, noscan, isolate, noisolate, override, l4_override, egress, audit_ssh, resolve.
    Description string
    The description of the teams rule.
    DevicePosture string
    The wirefilter expression to be used for device_posture check matching.
    Enabled bool
    Indicator of rule enablement.
    Filters []string
    The protocol or layer to evaluate the traffic and identity expressions.
    Identity string
    The wirefilter expression to be used for identity matching.
    Name string
    The name of the teams rule.
    Precedence int
    The evaluation precedence of the teams rule.
    RuleSettings ZeroTrustGatewayPolicyRuleSettingsArgs
    Additional rule settings.
    Traffic string
    The wirefilter expression to be used for traffic matching.
    Version int
    accountId String
    The account identifier to target for the resource.
    action String
    The action executed by matched teams rule. Available values: allow, block, safesearch, ytrestricted, on, off, scan, noscan, isolate, noisolate, override, l4_override, egress, audit_ssh, resolve.
    description String
    The description of the teams rule.
    devicePosture String
    The wirefilter expression to be used for device_posture check matching.
    enabled Boolean
    Indicator of rule enablement.
    filters List<String>
    The protocol or layer to evaluate the traffic and identity expressions.
    identity String
    The wirefilter expression to be used for identity matching.
    name String
    The name of the teams rule.
    precedence Integer
    The evaluation precedence of the teams rule.
    ruleSettings ZeroTrustGatewayPolicyRuleSettings
    Additional rule settings.
    traffic String
    The wirefilter expression to be used for traffic matching.
    version Integer
    accountId string
    The account identifier to target for the resource.
    action string
    The action executed by matched teams rule. Available values: allow, block, safesearch, ytrestricted, on, off, scan, noscan, isolate, noisolate, override, l4_override, egress, audit_ssh, resolve.
    description string
    The description of the teams rule.
    devicePosture string
    The wirefilter expression to be used for device_posture check matching.
    enabled boolean
    Indicator of rule enablement.
    filters string[]
    The protocol or layer to evaluate the traffic and identity expressions.
    identity string
    The wirefilter expression to be used for identity matching.
    name string
    The name of the teams rule.
    precedence number
    The evaluation precedence of the teams rule.
    ruleSettings ZeroTrustGatewayPolicyRuleSettings
    Additional rule settings.
    traffic string
    The wirefilter expression to be used for traffic matching.
    version number
    account_id str
    The account identifier to target for the resource.
    action str
    The action executed by matched teams rule. Available values: allow, block, safesearch, ytrestricted, on, off, scan, noscan, isolate, noisolate, override, l4_override, egress, audit_ssh, resolve.
    description str
    The description of the teams rule.
    device_posture str
    The wirefilter expression to be used for device_posture check matching.
    enabled bool
    Indicator of rule enablement.
    filters Sequence[str]
    The protocol or layer to evaluate the traffic and identity expressions.
    identity str
    The wirefilter expression to be used for identity matching.
    name str
    The name of the teams rule.
    precedence int
    The evaluation precedence of the teams rule.
    rule_settings ZeroTrustGatewayPolicyRuleSettingsArgs
    Additional rule settings.
    traffic str
    The wirefilter expression to be used for traffic matching.
    version int
    accountId String
    The account identifier to target for the resource.
    action String
    The action executed by matched teams rule. Available values: allow, block, safesearch, ytrestricted, on, off, scan, noscan, isolate, noisolate, override, l4_override, egress, audit_ssh, resolve.
    description String
    The description of the teams rule.
    devicePosture String
    The wirefilter expression to be used for device_posture check matching.
    enabled Boolean
    Indicator of rule enablement.
    filters List<String>
    The protocol or layer to evaluate the traffic and identity expressions.
    identity String
    The wirefilter expression to be used for identity matching.
    name String
    The name of the teams rule.
    precedence Number
    The evaluation precedence of the teams rule.
    ruleSettings Property Map
    Additional rule settings.
    traffic String
    The wirefilter expression to be used for traffic matching.
    version Number

    Supporting Types

    ZeroTrustGatewayPolicyRuleSettings, ZeroTrustGatewayPolicyRuleSettingsArgs

    AddHeaders Dictionary<string, string>
    Add custom headers to allowed requests in the form of key-value pairs.
    AllowChildBypass bool
    Allow parent MSP accounts to enable bypass their children's rules.
    AuditSsh ZeroTrustGatewayPolicyRuleSettingsAuditSsh
    Settings for auditing SSH usage.
    BisoAdminControls ZeroTrustGatewayPolicyRuleSettingsBisoAdminControls
    Configure how browser isolation behaves.
    BlockPageEnabled bool
    Indicator of block page enablement.
    BlockPageReason string
    The displayed reason for a user being blocked.
    BypassParentRule bool
    Allow child MSP accounts to bypass their parent's rule.
    CheckSession ZeroTrustGatewayPolicyRuleSettingsCheckSession
    Configure how session check behaves.
    DnsResolvers ZeroTrustGatewayPolicyRuleSettingsDnsResolvers
    Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when resolvednsthrough*cloudflare is set. DNS queries will route to the address closest to their origin.
    Egress ZeroTrustGatewayPolicyRuleSettingsEgress
    Configure how Proxy traffic egresses. Can be set for rules with Egress action and Egress filter. Can be omitted to indicate local egress via Warp IPs.
    IgnoreCnameCategoryMatches bool
    Set to true, to ignore the category matches at CNAME domains in a response.
    InsecureDisableDnssecValidation bool
    Disable DNSSEC validation (must be Allow rule).
    IpCategories bool
    Turns on IP category based filter on dns if the rule contains dns category checks.
    L4override ZeroTrustGatewayPolicyRuleSettingsL4override
    Settings to forward layer 4 traffic.
    NotificationSettings ZeroTrustGatewayPolicyRuleSettingsNotificationSettings
    Notification settings on a block rule.
    OverrideHost string
    The host to override matching DNS queries with.
    OverrideIps List<string>
    The IPs to override matching DNS queries with.
    PayloadLog ZeroTrustGatewayPolicyRuleSettingsPayloadLog
    Configure DLP Payload Logging settings for this rule.
    ResolveDnsThroughCloudflare bool
    Enable sending queries that match the resolver policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when dns_resolvers are specified.
    UntrustedCert ZeroTrustGatewayPolicyRuleSettingsUntrustedCert
    Configure untrusted certificate settings for this rule.
    AddHeaders map[string]string
    Add custom headers to allowed requests in the form of key-value pairs.
    AllowChildBypass bool
    Allow parent MSP accounts to enable bypass their children's rules.
    AuditSsh ZeroTrustGatewayPolicyRuleSettingsAuditSsh
    Settings for auditing SSH usage.
    BisoAdminControls ZeroTrustGatewayPolicyRuleSettingsBisoAdminControls
    Configure how browser isolation behaves.
    BlockPageEnabled bool
    Indicator of block page enablement.
    BlockPageReason string
    The displayed reason for a user being blocked.
    BypassParentRule bool
    Allow child MSP accounts to bypass their parent's rule.
    CheckSession ZeroTrustGatewayPolicyRuleSettingsCheckSession
    Configure how session check behaves.
    DnsResolvers ZeroTrustGatewayPolicyRuleSettingsDnsResolvers
    Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when resolvednsthrough*cloudflare is set. DNS queries will route to the address closest to their origin.
    Egress ZeroTrustGatewayPolicyRuleSettingsEgress
    Configure how Proxy traffic egresses. Can be set for rules with Egress action and Egress filter. Can be omitted to indicate local egress via Warp IPs.
    IgnoreCnameCategoryMatches bool
    Set to true, to ignore the category matches at CNAME domains in a response.
    InsecureDisableDnssecValidation bool
    Disable DNSSEC validation (must be Allow rule).
    IpCategories bool
    Turns on IP category based filter on dns if the rule contains dns category checks.
    L4override ZeroTrustGatewayPolicyRuleSettingsL4override
    Settings to forward layer 4 traffic.
    NotificationSettings ZeroTrustGatewayPolicyRuleSettingsNotificationSettings
    Notification settings on a block rule.
    OverrideHost string
    The host to override matching DNS queries with.
    OverrideIps []string
    The IPs to override matching DNS queries with.
    PayloadLog ZeroTrustGatewayPolicyRuleSettingsPayloadLog
    Configure DLP Payload Logging settings for this rule.
    ResolveDnsThroughCloudflare bool
    Enable sending queries that match the resolver policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when dns_resolvers are specified.
    UntrustedCert ZeroTrustGatewayPolicyRuleSettingsUntrustedCert
    Configure untrusted certificate settings for this rule.
    addHeaders Map<String,String>
    Add custom headers to allowed requests in the form of key-value pairs.
    allowChildBypass Boolean
    Allow parent MSP accounts to enable bypass their children's rules.
    auditSsh ZeroTrustGatewayPolicyRuleSettingsAuditSsh
    Settings for auditing SSH usage.
    bisoAdminControls ZeroTrustGatewayPolicyRuleSettingsBisoAdminControls
    Configure how browser isolation behaves.
    blockPageEnabled Boolean
    Indicator of block page enablement.
    blockPageReason String
    The displayed reason for a user being blocked.
    bypassParentRule Boolean
    Allow child MSP accounts to bypass their parent's rule.
    checkSession ZeroTrustGatewayPolicyRuleSettingsCheckSession
    Configure how session check behaves.
    dnsResolvers ZeroTrustGatewayPolicyRuleSettingsDnsResolvers
    Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when resolvednsthrough*cloudflare is set. DNS queries will route to the address closest to their origin.
    egress ZeroTrustGatewayPolicyRuleSettingsEgress
    Configure how Proxy traffic egresses. Can be set for rules with Egress action and Egress filter. Can be omitted to indicate local egress via Warp IPs.
    ignoreCnameCategoryMatches Boolean
    Set to true, to ignore the category matches at CNAME domains in a response.
    insecureDisableDnssecValidation Boolean
    Disable DNSSEC validation (must be Allow rule).
    ipCategories Boolean
    Turns on IP category based filter on dns if the rule contains dns category checks.
    l4override ZeroTrustGatewayPolicyRuleSettingsL4override
    Settings to forward layer 4 traffic.
    notificationSettings ZeroTrustGatewayPolicyRuleSettingsNotificationSettings
    Notification settings on a block rule.
    overrideHost String
    The host to override matching DNS queries with.
    overrideIps List<String>
    The IPs to override matching DNS queries with.
    payloadLog ZeroTrustGatewayPolicyRuleSettingsPayloadLog
    Configure DLP Payload Logging settings for this rule.
    resolveDnsThroughCloudflare Boolean
    Enable sending queries that match the resolver policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when dns_resolvers are specified.
    untrustedCert ZeroTrustGatewayPolicyRuleSettingsUntrustedCert
    Configure untrusted certificate settings for this rule.
    addHeaders {[key: string]: string}
    Add custom headers to allowed requests in the form of key-value pairs.
    allowChildBypass boolean
    Allow parent MSP accounts to enable bypass their children's rules.
    auditSsh ZeroTrustGatewayPolicyRuleSettingsAuditSsh
    Settings for auditing SSH usage.
    bisoAdminControls ZeroTrustGatewayPolicyRuleSettingsBisoAdminControls
    Configure how browser isolation behaves.
    blockPageEnabled boolean
    Indicator of block page enablement.
    blockPageReason string
    The displayed reason for a user being blocked.
    bypassParentRule boolean
    Allow child MSP accounts to bypass their parent's rule.
    checkSession ZeroTrustGatewayPolicyRuleSettingsCheckSession
    Configure how session check behaves.
    dnsResolvers ZeroTrustGatewayPolicyRuleSettingsDnsResolvers
    Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when resolvednsthrough*cloudflare is set. DNS queries will route to the address closest to their origin.
    egress ZeroTrustGatewayPolicyRuleSettingsEgress
    Configure how Proxy traffic egresses. Can be set for rules with Egress action and Egress filter. Can be omitted to indicate local egress via Warp IPs.
    ignoreCnameCategoryMatches boolean
    Set to true, to ignore the category matches at CNAME domains in a response.
    insecureDisableDnssecValidation boolean
    Disable DNSSEC validation (must be Allow rule).
    ipCategories boolean
    Turns on IP category based filter on dns if the rule contains dns category checks.
    l4override ZeroTrustGatewayPolicyRuleSettingsL4override
    Settings to forward layer 4 traffic.
    notificationSettings ZeroTrustGatewayPolicyRuleSettingsNotificationSettings
    Notification settings on a block rule.
    overrideHost string
    The host to override matching DNS queries with.
    overrideIps string[]
    The IPs to override matching DNS queries with.
    payloadLog ZeroTrustGatewayPolicyRuleSettingsPayloadLog
    Configure DLP Payload Logging settings for this rule.
    resolveDnsThroughCloudflare boolean
    Enable sending queries that match the resolver policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when dns_resolvers are specified.
    untrustedCert ZeroTrustGatewayPolicyRuleSettingsUntrustedCert
    Configure untrusted certificate settings for this rule.
    add_headers Mapping[str, str]
    Add custom headers to allowed requests in the form of key-value pairs.
    allow_child_bypass bool
    Allow parent MSP accounts to enable bypass their children's rules.
    audit_ssh ZeroTrustGatewayPolicyRuleSettingsAuditSsh
    Settings for auditing SSH usage.
    biso_admin_controls ZeroTrustGatewayPolicyRuleSettingsBisoAdminControls
    Configure how browser isolation behaves.
    block_page_enabled bool
    Indicator of block page enablement.
    block_page_reason str
    The displayed reason for a user being blocked.
    bypass_parent_rule bool
    Allow child MSP accounts to bypass their parent's rule.
    check_session ZeroTrustGatewayPolicyRuleSettingsCheckSession
    Configure how session check behaves.
    dns_resolvers ZeroTrustGatewayPolicyRuleSettingsDnsResolvers
    Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when resolvednsthrough*cloudflare is set. DNS queries will route to the address closest to their origin.
    egress ZeroTrustGatewayPolicyRuleSettingsEgress
    Configure how Proxy traffic egresses. Can be set for rules with Egress action and Egress filter. Can be omitted to indicate local egress via Warp IPs.
    ignore_cname_category_matches bool
    Set to true, to ignore the category matches at CNAME domains in a response.
    insecure_disable_dnssec_validation bool
    Disable DNSSEC validation (must be Allow rule).
    ip_categories bool
    Turns on IP category based filter on dns if the rule contains dns category checks.
    l4override ZeroTrustGatewayPolicyRuleSettingsL4override
    Settings to forward layer 4 traffic.
    notification_settings ZeroTrustGatewayPolicyRuleSettingsNotificationSettings
    Notification settings on a block rule.
    override_host str
    The host to override matching DNS queries with.
    override_ips Sequence[str]
    The IPs to override matching DNS queries with.
    payload_log ZeroTrustGatewayPolicyRuleSettingsPayloadLog
    Configure DLP Payload Logging settings for this rule.
    resolve_dns_through_cloudflare bool
    Enable sending queries that match the resolver policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when dns_resolvers are specified.
    untrusted_cert ZeroTrustGatewayPolicyRuleSettingsUntrustedCert
    Configure untrusted certificate settings for this rule.
    addHeaders Map<String>
    Add custom headers to allowed requests in the form of key-value pairs.
    allowChildBypass Boolean
    Allow parent MSP accounts to enable bypass their children's rules.
    auditSsh Property Map
    Settings for auditing SSH usage.
    bisoAdminControls Property Map
    Configure how browser isolation behaves.
    blockPageEnabled Boolean
    Indicator of block page enablement.
    blockPageReason String
    The displayed reason for a user being blocked.
    bypassParentRule Boolean
    Allow child MSP accounts to bypass their parent's rule.
    checkSession Property Map
    Configure how session check behaves.
    dnsResolvers Property Map
    Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when resolvednsthrough*cloudflare is set. DNS queries will route to the address closest to their origin.
    egress Property Map
    Configure how Proxy traffic egresses. Can be set for rules with Egress action and Egress filter. Can be omitted to indicate local egress via Warp IPs.
    ignoreCnameCategoryMatches Boolean
    Set to true, to ignore the category matches at CNAME domains in a response.
    insecureDisableDnssecValidation Boolean
    Disable DNSSEC validation (must be Allow rule).
    ipCategories Boolean
    Turns on IP category based filter on dns if the rule contains dns category checks.
    l4override Property Map
    Settings to forward layer 4 traffic.
    notificationSettings Property Map
    Notification settings on a block rule.
    overrideHost String
    The host to override matching DNS queries with.
    overrideIps List<String>
    The IPs to override matching DNS queries with.
    payloadLog Property Map
    Configure DLP Payload Logging settings for this rule.
    resolveDnsThroughCloudflare Boolean
    Enable sending queries that match the resolver policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when dns_resolvers are specified.
    untrustedCert Property Map
    Configure untrusted certificate settings for this rule.

    ZeroTrustGatewayPolicyRuleSettingsAuditSsh, ZeroTrustGatewayPolicyRuleSettingsAuditSshArgs

    CommandLogging bool
    Log all SSH commands.
    CommandLogging bool
    Log all SSH commands.
    commandLogging Boolean
    Log all SSH commands.
    commandLogging boolean
    Log all SSH commands.
    command_logging bool
    Log all SSH commands.
    commandLogging Boolean
    Log all SSH commands.

    ZeroTrustGatewayPolicyRuleSettingsBisoAdminControls, ZeroTrustGatewayPolicyRuleSettingsBisoAdminControlsArgs

    DisableClipboardRedirection bool
    Disable clipboard redirection.
    DisableCopyPaste bool
    Disable copy-paste.
    DisableDownload bool
    Disable download.
    DisableKeyboard bool
    Disable keyboard usage.
    DisablePrinting bool
    Disable printing.
    DisableUpload bool
    Disable upload.
    DisableClipboardRedirection bool
    Disable clipboard redirection.
    DisableCopyPaste bool
    Disable copy-paste.
    DisableDownload bool
    Disable download.
    DisableKeyboard bool
    Disable keyboard usage.
    DisablePrinting bool
    Disable printing.
    DisableUpload bool
    Disable upload.
    disableClipboardRedirection Boolean
    Disable clipboard redirection.
    disableCopyPaste Boolean
    Disable copy-paste.
    disableDownload Boolean
    Disable download.
    disableKeyboard Boolean
    Disable keyboard usage.
    disablePrinting Boolean
    Disable printing.
    disableUpload Boolean
    Disable upload.
    disableClipboardRedirection boolean
    Disable clipboard redirection.
    disableCopyPaste boolean
    Disable copy-paste.
    disableDownload boolean
    Disable download.
    disableKeyboard boolean
    Disable keyboard usage.
    disablePrinting boolean
    Disable printing.
    disableUpload boolean
    Disable upload.
    disable_clipboard_redirection bool
    Disable clipboard redirection.
    disable_copy_paste bool
    Disable copy-paste.
    disable_download bool
    Disable download.
    disable_keyboard bool
    Disable keyboard usage.
    disable_printing bool
    Disable printing.
    disable_upload bool
    Disable upload.
    disableClipboardRedirection Boolean
    Disable clipboard redirection.
    disableCopyPaste Boolean
    Disable copy-paste.
    disableDownload Boolean
    Disable download.
    disableKeyboard Boolean
    Disable keyboard usage.
    disablePrinting Boolean
    Disable printing.
    disableUpload Boolean
    Disable upload.

    ZeroTrustGatewayPolicyRuleSettingsCheckSession, ZeroTrustGatewayPolicyRuleSettingsCheckSessionArgs

    Duration string
    Configure how fresh the session needs to be to be considered valid.
    Enforce bool
    Enable session enforcement for this rule.
    Duration string
    Configure how fresh the session needs to be to be considered valid.
    Enforce bool
    Enable session enforcement for this rule.
    duration String
    Configure how fresh the session needs to be to be considered valid.
    enforce Boolean
    Enable session enforcement for this rule.
    duration string
    Configure how fresh the session needs to be to be considered valid.
    enforce boolean
    Enable session enforcement for this rule.
    duration str
    Configure how fresh the session needs to be to be considered valid.
    enforce bool
    Enable session enforcement for this rule.
    duration String
    Configure how fresh the session needs to be to be considered valid.
    enforce Boolean
    Enable session enforcement for this rule.

    ZeroTrustGatewayPolicyRuleSettingsDnsResolvers, ZeroTrustGatewayPolicyRuleSettingsDnsResolversArgs

    ipv4s List<Property Map>
    IPv4 resolvers.
    ipv6s List<Property Map>
    IPv6 resolvers.

    ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4, ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4Args

    Ip string
    The IPv4 or IPv6 address of the upstream resolver.
    Port int
    A port number to use for the upstream resolver. Defaults to 53.
    RouteThroughPrivateNetwork bool
    Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
    VnetId string
    specify a virtual network for this resolver. Uses default virtual network id if omitted.
    Ip string
    The IPv4 or IPv6 address of the upstream resolver.
    Port int
    A port number to use for the upstream resolver. Defaults to 53.
    RouteThroughPrivateNetwork bool
    Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
    VnetId string
    specify a virtual network for this resolver. Uses default virtual network id if omitted.
    ip String
    The IPv4 or IPv6 address of the upstream resolver.
    port Integer
    A port number to use for the upstream resolver. Defaults to 53.
    routeThroughPrivateNetwork Boolean
    Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
    vnetId String
    specify a virtual network for this resolver. Uses default virtual network id if omitted.
    ip string
    The IPv4 or IPv6 address of the upstream resolver.
    port number
    A port number to use for the upstream resolver. Defaults to 53.
    routeThroughPrivateNetwork boolean
    Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
    vnetId string
    specify a virtual network for this resolver. Uses default virtual network id if omitted.
    ip str
    The IPv4 or IPv6 address of the upstream resolver.
    port int
    A port number to use for the upstream resolver. Defaults to 53.
    route_through_private_network bool
    Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
    vnet_id str
    specify a virtual network for this resolver. Uses default virtual network id if omitted.
    ip String
    The IPv4 or IPv6 address of the upstream resolver.
    port Number
    A port number to use for the upstream resolver. Defaults to 53.
    routeThroughPrivateNetwork Boolean
    Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
    vnetId String
    specify a virtual network for this resolver. Uses default virtual network id if omitted.

    ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6, ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv6Args

    Ip string
    The IPv4 or IPv6 address of the upstream resolver.
    Port int
    A port number to use for the upstream resolver. Defaults to 53.
    RouteThroughPrivateNetwork bool
    Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
    VnetId string
    specify a virtual network for this resolver. Uses default virtual network id if omitted.
    Ip string
    The IPv4 or IPv6 address of the upstream resolver.
    Port int
    A port number to use for the upstream resolver. Defaults to 53.
    RouteThroughPrivateNetwork bool
    Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
    VnetId string
    specify a virtual network for this resolver. Uses default virtual network id if omitted.
    ip String
    The IPv4 or IPv6 address of the upstream resolver.
    port Integer
    A port number to use for the upstream resolver. Defaults to 53.
    routeThroughPrivateNetwork Boolean
    Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
    vnetId String
    specify a virtual network for this resolver. Uses default virtual network id if omitted.
    ip string
    The IPv4 or IPv6 address of the upstream resolver.
    port number
    A port number to use for the upstream resolver. Defaults to 53.
    routeThroughPrivateNetwork boolean
    Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
    vnetId string
    specify a virtual network for this resolver. Uses default virtual network id if omitted.
    ip str
    The IPv4 or IPv6 address of the upstream resolver.
    port int
    A port number to use for the upstream resolver. Defaults to 53.
    route_through_private_network bool
    Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
    vnet_id str
    specify a virtual network for this resolver. Uses default virtual network id if omitted.
    ip String
    The IPv4 or IPv6 address of the upstream resolver.
    port Number
    A port number to use for the upstream resolver. Defaults to 53.
    routeThroughPrivateNetwork Boolean
    Whether to connect to this resolver over a private network. Must be set when vnet_id is set.
    vnetId String
    specify a virtual network for this resolver. Uses default virtual network id if omitted.

    ZeroTrustGatewayPolicyRuleSettingsEgress, ZeroTrustGatewayPolicyRuleSettingsEgressArgs

    Ipv4 string
    The IPv4 address to be used for egress.
    Ipv6 string
    The IPv6 range to be used for egress.
    Ipv4Fallback string
    The IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egreass via Warp IPs.
    Ipv4 string
    The IPv4 address to be used for egress.
    Ipv6 string
    The IPv6 range to be used for egress.
    Ipv4Fallback string
    The IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egreass via Warp IPs.
    ipv4 String
    The IPv4 address to be used for egress.
    ipv6 String
    The IPv6 range to be used for egress.
    ipv4Fallback String
    The IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egreass via Warp IPs.
    ipv4 string
    The IPv4 address to be used for egress.
    ipv6 string
    The IPv6 range to be used for egress.
    ipv4Fallback string
    The IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egreass via Warp IPs.
    ipv4 str
    The IPv4 address to be used for egress.
    ipv6 str
    The IPv6 range to be used for egress.
    ipv4_fallback str
    The IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egreass via Warp IPs.
    ipv4 String
    The IPv4 address to be used for egress.
    ipv6 String
    The IPv6 range to be used for egress.
    ipv4Fallback String
    The IPv4 address to be used for egress in the event of an error egressing with the primary IPv4. Can be '0.0.0.0' to indicate local egreass via Warp IPs.

    ZeroTrustGatewayPolicyRuleSettingsL4override, ZeroTrustGatewayPolicyRuleSettingsL4overrideArgs

    Ip string
    Override IP to forward traffic to.
    Port int
    Override Port to forward traffic to.
    Ip string
    Override IP to forward traffic to.
    Port int
    Override Port to forward traffic to.
    ip String
    Override IP to forward traffic to.
    port Integer
    Override Port to forward traffic to.
    ip string
    Override IP to forward traffic to.
    port number
    Override Port to forward traffic to.
    ip str
    Override IP to forward traffic to.
    port int
    Override Port to forward traffic to.
    ip String
    Override IP to forward traffic to.
    port Number
    Override Port to forward traffic to.

    ZeroTrustGatewayPolicyRuleSettingsNotificationSettings, ZeroTrustGatewayPolicyRuleSettingsNotificationSettingsArgs

    Enabled bool
    Enable notification settings.
    Message string
    Notification content.
    SupportUrl string
    Support URL to show in the notification.
    Enabled bool
    Enable notification settings.
    Message string
    Notification content.
    SupportUrl string
    Support URL to show in the notification.
    enabled Boolean
    Enable notification settings.
    message String
    Notification content.
    supportUrl String
    Support URL to show in the notification.
    enabled boolean
    Enable notification settings.
    message string
    Notification content.
    supportUrl string
    Support URL to show in the notification.
    enabled bool
    Enable notification settings.
    message str
    Notification content.
    support_url str
    Support URL to show in the notification.
    enabled Boolean
    Enable notification settings.
    message String
    Notification content.
    supportUrl String
    Support URL to show in the notification.

    ZeroTrustGatewayPolicyRuleSettingsPayloadLog, ZeroTrustGatewayPolicyRuleSettingsPayloadLogArgs

    Enabled bool
    Enable or disable DLP Payload Logging for this rule.
    Enabled bool
    Enable or disable DLP Payload Logging for this rule.
    enabled Boolean
    Enable or disable DLP Payload Logging for this rule.
    enabled boolean
    Enable or disable DLP Payload Logging for this rule.
    enabled bool
    Enable or disable DLP Payload Logging for this rule.
    enabled Boolean
    Enable or disable DLP Payload Logging for this rule.

    ZeroTrustGatewayPolicyRuleSettingsUntrustedCert, ZeroTrustGatewayPolicyRuleSettingsUntrustedCertArgs

    Action string
    Action to be taken when the SSL certificate of upstream is invalid. Available values: pass_through, block, error.
    Action string
    Action to be taken when the SSL certificate of upstream is invalid. Available values: pass_through, block, error.
    action String
    Action to be taken when the SSL certificate of upstream is invalid. Available values: pass_through, block, error.
    action string
    Action to be taken when the SSL certificate of upstream is invalid. Available values: pass_through, block, error.
    action str
    Action to be taken when the SSL certificate of upstream is invalid. Available values: pass_through, block, error.
    action String
    Action to be taken when the SSL certificate of upstream is invalid. Available values: pass_through, block, error.

    Import

    $ pulumi import cloudflare:index/zeroTrustGatewayPolicy:ZeroTrustGatewayPolicy example <account_id>/<teams_rule_id>
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Cloudflare pulumi/pulumi-cloudflare
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the cloudflare Terraform Provider.
    cloudflare logo
    Cloudflare v5.43.0 published on Wednesday, Nov 13, 2024 by Pulumi