Update access.tf

2025-11-14 18:06:17 +01:00
parent d47f8bbf8d
commit ed68f97aea
1 changed files with 115 additions and 1 deletions
--- a/access.tf
+++ b/access.tf
@@ -1 +1,115 @@
+# =============================================================================
+# CLOUDFLARE : Access : Applications
+# =============================================================================
+
+# 
+resource "cloudflare_zero_trust_access_application" "example_zero_trust_access_application" {
+  domain = "test.example.com/admin"
+  type = "self_hosted"
+  zone_id = "zone_id"
+  allow_authenticate_via_warp = true
+  allow_iframe = true
+  allowed_idps = ["699d98642c564d2e855e9661899b7252"]
+  app_launcher_visible = true
+  auto_redirect_to_identity = true
+  cors_headers = {
+    allow_all_headers = true
+    allow_all_methods = true
+    allow_all_origins = true
+    allow_credentials = true
+    allowed_headers = ["string"]
+    allowed_methods = ["GET"]
+    allowed_origins = ["https://example.com"]
+    max_age = -1
+  }
+  custom_deny_message = "custom_deny_message"
+  custom_deny_url = "custom_deny_url"
+  custom_non_identity_deny_url = "custom_non_identity_deny_url"
+  custom_pages = ["699d98642c564d2e855e9661899b7252"]
+  destinations = [{
+    type = "public"
+    uri = "test.example.com/admin"
+  }, {
+    type = "public"
+    uri = "test.anotherexample.com/staff"
+  }, {
+    cidr = "10.5.0.0/24"
+    hostname = "hostname"
+    l4_protocol = "tcp"
+    port_range = "80-90"
+    type = "private"
+    vnet_id = "vnet_id"
+  }, {
+    cidr = "10.5.0.3/32"
+    hostname = "hostname"
+    l4_protocol = "tcp"
+    port_range = "80"
+    type = "private"
+    vnet_id = "vnet_id"
+  }, {
+    cidr = "cidr"
+    hostname = "hostname"
+    l4_protocol = "tcp"
+    port_range = "port_range"
+    type = "private"
+    vnet_id = "vnet_id"
+  }]
+  enable_binding_cookie = true
+  http_only_cookie_attribute = true
+  logo_url = "https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg"
+  name = "Admin Site"
+  options_preflight_bypass = true
+  path_cookie_attribute = true
+  policies = [{
+    id = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
+    precedence = 0
+  }]
+  read_service_tokens_from_header = "Authorization"
+  same_site_cookie_attribute = "strict"
+  scim_config = {
+    idp_uid = "idp_uid"
+    remote_uri = "remote_uri"
+    authentication = {
+      password = "password"
+      scheme = "httpbasic"
+      user = "user"
+    }
+    deactivate_on_delete = true
+    enabled = true
+    mappings = [{
+      schema = "urn:ietf:params:scim:schemas:core:2.0:User"
+      enabled = true
+      filter = "title pr or userType eq \"Intern\""
+      operations = {
+        create = true
+        delete = true
+        update = true
+      }
+      strictness = "strict"
+      transform_jsonata = "$merge([$, {\'userName\': $substringBefore($.userName, \'@\') & \'+test@\' & $substringAfter($.userName, \'@\')}])"
+    }]
+  }
+  self_hosted_domains = ["test.example.com/admin", "test.anotherexample.com/staff"]
+  service_auth_401_redirect = true
+  session_duration = "24h"
+  skip_interstitial = true
+  tags = ["engineers"]
+}
+
+# =============================================================================
+# CLOUDFLARE : Access : Policies
+# =============================================================================
+
+#
+
+# =============================================================================
+# CLOUDFLARE : Access : Rule groups
+# =============================================================================
+
+#
+
+# =============================================================================
+# CLOUDFLARE : Access : Service auth
+# =============================================================================
+
 #