cf

package
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 23, 2026 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DNSRecordTypeA     = "A"
	DNSRecordTypeAAAA  = "AAAA"
	DNSRecordTypeCNAME = "CNAME"
)

DNS record type constants.

View Source 
const (
	// CloudflareAPITimeoutEnv is the env var for Cloudflare API HTTP timeout.
	// Supports Go duration (e.g. "120s", "2m") or plain integer seconds (e.g. "120").
	CloudflareAPITimeoutEnv = "CLOUDFLARE_API_TIMEOUT"

	// DefaultCloudflareAPITimeout is used when env var is missing/invalid.
	DefaultCloudflareAPITimeout = 120 * time.Second

	// MaxCloudflareAPITimeout caps configured timeout to avoid runaway values.
	MaxCloudflareAPITimeout = 10 * time.Minute
)
View Source 
const CloudflareAPIBaseURLEnv = "CLOUDFLARE_API_BASE_URL"

CloudflareAPIBaseURLEnv is the environment variable name for custom Cloudflare API base URL. This is primarily used for E2E testing with a mock server.

View Source 
const TXT_PREFIX = "_managed."

TXT_PREFIX is the prefix added to TXT records for whom the corresponding DNS records are managed by the operator.

Variables

View Source 
var (
	// ErrResourceNotFound indicates the requested resource was not found
	ErrResourceNotFound = errors.New("resource not found")

	// ErrResourceConflict indicates the resource is already managed by another K8s object
	ErrResourceConflict = errors.New("resource already managed by another object")

	// ErrMultipleResourcesFound indicates multiple resources matched when only one was expected
	ErrMultipleResourcesFound = errors.New("multiple resources found")

	// ErrAPIRateLimited indicates the API rate limit was exceeded
	ErrAPIRateLimited = errors.New("API rate limit exceeded")

	// ErrTemporaryFailure indicates a temporary failure that should be retried
	ErrTemporaryFailure = errors.New("temporary failure")

	// ErrInvalidConfiguration indicates invalid configuration
	ErrInvalidConfiguration = errors.New("invalid configuration")

	// ErrAuthenticationFailed indicates authentication failed
	ErrAuthenticationFailed = errors.New("authentication failed")

	// ErrPermissionDenied indicates permission was denied
	ErrPermissionDenied = errors.New("permission denied")

	// ErrInvalidTunnelID indicates tunnel ID is missing or invalid
	ErrInvalidTunnelID = errors.New("invalid or missing tunnel ID")

	// ErrInvalidZoneID indicates zone ID is missing or invalid
	ErrInvalidZoneID = errors.New("invalid or missing zone ID")
)

Error types for Cloudflare API operations

View Source 
var ErrNoCredentials = errors.New("no API credentials provided: either APIToken or (APIKey + Email) required")

ErrNoCredentials is returned when no API credentials are provided.

Functions

func BoolToOnOff 

func BoolToOnOff(b *bool) string

BoolToOnOff converts a bool pointer to "on"/"off" string

func ConvertLocalRulesToSDK 

func ConvertLocalRulesToSDK(localRules []UnvalidatedIngressRule) []cloudflare.UnvalidatedIngressRule

ConvertLocalRulesToSDK converts local UnvalidatedIngressRule to cloudflare-go SDK types. This is necessary because: - Local types use time.Duration for timeouts - SDK types use cloudflare.TunnelDuration - Local OriginRequestConfig is a value, SDK uses a pointer

func ConvertRulesToSDK 

func ConvertRulesToSDK(rules []AccessGroupRuleParams) []interface{}

ConvertRulesToSDK converts typed rules to SDK-compatible format.

func GetAPIBaseURL 

func GetAPIBaseURL() string

GetAPIBaseURL returns the custom API base URL from environment variable, or empty string for default.

func GetCloudflareAPITimeout 

func GetCloudflareAPITimeout() time.Duration

GetCloudflareAPITimeout returns Cloudflare API timeout from env with safe fallback.

func GetContentType 

func GetContentType(filePath string) string

GetContentType determines the MIME type for a file based on its extension. This function mirrors Wrangler's getContentType behavior: 1. Tries to get MIME type from file extension 2. For text/* types, adds charset=utf-8 if not present 3. Returns "application/octet-stream" for unknown types

Reference: https://github.com/cloudflare/workers-sdk/blob/main/packages/workers-shared/utils/helpers.ts

func GetContentTypeOrNull 

func GetContentTypeOrNull(filePath string) string

GetContentTypeOrNull returns the MIME type or "application/null" for unknown types. "application/null" is a special value that tells Cloudflare to not set a Content-Type header. This is useful when you want Cloudflare to auto-detect the content type.

func GetRequeueDelay 

func GetRequeueDelay(err error, cfg RetryConfig) time.Duration

GetRequeueDelay calculates the appropriate requeue delay based on error type Uses exponential backoff for temporary errors

func IsAccessApplicationRecoverableError 

func IsAccessApplicationRecoverableError(err error) bool

IsAccessApplicationRecoverableError checks if an Access Application error is recoverable through retry. Domain not in destinations errors are recoverable because the Ingress controller may not have synced the tunnel configuration yet.

func IsActiveProductionDeploymentError 

func IsActiveProductionDeploymentError(err error) bool

IsActiveProductionDeploymentError checks if the error indicates that the deployment cannot be deleted because it is the active production deployment. Cloudflare Pages does not allow deleting the active production deployment. Error code: 8000034

func IsAliasedDeploymentError 

func IsAliasedDeploymentError(err error) bool

IsAliasedDeploymentError checks if the error indicates that the deployment cannot be deleted because it has aliases (branch URLs, custom domains, etc.). Cloudflare Pages requires force=true to delete aliased deployments. Error code: 8000035

func IsAuthError 

func IsAuthError(err error) bool

IsAuthError checks if the error indicates an authentication/authorization failure

func IsConflictError 

func IsConflictError(err error) bool

IsConflictError checks if the error indicates a resource conflict

func IsDomainNotInDestinationsError 

func IsDomainNotInDestinationsError(err error) bool

IsDomainNotInDestinationsError checks if the error indicates the domain is not included in tunnel destinations. This error (code 12130) occurs when trying to create an AccessApplication for a domain that hasn't been synced to the tunnel yet. This is typically a temporary condition that resolves when the Ingress controller syncs the tunnel configuration.

func IsNotFoundError 

func IsNotFoundError(err error) bool

IsNotFoundError checks if the error indicates a resource was not found

func IsPagesDeploymentNonRetryableError 

func IsPagesDeploymentNonRetryableError(err error) bool

IsPagesDeploymentNonRetryableError checks if a Pages deployment error should not be retried because it will never succeed. Active production deployment errors are non-retryable because the deployment can only be replaced by creating a new deployment, not deleted directly.

func IsPermanentError 

func IsPermanentError(err error) bool

IsPermanentError checks if the error is permanent and should not be retried

func IsRateLimitError 

func IsRateLimitError(err error) bool

IsRateLimitError checks if the error indicates rate limiting

func IsTemporaryError 

func IsTemporaryError(err error) bool

IsTemporaryError checks if the error is temporary and should be retried

func IsUnknownApplicationError 

func IsUnknownApplicationError(err error) bool

IsUnknownApplicationError checks if the error indicates the application ID stored in status no longer exists in Cloudflare. This can happen if the application was deleted manually from Cloudflare dashboard.

func IsValidationError 

func IsValidationError(err error) bool

IsValidationError checks if the error indicates invalid configuration or input

func NewAPIHTTPClient 

func NewAPIHTTPClient() *http.Client

NewAPIHTTPClient creates an HTTP client with operator-wide Cloudflare API timeout.

func OnOffToBool 

func OnOffToBool(s string) bool

OnOffToBool converts "on"/"off" string to bool

func ResetDefaultFactory 

func ResetDefaultFactory()

ResetDefaultFactory resets the default ClientFactory to the real implementation.

func SanitizeErrorMessage 

func SanitizeErrorMessage(err error) string

SanitizeErrorMessage removes potentially sensitive information from error messages before storing them in Status conditions

func SetDefaultFactory 

func SetDefaultFactory(factory ClientFactory)

SetDefaultFactory sets the default ClientFactory (useful for testing).

func ShouldRetry 

func ShouldRetry(err error, retryCount int, maxRetries int) bool

ShouldRetry determines if an operation should be retried based on error type and retry count

func WrapConflict 

func WrapConflict(resource string, err error) error

WrapConflict wraps an error as a conflict error

func WrapNotFound 

func WrapNotFound(resource string, err error) error

WrapNotFound wraps an error as a not found error

Types

type API 

type API struct {
	Log              logr.Logger
	TunnelName       string
	TunnelId         string
	AccountName      string
	AccountId        string
	Domain           string
	ValidAccountId   string
	ValidTunnelId    string
	ValidTunnelName  string
	ValidZoneId      string
	ValidDomainName  string // Domain name corresponding to ValidZoneId
	CloudflareClient *cloudflare.API
	CloudflareV6     *cloudflarev6.Client
	APIToken         string // API Token for direct API calls (e.g., Pages Direct Upload)
	APIKey           string // Global API Key for direct API calls
	APIEmail         string // Email for Global API Key authentication
}

API config object holding all relevant fields to use the API

func NewAPIClientFromCredentialsRef 

func NewAPIClientFromCredentialsRef(ctx context.Context, k8sClient client.Client, ref *networkingv1alpha2.CloudflareCredentialsRef) (*API, error)

NewAPIClientFromCredentialsRef creates a new API client from a CloudflareCredentials reference.

func NewAPIClientFromDefaultCredentials 

func NewAPIClientFromDefaultCredentials(ctx context.Context, k8sClient client.Client) (*API, error)

NewAPIClientFromDefaultCredentials creates a new API client using the default CloudflareCredentials.

func NewAPIClientFromDetails 

func NewAPIClientFromDetails(ctx context.Context, k8sClient client.Client, namespace string, details networkingv1alpha2.CloudflareDetails) (*API, error)

NewAPIClientFromDetails creates a new API client from CloudflareDetails. This function supports both the new CloudflareCredentials reference and legacy inline secrets. Priority order:

  1. credentialsRef (if specified) - references a CloudflareCredentials resource
  2. inline secret (if specified) - legacy mode for backwards compatibility
  3. default CloudflareCredentials (if no credentials specified)

func NewAPIClientFromSecret 

func NewAPIClientFromSecret(ctx context.Context, k8sClient client.Client, secretName, namespace string, log logr.Logger) (*API, error)

NewAPIClientFromSecret creates a new API client from a secret reference. This is a legacy function maintained for backwards compatibility. If CLOUDFLARE_API_BASE_URL environment variable is set, it uses that as the API base URL.

func (*API) AddPagesDomain 

func (api *API) AddPagesDomain(ctx context.Context, projectName, domain string) (*PagesDomainResult, error)

AddPagesDomain adds a custom domain to a Pages project

func (*API) AttachR2CustomDomain 

func (api *API) AttachR2CustomDomain(
	ctx context.Context, bucketName string, params R2CustomDomainParams,
) (*R2CustomDomain, error)

AttachR2CustomDomain attaches a custom domain to an R2 bucket

func (*API) CancelRegistrarTransfer 

func (api *API) CancelRegistrarTransfer(ctx context.Context, domainName string) error

CancelRegistrarTransfer cancels a pending domain transfer

func (*API) CreateAccessApplication 

func (c *API) CreateAccessApplication(ctx context.Context, params AccessApplicationParams) (*AccessApplicationResult, error)

CreateAccessApplication creates a new Access Application.

func (*API) CreateAccessGroup 

func (c *API) CreateAccessGroup(ctx context.Context, params AccessGroupParams) (*AccessGroupResult, error)

CreateAccessGroup creates a new Access Group.

func (*API) CreateAccessIdentityProvider 

func (c *API) CreateAccessIdentityProvider(ctx context.Context, params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)

CreateAccessIdentityProvider creates a new Access Identity Provider.

func (*API) CreateAccessPolicy 

func (c *API) CreateAccessPolicy(ctx context.Context, params AccessPolicyParams) (*AccessPolicyResult, error)

CreateAccessPolicy creates a new Access Policy for an application.

func (*API) CreateAccessServiceToken 

func (c *API) CreateAccessServiceToken(ctx context.Context, name string, duration string) (*AccessServiceTokenResult, error)

CreateAccessServiceToken creates a new Access Service Token.

func (*API) CreateDNSRecord 

func (c *API) CreateDNSRecord(ctx context.Context, params DNSRecordParams) (*DNSRecordResult, error)

CreateDNSRecord creates a new DNS record.

func (*API) CreateDNSRecordInZone 

func (c *API) CreateDNSRecordInZone(ctx context.Context, zoneID string, params DNSRecordParams) (*DNSRecordResult, error)

CreateDNSRecordInZone creates a new DNS record in the specified zone.

func (*API) CreateDevicePostureRule 

func (c *API) CreateDevicePostureRule(ctx context.Context, params DevicePostureRuleParams) (*DevicePostureRuleResult, error)

CreateDevicePostureRule creates a new Device Posture Rule.

func (*API) CreateGatewayList 

func (c *API) CreateGatewayList(ctx context.Context, params GatewayListParams) (*GatewayListResult, error)

CreateGatewayList creates a new Gateway List.

func (*API) CreateGatewayRule 

func (c *API) CreateGatewayRule(ctx context.Context, params GatewayRuleParams) (*GatewayRuleResult, error)

CreateGatewayRule creates a new Gateway Rule.

func (*API) CreateOriginCACertificate 

func (api *API) CreateOriginCACertificate(ctx context.Context, params OriginCACertificateParams) (*OriginCACertificateResult, error)

CreateOriginCACertificate creates a new Origin CA certificate

func (*API) CreatePagesDeployment 

func (api *API) CreatePagesDeployment(ctx context.Context, projectName string, branch string) (*PagesDeploymentResult, error)

CreatePagesDeployment creates a new deployment for a Pages project

func (*API) CreatePagesDirectUploadDeployment 

func (api *API) CreatePagesDirectUploadDeployment(
	ctx context.Context,
	projectName string,
	files map[string][]byte,
	metadata *PagesDeploymentMetadata,
) (*PagesDirectUploadResult, error)

CreatePagesDirectUploadDeployment creates a deployment via direct upload. This uses the Pages Direct Upload API with the correct 4-step flow: 1. Get upload token (JWT) 2. Check which files are missing 3. Upload missing files 4. Upsert hashes and create deployment

The metadata.Branch parameter controls whether this is a production or preview deployment: - If branch matches the project's production branch (e.g., "main"), it creates a production deployment - If branch is different (e.g., "preview", "staging"), it creates a preview deployment - If branch is empty, it defaults to production deployment behavior

Additional metadata fields (CommitHash, CommitMessage, CommitDirty) are passed to Cloudflare API as deployment trigger metadata.

Important: Uses MD5 hashes (not SHA256) as required by Cloudflare Pages API. Special files (_headers, _redirects, etc.) are handled as separate form fields.

func (*API) CreatePagesProject 

func (api *API) CreatePagesProject(ctx context.Context, params PagesProjectParams) (*PagesProjectResult, error)

CreatePagesProject creates a new Pages project

func (*API) CreateR2Bucket 

func (api *API) CreateR2Bucket(ctx context.Context, params R2BucketParams) (*R2BucketResult, error)

CreateR2Bucket creates a new R2 bucket

func (*API) CreateReusableAccessPolicy 

func (c *API) CreateReusableAccessPolicy(ctx context.Context, params ReusableAccessPolicyParams) (*ReusableAccessPolicyResult, error)

CreateReusableAccessPolicy creates a new reusable Access Policy (not attached to any application).

func (*API) CreateTunnel 

func (c *API) CreateTunnel(ctx context.Context) (string, string, error)

CreateTunnel creates a Cloudflare Tunnel and returns the tunnel Id and credentials file

func (*API) CreateTunnelRoute 

func (c *API) CreateTunnelRoute(ctx context.Context, params TunnelRouteParams) (*TunnelRouteResult, error)

CreateTunnelRoute creates a new Tunnel Route for private network access.

func (*API) CreateTunnelWithParams 

func (c *API) CreateTunnelWithParams(ctx context.Context, tunnelName, configSrc string) (*TunnelCreateResult, error)

CreateTunnelWithParams creates a Cloudflare Tunnel with explicit parameters. This method is used by the TunnelLifecycle Sync Controller. Returns tunnel ID, credentials, and error.

func (*API) CreateVirtualNetwork 

func (c *API) CreateVirtualNetwork(ctx context.Context, params VirtualNetworkParams) (*VirtualNetworkResult, error)

CreateVirtualNetwork creates a new Virtual Network in Cloudflare.

func (*API) CreateWARPConnector 

func (c *API) CreateWARPConnector(ctx context.Context, name string) (*WARPConnectorResult, error)

CreateWARPConnector creates a new WARP Connector.

func (*API) DeleteAccessApplication 

func (c *API) DeleteAccessApplication(ctx context.Context, applicationID string) error

DeleteAccessApplication deletes an Access Application. This method is idempotent - returns nil if the application is already deleted.

func (*API) DeleteAccessGroup 

func (c *API) DeleteAccessGroup(ctx context.Context, groupID string) error

DeleteAccessGroup deletes an Access Group. This method is idempotent - returns nil if the group is already deleted.

func (*API) DeleteAccessIdentityProvider 

func (c *API) DeleteAccessIdentityProvider(ctx context.Context, idpID string) error

DeleteAccessIdentityProvider deletes an Access Identity Provider. This method is idempotent - returns nil if the identity provider is already deleted.

func (*API) DeleteAccessPolicy 

func (c *API) DeleteAccessPolicy(ctx context.Context, applicationID, policyID string) error

DeleteAccessPolicy deletes an Access Policy. This method is idempotent - returns nil if the policy is already deleted.

func (*API) DeleteAccessServiceToken 

func (c *API) DeleteAccessServiceToken(ctx context.Context, tokenID string) error

DeleteAccessServiceToken deletes an Access Service Token. This method is idempotent - returns nil if the service token is already deleted.

func (*API) DeleteDNSId 

func (c *API) DeleteDNSId(ctx context.Context, fqdn, dnsId string, created bool) error

DeleteDNSId deletes DNS entry for the given dnsId. This method is idempotent - returns nil if the record is already deleted.

func (*API) DeleteDNSRecord 

func (c *API) DeleteDNSRecord(ctx context.Context, zoneID, recordID string) error

DeleteDNSRecord deletes a DNS record. This method is idempotent - returns nil if the record is already deleted.

func (*API) DeleteDNSRecordInZone 

func (c *API) DeleteDNSRecordInZone(ctx context.Context, zoneID, recordID string) error

DeleteDNSRecordInZone deletes a DNS record in the specified zone. This method is idempotent - returns nil if the record is already deleted.

func (*API) DeleteDevicePostureRule 

func (c *API) DeleteDevicePostureRule(ctx context.Context, ruleID string) error

DeleteDevicePostureRule deletes a Device Posture Rule. This method is idempotent - returns nil if the rule is already deleted.

func (*API) DeleteGatewayList 

func (c *API) DeleteGatewayList(ctx context.Context, listID string) error

DeleteGatewayList deletes a Gateway List. This method is idempotent - returns nil if the list is already deleted.

func (*API) DeleteGatewayRule 

func (c *API) DeleteGatewayRule(ctx context.Context, ruleID string) error

DeleteGatewayRule deletes a Gateway Rule. This method is idempotent - returns nil if the rule is already deleted.

func (*API) DeletePagesDeployment 

func (api *API) DeletePagesDeployment(ctx context.Context, projectName, deploymentID string, force bool) error

DeletePagesDeployment deletes a deployment from a Pages project. If force is true, the deployment will be deleted even if it has aliases (branch URLs, custom domains, etc.). This is required for aliased deployments which would otherwise fail with error code 8000035.

func (*API) DeletePagesDomain 

func (api *API) DeletePagesDomain(ctx context.Context, projectName, domain string) error

DeletePagesDomain removes a custom domain from a Pages project

func (*API) DeletePagesProject 

func (api *API) DeletePagesProject(ctx context.Context, projectName string) error

DeletePagesProject deletes a Pages project

func (*API) DeleteR2Bucket 

func (api *API) DeleteR2Bucket(ctx context.Context, bucketName string) error

DeleteR2Bucket deletes an R2 bucket. This method is idempotent - returns nil if the bucket is already deleted.

func (*API) DeleteR2CORS 

func (api *API) DeleteR2CORS(ctx context.Context, bucketName string) error

DeleteR2CORS deletes the CORS configuration for an R2 bucket. This method is idempotent - returns nil if the CORS config is already deleted.

func (*API) DeleteR2CustomDomain 

func (api *API) DeleteR2CustomDomain(ctx context.Context, bucketName, domain string) error

DeleteR2CustomDomain removes a custom domain from an R2 bucket. This method is idempotent - returns nil if the custom domain is already deleted.

func (*API) DeleteR2Lifecycle 

func (api *API) DeleteR2Lifecycle(ctx context.Context, bucketName string) error

DeleteR2Lifecycle deletes the lifecycle rules for an R2 bucket. This method is idempotent - returns nil if the lifecycle rules are already deleted.

func (*API) DeleteR2Notification 

func (api *API) DeleteR2Notification(ctx context.Context, bucketName, queueID string) error

DeleteR2Notification deletes notification rules for an R2 bucket and queue. This method is idempotent - returns nil if the notification rules are already deleted.

func (*API) DeleteReusableAccessPolicy 

func (c *API) DeleteReusableAccessPolicy(ctx context.Context, policyID string) error

DeleteReusableAccessPolicy deletes a reusable Access Policy. This method is idempotent - returns nil if the policy is already deleted.

func (*API) DeleteRuleset 

func (api *API) DeleteRuleset(ctx context.Context, zoneID, rulesetID string) error

DeleteRuleset deletes a ruleset. This method is idempotent - returns nil if the ruleset is already deleted.

func (*API) DeleteTunnel 

func (c *API) DeleteTunnel(ctx context.Context) error

DeleteTunnel deletes a Cloudflare Tunnel. This method is idempotent - returns nil if the tunnel is already deleted.

func (*API) DeleteTunnelByID 

func (c *API) DeleteTunnelByID(ctx context.Context, tunnelID string) error

DeleteTunnelByID deletes a Cloudflare Tunnel by its ID. This method is used by the TunnelLifecycle Sync Controller. It is idempotent - returns nil if the tunnel is already deleted.

func (*API) DeleteTunnelRoute 

func (c *API) DeleteTunnelRoute(ctx context.Context, network, virtualNetworkID string) error

DeleteTunnelRoute deletes a Tunnel Route. This method is idempotent - returns nil if the route is already deleted.

func (*API) DeleteTunnelRoutesByTunnelID 

func (c *API) DeleteTunnelRoutesByTunnelID(ctx context.Context, tunnelID string) (int, error)

DeleteTunnelRoutesByTunnelID deletes all routes associated with a tunnel. Returns the number of routes deleted and any error encountered.

func (*API) DeleteTunnelRoutesByVirtualNetworkID 

func (c *API) DeleteTunnelRoutesByVirtualNetworkID(ctx context.Context, virtualNetworkID string) (int, error)

DeleteTunnelRoutesByVirtualNetworkID deletes all routes associated with a virtual network. Returns the number of routes deleted and any error encountered.

func (*API) DeleteVirtualNetwork 

func (c *API) DeleteVirtualNetwork(ctx context.Context, virtualNetworkID string) error

DeleteVirtualNetwork deletes a Virtual Network. This method is idempotent - returns nil if the virtual network is already deleted.

func (*API) DeleteWARPConnector 

func (c *API) DeleteWARPConnector(ctx context.Context, connectorID string) error

DeleteWARPConnector deletes a WARP Connector. This method is idempotent - returns nil if the connector is already deleted.

func (*API) DisableWebAnalytics 

func (api *API) DisableWebAnalytics(ctx context.Context, siteTag string) error

DisableWebAnalytics disables Web Analytics for a site.

func (*API) EnableR2PublicAccess 

func (api *API) EnableR2PublicAccess(ctx context.Context, bucketName string, enabled bool) error

EnableR2PublicAccess enables public access for an R2 bucket via managed domain

func (*API) EnableWebAnalytics 

func (api *API) EnableWebAnalytics(ctx context.Context, hostname string) (*RUMSite, error)

EnableWebAnalytics enables Web Analytics for a hostname. For Pages projects, use the *.pages.dev hostname or custom domain.

Note: auto_install is only supported for custom domains proxied through Cloudflare. For *.pages.dev domains, auto_install must be false as Pages has built-in injection.

func (*API) FindPagesDeploymentByCommitHash 

func (api *API) FindPagesDeploymentByCommitHash(
	ctx context.Context,
	projectName, commitHash string,
) (*PagesDeploymentResult, error)

FindPagesDeploymentByCommitHash finds an existing deployment by commit hash. It searches through recent deployments to find one with matching commit hash. Returns nil (not error) if no matching deployment is found. This enables idempotent deployment creation - same commit hash won't create duplicate deployments.

func (*API) GetAccessApplication 

func (c *API) GetAccessApplication(ctx context.Context, applicationID string) (*AccessApplicationResult, error)

GetAccessApplication retrieves an Access Application by ID.

func (*API) GetAccessGroup 

func (c *API) GetAccessGroup(ctx context.Context, groupID string) (*AccessGroupResult, error)

GetAccessGroup retrieves an Access Group by ID.

func (*API) GetAccessGroupByName 

func (c *API) GetAccessGroupByName(ctx context.Context, name string) (*AccessGroupResult, error)

GetAccessGroupByName finds an Access Group by name. Returns nil if no group with the given name is found.

func (*API) GetAccessIdentityProvider 

func (c *API) GetAccessIdentityProvider(ctx context.Context, idpID string) (*AccessIdentityProviderResult, error)

GetAccessIdentityProvider retrieves an Access Identity Provider by ID.

func (*API) GetAccessIdentityProviderByName 

func (c *API) GetAccessIdentityProviderByName(ctx context.Context, name string) (*AccessIdentityProviderResult, error)

GetAccessIdentityProviderByName finds an Access Identity Provider by name. Returns nil if no provider with the given name is found.

func (*API) GetAccessPolicy 

func (c *API) GetAccessPolicy(ctx context.Context, applicationID, policyID string) (*AccessPolicyResult, error)

GetAccessPolicy retrieves an Access Policy by ID.

func (*API) GetAccessServiceTokenByName 

func (c *API) GetAccessServiceTokenByName(ctx context.Context, name string) (*AccessServiceTokenResult, error)

GetAccessServiceTokenByName retrieves an Access Service Token by name. Returns nil if no token with the given name is found.

func (*API) GetAccountId 

func (c *API) GetAccountId(ctx context.Context) (string, error)

GetAccountId gets AccountId from Account Name

func (*API) GetDNSCNameIDInZone 

func (c *API) GetDNSCNameIDInZone(ctx context.Context, zoneID, fqdn string) (string, error)

GetDNSCNameIDInZone returns the ID of the CNAME record for the given fqdn in the specified zone. Returns empty string and nil error if the record does not exist (this is not an error condition). Returns empty string and error if there was an actual API error or multiple records found.

func (*API) GetDNSCNameId 

func (c *API) GetDNSCNameId(ctx context.Context, fqdn string) (string, error)

GetDNSCNameId returns the ID of the CNAME record requested. Returns empty string and nil error if the record does not exist (this is not an error condition). Returns empty string and error if there was an actual API error or multiple records found.

func (*API) GetDNSRecord 

func (c *API) GetDNSRecord(ctx context.Context, zoneID, recordID string) (*DNSRecordResult, error)

GetDNSRecord retrieves a DNS record by ID.

func (*API) GetDNSRecordIDInZone 

func (c *API) GetDNSRecordIDInZone(ctx context.Context, zoneID, fqdn, recordType string) (string, error)

GetDNSRecordIDInZone returns the ID of a DNS record of the given type for the fqdn in the specified zone. Returns empty string and nil error if the record does not exist.

func (*API) GetDefaultVirtualNetwork 

func (c *API) GetDefaultVirtualNetwork(ctx context.Context) (*VirtualNetworkResult, error)

GetDefaultVirtualNetwork retrieves the default Virtual Network for the account. Every Cloudflare Zero Trust account has a default Virtual Network.

func (*API) GetDevicePostureRule 

func (c *API) GetDevicePostureRule(ctx context.Context, ruleID string) (*DevicePostureRuleResult, error)

GetDevicePostureRule retrieves a Device Posture Rule by ID.

func (*API) GetEntrypointRuleset 

func (api *API) GetEntrypointRuleset(ctx context.Context, zoneID, phase string) (*RulesetResult, error)

GetEntrypointRuleset gets the entrypoint ruleset for a zone and phase

func (*API) GetFallbackDomains 

func (c *API) GetFallbackDomains(ctx context.Context) ([]FallbackDomainEntry, error)

GetFallbackDomains retrieves the current fallback domains list.

func (*API) GetGatewayList 

func (c *API) GetGatewayList(ctx context.Context, listID string) (*GatewayListResult, error)

GetGatewayList retrieves a Gateway List by ID.

func (*API) GetGatewayRule 

func (c *API) GetGatewayRule(ctx context.Context, ruleID string) (*GatewayRuleResult, error)

GetGatewayRule retrieves a Gateway Rule by ID.

func (*API) GetManagedDnsTxt 

func (c *API) GetManagedDnsTxt(ctx context.Context, fqdn string) (string, DnsManagedRecordTxt, bool, error)

GetManagedDnsTxt gets the TXT record corresponding to the fqdn

func (*API) GetOriginCACertificate 

func (api *API) GetOriginCACertificate(ctx context.Context, certificateID string) (*OriginCACertificateResult, error)

GetOriginCACertificate retrieves an Origin CA certificate by ID

func (*API) GetPagesDeployment 

func (api *API) GetPagesDeployment(ctx context.Context, projectName, deploymentID string) (*PagesDeploymentResult, error)

GetPagesDeployment gets a deployment from a Pages project

func (*API) GetPagesDeploymentLogs 

func (api *API) GetPagesDeploymentLogs(ctx context.Context, projectName, deploymentID string) (*PagesDeploymentLogsResult, error)

GetPagesDeploymentLogs gets the logs for a deployment

func (*API) GetPagesDomain 

func (api *API) GetPagesDomain(ctx context.Context, projectName, domain string) (*PagesDomainResult, error)

GetPagesDomain gets a custom domain from a Pages project

func (*API) GetPagesProject 

func (api *API) GetPagesProject(ctx context.Context, projectName string) (*PagesProjectResult, error)

GetPagesProject retrieves a Pages project by name

func (*API) GetQueueID 

func (api *API) GetQueueID(ctx context.Context, queueName string) (string, error)

GetQueueID retrieves the queue ID for a given queue name

func (*API) GetR2Bucket 

func (api *API) GetR2Bucket(ctx context.Context, bucketName string) (*R2BucketResult, error)

GetR2Bucket retrieves an R2 bucket by name

func (*API) GetR2CORS 

func (api *API) GetR2CORS(ctx context.Context, bucketName string) ([]R2CORSRule, error)

GetR2CORS retrieves the CORS configuration for an R2 bucket

func (*API) GetR2CustomDomain 

func (api *API) GetR2CustomDomain(
	ctx context.Context, bucketName, domain string,
) (*R2CustomDomain, error)

GetR2CustomDomain retrieves a custom domain configuration for an R2 bucket

func (*API) GetR2Lifecycle 

func (api *API) GetR2Lifecycle(ctx context.Context, bucketName string) ([]R2LifecycleRule, error)

GetR2Lifecycle retrieves the lifecycle rules for an R2 bucket

func (*API) GetR2Notifications 

func (api *API) GetR2Notifications(
	ctx context.Context, bucketName string,
) ([]R2NotificationRule, error)

GetR2Notifications retrieves the notification rules for an R2 bucket

func (*API) GetRegistrarDomain 

func (api *API) GetRegistrarDomain(ctx context.Context, domainName string) (*RegistrarDomainInfo, error)

GetRegistrarDomain retrieves information about a registered domain

func (*API) GetReusableAccessPolicy 

func (c *API) GetReusableAccessPolicy(ctx context.Context, policyID string) (*ReusableAccessPolicyResult, error)

GetReusableAccessPolicy retrieves a reusable Access Policy by ID.

func (*API) GetReusableAccessPolicyByName 

func (c *API) GetReusableAccessPolicyByName(ctx context.Context, name string) (*ReusableAccessPolicyResult, error)

GetReusableAccessPolicyByName finds a reusable Access Policy by name. Returns nil if no policy with the given name is found.

func (*API) GetRuleset 

func (api *API) GetRuleset(ctx context.Context, zoneID, rulesetID string) (*RulesetResult, error)

GetRuleset gets a ruleset by ID

func (*API) GetSplitTunnelExclude 

func (c *API) GetSplitTunnelExclude(ctx context.Context) ([]SplitTunnelEntry, error)

GetSplitTunnelExclude retrieves the current split tunnel exclude list.

func (*API) GetSplitTunnelInclude 

func (c *API) GetSplitTunnelInclude(ctx context.Context) ([]SplitTunnelEntry, error)

GetSplitTunnelInclude retrieves the current split tunnel include list.

func (*API) GetTunnelConfiguration 

func (c *API) GetTunnelConfiguration(ctx context.Context, tunnelID string) (*cloudflare.TunnelConfigurationResult, error)

GetTunnelConfiguration retrieves the Tunnel configuration from Cloudflare API. This returns the remotely-managed tunnel configuration including public hostnames.

func (*API) GetTunnelCreds 

func (c *API) GetTunnelCreds(ctx context.Context, tunnelSecret string) (string, error)

GetTunnelCreds gets Tunnel Credentials from Tunnel secret

func (*API) GetTunnelCredsByID 

func (c *API) GetTunnelCredsByID(ctx context.Context, tunnelID string) (*TunnelCredentialsFile, error)

GetTunnelCredsByID retrieves tunnel credentials by tunnel ID. This method is used by the TunnelLifecycle Sync Controller. Note: This method cannot retrieve the original secret, only a new token. For existing tunnels, use GetTunnelToken instead.

func (*API) GetTunnelIDByName 

func (c *API) GetTunnelIDByName(ctx context.Context, tunnelName string) (string, error)

GetTunnelIDByName looks up a tunnel ID by its name. This method is used by the TunnelLifecycle Sync Controller.

func (*API) GetTunnelId 

func (c *API) GetTunnelId(ctx context.Context) (string, error)

GetTunnelId gets Tunnel Id from available information

func (*API) GetTunnelRoute 

func (c *API) GetTunnelRoute(ctx context.Context, network, virtualNetworkID string) (*TunnelRouteResult, error)

GetTunnelRoute retrieves a Tunnel Route by network CIDR and virtual network ID.

func (*API) GetTunnelRouteByNetwork 

func (c *API) GetTunnelRouteByNetwork(ctx context.Context, network string) (*TunnelRouteResult, error)

GetTunnelRouteByNetwork retrieves a Tunnel Route by network CIDR across all Virtual Networks. This is useful when you don't know which VNet the route is in. Returns the first matching route found.

func (*API) GetTunnelToken 

func (c *API) GetTunnelToken(ctx context.Context, tunnelID string) (string, error)

GetTunnelToken retrieves the token for a tunnel from Cloudflare API. The token is used to start cloudflared in remotely-managed mode with --token flag. This allows cloudflared to automatically pull configuration from Cloudflare cloud.

func (*API) GetVirtualNetwork 

func (c *API) GetVirtualNetwork(ctx context.Context, virtualNetworkID string) (*VirtualNetworkResult, error)

GetVirtualNetwork retrieves a Virtual Network by ID.

func (*API) GetVirtualNetworkByName 

func (c *API) GetVirtualNetworkByName(ctx context.Context, name string) (*VirtualNetworkResult, error)

GetVirtualNetworkByName retrieves a Virtual Network by name.

func (*API) GetWARPConnectorToken 

func (c *API) GetWARPConnectorToken(ctx context.Context, connectorID string) (*WARPConnectorTokenResult, error)

GetWARPConnectorToken retrieves the tunnel token for a WARP connector.

func (*API) GetWebAnalyticsSite 

func (api *API) GetWebAnalyticsSite(ctx context.Context, hostname string) (*RUMSite, error)

GetWebAnalyticsSite gets a Web Analytics site by hostname.

func (*API) GetZoneIDForDomain 

func (c *API) GetZoneIDForDomain(ctx context.Context, domain string) (zoneID string, zoneName string, err error)

GetZoneIDForDomain queries Cloudflare API to find the Zone ID for a given domain. It supports both apex domains (example.com) and subdomains (app.example.com). Returns the zoneID and zoneName.

Algorithm:

  1. Try the domain as-is (for apex domains)
  2. Walk up the domain hierarchy (for subdomains) e.g., app.test.example.com -> test.example.com -> example.com

func (*API) GetZoneId 

func (c *API) GetZoneId(ctx context.Context) (string, error)

GetZoneId gets Zone Id from DNS domain

func (*API) GetZoneSettings 

func (api *API) GetZoneSettings(ctx context.Context, zoneID string) (*ZoneSettings, error)

GetZoneSettings retrieves all zone settings

func (*API) InitiateRegistrarTransfer 

func (api *API) InitiateRegistrarTransfer(ctx context.Context, domainName string) error

InitiateRegistrarTransfer initiates a domain transfer to Cloudflare

func (*API) InsertOrUpdateCName 

func (c *API) InsertOrUpdateCName(ctx context.Context, fqdn, dnsId string) (string, error)

InsertOrUpdateCName upsert DNS CNAME record for the given FQDN to point to the tunnel

func (*API) InsertOrUpdateCNameInZone 

func (c *API) InsertOrUpdateCNameInZone(ctx context.Context, zoneID, fqdn, dnsID, tunnelID string, proxied bool) (string, error)

InsertOrUpdateCNameInZone upserts DNS CNAME record for the given FQDN to point to the tunnel in the specified zone. If tunnelID is empty, it uses c.ValidTunnelId.

func (*API) InsertOrUpdateTXT 

func (c *API) InsertOrUpdateTXT(ctx context.Context, fqdn, txtId, dnsId string) error

InsertOrUpdateTXT upsert DNS TXT record for the given FQDN to point to the tunnel

func (*API) ListAccessApplicationsByName 

func (c *API) ListAccessApplicationsByName(ctx context.Context, name string) (*AccessApplicationResult, error)

ListAccessApplicationsByName finds an Access Application by name.

func (*API) ListAccessGroupsByName deprecated 

func (c *API) ListAccessGroupsByName(ctx context.Context, name string) (*AccessGroupResult, error)

ListAccessGroupsByName finds an Access Group by name. Returns nil if no group with the given name is found.

Deprecated: Use GetAccessGroupByName instead.

func (*API) ListAccessIdentityProvidersByName deprecated 

func (c *API) ListAccessIdentityProvidersByName(ctx context.Context, name string) (*AccessIdentityProviderResult, error)

ListAccessIdentityProvidersByName finds an Access Identity Provider by name. Returns nil if no provider with the given name is found.

Deprecated: Use GetAccessIdentityProviderByName instead.

func (*API) ListAccessPolicies 

func (c *API) ListAccessPolicies(ctx context.Context, applicationID string) ([]AccessPolicyResult, error)

ListAccessPolicies lists all Access Policies for an application.

func (*API) ListDevicePostureRulesByName 

func (c *API) ListDevicePostureRulesByName(ctx context.Context, name string) (*DevicePostureRuleResult, error)

ListDevicePostureRulesByName finds a Device Posture Rule by name. Returns nil if no rule with the given name is found.

func (*API) ListGatewayListsByName 

func (c *API) ListGatewayListsByName(ctx context.Context, name string) (*GatewayListResult, error)

ListGatewayListsByName finds a Gateway List by name. Returns nil if no list with the given name is found.

func (*API) ListGatewayRulesByName 

func (c *API) ListGatewayRulesByName(ctx context.Context, name string) (*GatewayRuleResult, error)

ListGatewayRulesByName finds a Gateway Rule by name. Returns nil if no rule with the given name is found.

func (*API) ListOriginCACertificates 

func (api *API) ListOriginCACertificates(ctx context.Context, zoneID string) ([]OriginCACertificateResult, error)

ListOriginCACertificates lists Origin CA certificates for a zone

func (*API) ListPagesDeployments 

func (api *API) ListPagesDeployments(ctx context.Context, projectName string) ([]PagesDeploymentResult, error)

ListPagesDeployments lists all deployments for a Pages project

func (*API) ListPagesDomains 

func (api *API) ListPagesDomains(ctx context.Context, projectName string) ([]PagesDomainResult, error)

ListPagesDomains lists all custom domains for a Pages project

func (*API) ListPagesProjects 

func (api *API) ListPagesProjects(ctx context.Context) ([]PagesProjectResult, error)

ListPagesProjects lists all Pages projects

func (*API) ListQueues 

func (api *API) ListQueues(ctx context.Context) ([]Queue, error)

ListQueues lists all Cloudflare Queues

func (*API) ListR2Buckets 

func (api *API) ListR2Buckets(ctx context.Context) ([]R2BucketResult, error)

ListR2Buckets lists all R2 buckets

func (*API) ListR2CustomDomains 

func (api *API) ListR2CustomDomains(
	ctx context.Context, bucketName string,
) ([]R2CustomDomain, error)

ListR2CustomDomains lists all custom domains for an R2 bucket

func (*API) ListRegistrarDomains 

func (api *API) ListRegistrarDomains(ctx context.Context) ([]RegistrarDomainInfo, error)

ListRegistrarDomains lists all domains registered with Cloudflare Registrar

func (*API) ListReusableAccessPolicies 

func (c *API) ListReusableAccessPolicies(ctx context.Context) ([]ReusableAccessPolicyResult, error)

ListReusableAccessPolicies lists all reusable Access Policies.

func (*API) ListRulesets 

func (api *API) ListRulesets(ctx context.Context, zoneID string) ([]RulesetResult, error)

ListRulesets lists all rulesets for a zone

func (*API) ListTunnelRoutesByNetwork 

func (c *API) ListTunnelRoutesByNetwork(ctx context.Context, network string) ([]TunnelRouteResult, error)

ListTunnelRoutesByNetwork lists all Tunnel Routes for a given network CIDR across all Virtual Networks. This searches all VNets and returns all routes matching the network CIDR.

func (*API) ListTunnelRoutesByTunnelID 

func (c *API) ListTunnelRoutesByTunnelID(ctx context.Context, tunnelID string) ([]TunnelRouteResult, error)

ListTunnelRoutesByTunnelID lists all Tunnel Routes associated with a specific Tunnel. This is used to clean up routes before deleting a tunnel.

func (*API) ListTunnelRoutesByVirtualNetworkID 

func (c *API) ListTunnelRoutesByVirtualNetworkID(ctx context.Context, virtualNetworkID string) ([]TunnelRouteResult, error)

ListTunnelRoutesByVirtualNetworkID lists all Tunnel Routes associated with a specific Virtual Network. This is used to clean up routes before deleting a virtual network.

func (*API) ListVirtualNetworks 

func (c *API) ListVirtualNetworks(ctx context.Context) ([]VirtualNetworkResult, error)

ListVirtualNetworks lists all Virtual Networks for the account.

func (*API) MergeAndSync 

func (c *API) MergeAndSync(ctx context.Context, tunnelID string, opts MergeOptions) (*MergeSyncResult, error)

MergeAndSync performs read-merge-write operation to safely update tunnel configuration. This method: 1. Reads the current configuration from Cloudflare API 2. Removes rules owned by this source (based on PreviousHostnames) 3. Adds the new rules from CurrentRules 4. Preserves rules from other sources 5. Writes the merged configuration back to Cloudflare API

This approach prevents race conditions where multiple controllers overwrite each other's configurations.

func (*API) PatchPagesDomain 

func (api *API) PatchPagesDomain(ctx context.Context, projectName, domain string) (*PagesDomainResult, error)

PatchPagesDomain updates a custom domain on a Pages project

func (*API) PurgePagesProjectBuildCache 

func (api *API) PurgePagesProjectBuildCache(ctx context.Context, projectName string) error

PurgePagesProjectBuildCache purges the build cache for a Pages project

func (*API) RefreshAccessServiceToken 

func (c *API) RefreshAccessServiceToken(ctx context.Context, tokenID string) (*AccessServiceTokenResult, error)

RefreshAccessServiceToken refreshes an Access Service Token, generating a new client secret.

func (*API) RetryPagesDeployment 

func (api *API) RetryPagesDeployment(ctx context.Context, projectName, deploymentID string) (*PagesDeploymentResult, error)

RetryPagesDeployment retries a failed deployment

func (*API) RevokeOriginCACertificate 

func (api *API) RevokeOriginCACertificate(ctx context.Context, certificateID string) error

RevokeOriginCACertificate revokes an Origin CA certificate

func (*API) RollbackPagesDeployment 

func (api *API) RollbackPagesDeployment(ctx context.Context, projectName, deploymentID string) (*PagesDeploymentResult, error)

RollbackPagesDeployment rolls back to a previous deployment

func (*API) SetR2CORS 

func (api *API) SetR2CORS(ctx context.Context, bucketName string, rules []R2CORSRule) error

SetR2CORS sets the CORS configuration for an R2 bucket

func (*API) SetR2Lifecycle 

func (api *API) SetR2Lifecycle(ctx context.Context, bucketName string, rules []R2LifecycleRule) error

SetR2Lifecycle sets the lifecycle rules for an R2 bucket

func (*API) SetR2Notification 

func (api *API) SetR2Notification(
	ctx context.Context, bucketName, queueID string, rules []R2NotificationRule,
) error

SetR2Notification creates or updates a notification rule for an R2 bucket

func (*API) SyncTunnelConfigurationToAPI deprecated 

func (c *API) SyncTunnelConfigurationToAPI(
	ctx context.Context,
	tunnelID string,
	localRules []UnvalidatedIngressRule,
	warpRouting *WarpRoutingConfig,
) error

SyncTunnelConfigurationToAPI syncs the local ingress rules to Cloudflare API. This is a convenience method that combines type conversion and API call.

Deprecated: Use MergeAndSync instead to avoid race conditions between controllers.

IMPORTANT: The warpRouting parameter controls WARP routing state: - nil: don't change existing warp-routing state (backward compatible) - &WarpRoutingConfig{Enabled: true}: explicitly enable warp-routing - &WarpRoutingConfig{Enabled: false}: explicitly disable warp-routing

func (*API) UpdateAccessApplication 

func (c *API) UpdateAccessApplication(ctx context.Context, applicationID string, params AccessApplicationParams) (*AccessApplicationResult, error)

UpdateAccessApplication updates an existing Access Application.

func (*API) UpdateAccessGroup 

func (c *API) UpdateAccessGroup(ctx context.Context, groupID string, params AccessGroupParams) (*AccessGroupResult, error)

UpdateAccessGroup updates an existing Access Group.

func (*API) UpdateAccessIdentityProvider 

func (c *API) UpdateAccessIdentityProvider(
	ctx context.Context,
	idpID string,
	params AccessIdentityProviderParams,
) (*AccessIdentityProviderResult, error)

UpdateAccessIdentityProvider updates an existing Access Identity Provider.

func (*API) UpdateAccessPolicy 

func (c *API) UpdateAccessPolicy(ctx context.Context, policyID string, params AccessPolicyParams) (*AccessPolicyResult, error)

UpdateAccessPolicy updates an existing Access Policy.

func (*API) UpdateAccessServiceToken 

func (c *API) UpdateAccessServiceToken(ctx context.Context, tokenID string, name string, duration string) (*AccessServiceTokenResult, error)

UpdateAccessServiceToken updates an existing Access Service Token.

func (*API) UpdateDNSRecord 

func (c *API) UpdateDNSRecord(ctx context.Context, zoneID, recordID string, params DNSRecordParams) (*DNSRecordResult, error)

UpdateDNSRecord updates an existing DNS record.

func (*API) UpdateDNSRecordInZone 

func (c *API) UpdateDNSRecordInZone(ctx context.Context, zoneID, recordID string, params DNSRecordParams) (*DNSRecordResult, error)

UpdateDNSRecordInZone updates an existing DNS record in the specified zone.

func (*API) UpdateDevicePostureRule 

func (c *API) UpdateDevicePostureRule(ctx context.Context, ruleID string, params DevicePostureRuleParams) (*DevicePostureRuleResult, error)

UpdateDevicePostureRule updates an existing Device Posture Rule.

func (*API) UpdateEntrypointRuleset 

func (api *API) UpdateEntrypointRuleset(
	ctx context.Context, zoneID, phase, description string, rules []cloudflare.RulesetRule,
) (*RulesetResult, error)

UpdateEntrypointRuleset updates the entrypoint ruleset for a zone and phase

func (*API) UpdateFallbackDomains 

func (c *API) UpdateFallbackDomains(ctx context.Context, entries []FallbackDomainEntry) error

UpdateFallbackDomains updates the fallback domains list.

func (*API) UpdateGatewayConfiguration 

func (c *API) UpdateGatewayConfiguration(
	ctx context.Context,
	params GatewayConfigurationParams,
) (*GatewayConfigurationResult, error)

UpdateGatewayConfiguration updates the Gateway configuration for an account.

func (*API) UpdateGatewayList 

func (c *API) UpdateGatewayList(ctx context.Context, listID string, params GatewayListParams) (*GatewayListResult, error)

UpdateGatewayList updates an existing Gateway List.

func (*API) UpdateGatewayRule 

func (c *API) UpdateGatewayRule(ctx context.Context, ruleID string, params GatewayRuleParams) (*GatewayRuleResult, error)

UpdateGatewayRule updates an existing Gateway Rule.

func (*API) UpdatePagesProject 

func (api *API) UpdatePagesProject(ctx context.Context, projectName string, params PagesProjectParams) (*PagesProjectResult, error)

UpdatePagesProject updates an existing Pages project

func (*API) UpdateR2CustomDomain 

func (api *API) UpdateR2CustomDomain(
	ctx context.Context, bucketName, domain string, params R2CustomDomainParams,
) (*R2CustomDomain, error)

UpdateR2CustomDomain updates the settings for a custom domain

func (*API) UpdateRegistrarDomain 

func (api *API) UpdateRegistrarDomain(
	ctx context.Context, domainName string, config RegistrarDomainConfig,
) (*RegistrarDomainInfo, error)

UpdateRegistrarDomain updates domain configuration

func (*API) UpdateReusableAccessPolicy 

func (c *API) UpdateReusableAccessPolicy(ctx context.Context, policyID string, params ReusableAccessPolicyParams) (*ReusableAccessPolicyResult, error)

UpdateReusableAccessPolicy updates an existing reusable Access Policy.

func (*API) UpdateSplitTunnelExclude 

func (c *API) UpdateSplitTunnelExclude(ctx context.Context, entries []SplitTunnelEntry) error

UpdateSplitTunnelExclude updates the split tunnel exclude list.

func (*API) UpdateSplitTunnelInclude 

func (c *API) UpdateSplitTunnelInclude(ctx context.Context, entries []SplitTunnelEntry) error

UpdateSplitTunnelInclude updates the split tunnel include list.

func (*API) UpdateTunnelConfiguration 

func (c *API) UpdateTunnelConfiguration(
	ctx context.Context,
	tunnelID string,
	config cloudflare.TunnelConfiguration,
) (*cloudflare.TunnelConfigurationResult, error)

UpdateTunnelConfiguration updates the Tunnel configuration in Cloudflare API. This syncs the local ingress rules to Cloudflare, making domains available for Access Applications validation.

func (*API) UpdateTunnelRoute 

func (c *API) UpdateTunnelRoute(ctx context.Context, network string, params TunnelRouteParams) (*TunnelRouteResult, error)

UpdateTunnelRoute updates an existing Tunnel Route.

func (*API) UpdateVirtualNetwork 

func (c *API) UpdateVirtualNetwork(ctx context.Context, virtualNetworkID string, params VirtualNetworkParams) (*VirtualNetworkResult, error)

UpdateVirtualNetwork updates an existing Virtual Network.

func (*API) UpdateWebAnalyticsSite 

func (api *API) UpdateWebAnalyticsSite(ctx context.Context, siteTag string, autoInstall bool) (*RUMSite, error)

UpdateWebAnalyticsSite updates a Web Analytics site configuration.

func (*API) UpdateZoneSetting 

func (api *API) UpdateZoneSetting(ctx context.Context, zoneID, settingName string, value any) error

UpdateZoneSetting updates a single zone setting

func (*API) UpdateZoneSettings 

func (api *API) UpdateZoneSettings(ctx context.Context, zoneID string, settings []cloudflare.ZoneSetting) error

UpdateZoneSettings updates multiple zone settings

func (*API) ValidateAll 

func (c *API) ValidateAll(ctx context.Context) error

ValidateAll validates the contents of the API struct

type APIError 

type APIError struct {
	Operation string
	Resource  string
	Err       error
}

APIError wraps a Cloudflare API error with additional context

func NewAPIError 

func NewAPIError(operation, resource string, err error) *APIError

NewAPIError creates a new APIError

func (*APIError) Error 

func (e *APIError) Error() string

func (*APIError) Unwrap 

func (e *APIError) Unwrap() error

type AccessAppLauncherCustomizationParams 

type AccessAppLauncherCustomizationParams struct {
	LandingPageDesign        *AccessLandingPageDesignParams
	AppLauncherLogoURL       string
	HeaderBackgroundColor    string
	BackgroundColor          string
	FooterLinks              []AccessFooterLinkParams
	SkipAppLauncherLoginPage *bool
}

AccessAppLauncherCustomizationParams represents app launcher customization.

type AccessApplicationCorsHeadersParams 

type AccessApplicationCorsHeadersParams struct {
	AllowedMethods   []string
	AllowedOrigins   []string
	AllowedHeaders   []string
	AllowAllMethods  bool
	AllowAllHeaders  bool
	AllowAllOrigins  bool
	AllowCredentials bool
	MaxAge           int
}

AccessApplicationCorsHeadersParams represents CORS settings.

type AccessApplicationParams 

type AccessApplicationParams struct {
	Name                     string
	Domain                   string
	SelfHostedDomains        []string
	Destinations             []AccessDestinationParams
	DomainType               string
	PrivateAddress           string
	Type                     string // self_hosted, saas, ssh, vnc, app_launcher, warp, biso, bookmark, dash_sso, infrastructure
	SessionDuration          string
	AllowedIdps              []string
	AutoRedirectToIdentity   *bool
	EnableBindingCookie      *bool
	HTTPOnlyCookieAttribute  *bool
	PathCookieAttribute      *bool
	SameSiteCookieAttribute  string
	LogoURL                  string
	SkipInterstitial         *bool
	OptionsPreflightBypass   *bool
	AppLauncherVisible       *bool
	ServiceAuth401Redirect   *bool
	CustomDenyMessage        string
	CustomDenyURL            string
	CustomNonIdentityDenyURL string
	AllowAuthenticateViaWarp *bool
	Tags                     []string
	CustomPages              []string
	GatewayRules             []string
	CorsHeaders              *AccessApplicationCorsHeadersParams
	SaasApp                  *SaasApplicationParams
	SCIMConfig               *AccessApplicationSCIMConfigParams
	AppLauncherCustomization *AccessAppLauncherCustomizationParams
	TargetContexts           []AccessInfrastructureTargetContextParams

	// Policies is a list of reusable policy IDs to attach to this application.
	// The order determines precedence (first = highest priority).
	Policies []string
}

AccessApplicationParams contains parameters for creating/updating an Access Application.

type AccessApplicationResult 

type AccessApplicationResult struct {
	ID                     string
	AUD                    string
	Name                   string
	Domain                 string
	SelfHostedDomains      []string
	Type                   string
	SessionDuration        string
	AllowedIdps            []string
	AutoRedirectToIdentity bool
	SaasAppClientID        string
}

AccessApplicationResult contains the result of an Access Application operation.

type AccessApplicationSCIMConfigParams 

type AccessApplicationSCIMConfigParams struct {
	Enabled            *bool
	RemoteURI          string
	Authentication     *SCIMAuthenticationParams
	IDPUID             string
	DeactivateOnDelete *bool
	Mappings           []SCIMMappingParams
}

AccessApplicationSCIMConfigParams represents SCIM configuration.

type AccessApprovalGroupParams 

type AccessApprovalGroupParams struct {
	EmailAddresses  []string
	EmailListUUID   string
	ApprovalsNeeded int
}

AccessApprovalGroupParams contains approval group configuration.

type AccessDestinationParams 

type AccessDestinationParams struct {
	Type       string // public, private
	URI        string
	Hostname   string
	CIDR       string
	PortRange  string
	L4Protocol string
	VnetID     string
}

AccessDestinationParams represents a destination configuration.

type AccessFooterLinkParams 

type AccessFooterLinkParams struct {
	Name string
	URL  string
}

AccessFooterLinkParams represents a footer link.

type AccessGroupAuthContextRuleParams 

type AccessGroupAuthContextRuleParams struct {
	ID                 string
	AcID               string
	IdentityProviderID string
}

type AccessGroupAuthMethodRuleParams 

type AccessGroupAuthMethodRuleParams struct{ AuthMethod string }

type AccessGroupAzureRuleParams 

type AccessGroupAzureRuleParams struct {
	ID                 string
	IdentityProviderID string
}

type AccessGroupCommonNameRuleParams 

type AccessGroupCommonNameRuleParams struct{ CommonName string }

type AccessGroupCountryRuleParams 

type AccessGroupCountryRuleParams struct{ Country []string }

type AccessGroupDevicePostureRuleParams 

type AccessGroupDevicePostureRuleParams struct{ IntegrationUID string }

type AccessGroupEmailDomainRuleParams 

type AccessGroupEmailDomainRuleParams struct{ Domain string }

type AccessGroupEmailListRuleParams 

type AccessGroupEmailListRuleParams struct{ ID string }

type AccessGroupEmailRuleParams 

type AccessGroupEmailRuleParams struct{ Email string }

Rule params types

type AccessGroupExternalEvaluationRuleParams 

type AccessGroupExternalEvaluationRuleParams struct {
	EvaluateURL string
	KeysURL     string
}

type AccessGroupGSuiteRuleParams 

type AccessGroupGSuiteRuleParams struct {
	Email              string
	IdentityProviderID string
}

type AccessGroupGitHubRuleParams 

type AccessGroupGitHubRuleParams struct {
	Name               string
	Teams              []string
	IdentityProviderID string
}

type AccessGroupGroupRuleParams 

type AccessGroupGroupRuleParams struct{ ID string }

type AccessGroupIPListRuleParams 

type AccessGroupIPListRuleParams struct{ ID string }

type AccessGroupIPRangesRuleParams 

type AccessGroupIPRangesRuleParams struct{ IP []string }

type AccessGroupLoginMethodRuleParams 

type AccessGroupLoginMethodRuleParams struct{ ID string }

type AccessGroupOIDCRuleParams 

type AccessGroupOIDCRuleParams struct {
	ClaimName          string
	ClaimValue         string
	IdentityProviderID string
}

type AccessGroupOktaRuleParams 

type AccessGroupOktaRuleParams struct {
	Name               string
	IdentityProviderID string
}

type AccessGroupParams 

type AccessGroupParams struct {
	Name      string
	Include   []AccessGroupRuleParams
	Exclude   []AccessGroupRuleParams
	Require   []AccessGroupRuleParams
	IsDefault *bool
}

AccessGroupParams contains parameters for creating/updating an Access Group.

type AccessGroupResult 

type AccessGroupResult struct {
	ID   string
	Name string
}

AccessGroupResult contains the result of an Access Group operation.

type AccessGroupRuleParams 

type AccessGroupRuleParams struct {
	Email                *AccessGroupEmailRuleParams
	EmailDomain          *AccessGroupEmailDomainRuleParams
	EmailList            *AccessGroupEmailListRuleParams
	Everyone             bool
	IPRanges             *AccessGroupIPRangesRuleParams
	IPList               *AccessGroupIPListRuleParams
	Country              *AccessGroupCountryRuleParams
	Group                *AccessGroupGroupRuleParams
	ServiceToken         *AccessGroupServiceTokenRuleParams
	AnyValidServiceToken bool
	Certificate          bool
	CommonName           *AccessGroupCommonNameRuleParams
	DevicePosture        *AccessGroupDevicePostureRuleParams
	GSuite               *AccessGroupGSuiteRuleParams
	GitHub               *AccessGroupGitHubRuleParams
	Azure                *AccessGroupAzureRuleParams
	Okta                 *AccessGroupOktaRuleParams
	OIDC                 *AccessGroupOIDCRuleParams
	SAML                 *AccessGroupSAMLRuleParams
	AuthMethod           *AccessGroupAuthMethodRuleParams
	AuthContext          *AccessGroupAuthContextRuleParams
	LoginMethod          *AccessGroupLoginMethodRuleParams
	ExternalEvaluation   *AccessGroupExternalEvaluationRuleParams
}

AccessGroupRuleParams represents a typed Access Group rule for SDK conversion. Each rule should have exactly one field set.

func BuildGroupIncludeRule 

func BuildGroupIncludeRule(groupID string) AccessGroupRuleParams

BuildGroupIncludeRule constructs an include rule that references an Access Group. This uses the "group" rule type with the group's UUID.

type AccessGroupSAMLRuleParams 

type AccessGroupSAMLRuleParams struct {
	AttributeName      string
	AttributeValue     string
	IdentityProviderID string
}

type AccessGroupServiceTokenRuleParams 

type AccessGroupServiceTokenRuleParams struct{ TokenID string }

type AccessIdentityProviderParams 

type AccessIdentityProviderParams struct {
	Name       string
	Type       string
	Config     cloudflare.AccessIdentityProviderConfiguration
	ScimConfig cloudflare.AccessIdentityProviderScimConfiguration
}

AccessIdentityProviderParams contains parameters for an Access Identity Provider.

type AccessIdentityProviderResult 

type AccessIdentityProviderResult struct {
	ID   string
	Name string
	Type string
}

AccessIdentityProviderResult contains the result of an Access Identity Provider operation.

type AccessInfrastructureTargetContextParams 

type AccessInfrastructureTargetContextParams struct {
	TargetAttributes map[string][]string
	Port             int
	Protocol         string
}

AccessInfrastructureTargetContextParams represents target context for infrastructure apps.

type AccessLandingPageDesignParams 

type AccessLandingPageDesignParams struct {
	Title           string
	Message         string
	ImageURL        string
	ButtonColor     string
	ButtonTextColor string
}

AccessLandingPageDesignParams represents landing page design.

type AccessPolicyParams 

type AccessPolicyParams struct {
	ApplicationID    string                  // Required: The Application ID this policy belongs to
	Name             string                  // Policy name
	Decision         string                  // allow, deny, bypass, non_identity
	Precedence       int                     // Order of evaluation (lower = higher priority)
	Include          []AccessGroupRuleParams // Include rules (e.g., group references)
	Exclude          []AccessGroupRuleParams // Exclude rules
	Require          []AccessGroupRuleParams // Require rules
	SessionDuration  *string                 // Optional session duration override
	ReusablePolicyID string                  // Optional: Reference to a reusable policy (instead of inline rules)
}

AccessPolicyParams contains parameters for creating/updating an Access Policy.

type AccessPolicyResult 

type AccessPolicyResult struct {
	ID               string
	Name             string
	Decision         string
	Precedence       int
	ReusablePolicyID *string // Set if this policy references a reusable policy
}

AccessPolicyResult contains the result of an Access Policy operation.

type AccessServiceTokenResult 

type AccessServiceTokenResult struct {
	ID                  string
	TokenID             string
	Name                string
	ClientID            string
	ClientSecret        string
	AccountID           string
	ExpiresAt           string
	CreatedAt           string
	UpdatedAt           string
	LastSeenAt          string
	ClientSecretVersion int64
}

AccessServiceTokenResult contains the result of an Access Service Token operation.

type ActivityLogSettings 

type ActivityLogSettings struct {
	Enabled bool
}

ActivityLogSettings for activity logging.

type AntiVirusSettings 

type AntiVirusSettings struct {
	EnabledDownloadPhase bool
	EnabledUploadPhase   bool
	FailClosed           bool
	NotificationSettings *NotificationSettings
}

AntiVirusSettings for AV scanning.

type BlockPageSettings 

type BlockPageSettings struct {
	Enabled         bool
	Name            string
	FooterText      string
	HeaderText      string
	LogoPath        string
	BackgroundColor string
	MailtoAddress   string
	MailtoSubject   string
	SuppressFooter  *bool
}

BlockPageSettings for block page customization.

type BodyScanningSettings 

type BodyScanningSettings struct {
	InspectionMode string
}

BodyScanningSettings for body scanning.

type BrowserIsolationSettings 

type BrowserIsolationSettings struct {
	URLBrowserIsolationEnabled bool
	NonIdentityEnabled         bool
}

BrowserIsolationSettings for browser isolation.

type ClientConfig 

type ClientConfig struct {
	Log         logr.Logger
	APIToken    string
	APIKey      string
	Email       string
	AccountID   string
	AccountName string
	Domain      string
	TunnelID    string
	TunnelName  string
}

ClientConfig contains configuration for creating a CloudflareClient.

type ClientFactory 

type ClientFactory interface {
	// NewClient creates a new CloudflareClient with the given configuration.
	NewClient(config ClientConfig) (CloudflareClient, error)
}

ClientFactory creates CloudflareClient instances. This interface enables dependency injection for testing.

func GetDefaultFactory 

func GetDefaultFactory() ClientFactory

GetDefaultFactory returns the default ClientFactory.

func NewDefaultClientFactory 

func NewDefaultClientFactory() ClientFactory

NewDefaultClientFactory creates a new DefaultClientFactory.

type CloudflareClient 

type CloudflareClient interface {
	// Tunnel operations
	CreateTunnel(ctx context.Context) (string, string, error)
	DeleteTunnel(ctx context.Context) error
	ValidateAll(ctx context.Context) error
	GetAccountId(ctx context.Context) (string, error)
	GetTunnelId(ctx context.Context) (string, error)
	GetTunnelCreds(ctx context.Context, tunnelSecret string) (string, error)
	GetZoneId(ctx context.Context) (string, error)

	// DNS operations (api.go - CNAME/TXT for tunnels)
	InsertOrUpdateCName(ctx context.Context, fqdn, dnsID string) (string, error)
	DeleteDNSId(ctx context.Context, fqdn, dnsID string, created bool) error
	GetDNSCNameId(ctx context.Context, fqdn string) (string, error)
	GetManagedDnsTxt(ctx context.Context, fqdn string) (string, DnsManagedRecordTxt, bool, error)
	InsertOrUpdateTXT(ctx context.Context, fqdn, txtID, dnsID string) error

	// DNS operations (dns.go - Generic DNS records)
	CreateDNSRecord(ctx context.Context, params DNSRecordParams) (*DNSRecordResult, error)
	GetDNSRecord(ctx context.Context, zoneID, recordID string) (*DNSRecordResult, error)
	UpdateDNSRecord(ctx context.Context, zoneID, recordID string, params DNSRecordParams) (*DNSRecordResult, error)
	DeleteDNSRecord(ctx context.Context, zoneID, recordID string) error

	// Virtual Network operations
	CreateVirtualNetwork(ctx context.Context, params VirtualNetworkParams) (*VirtualNetworkResult, error)
	GetVirtualNetwork(ctx context.Context, virtualNetworkID string) (*VirtualNetworkResult, error)
	GetVirtualNetworkByName(ctx context.Context, name string) (*VirtualNetworkResult, error)
	UpdateVirtualNetwork(ctx context.Context, virtualNetworkID string, params VirtualNetworkParams) (*VirtualNetworkResult, error)
	DeleteVirtualNetwork(ctx context.Context, virtualNetworkID string) error

	// Virtual Network operations (additional)
	GetDefaultVirtualNetwork(ctx context.Context) (*VirtualNetworkResult, error)
	ListVirtualNetworks(ctx context.Context) ([]VirtualNetworkResult, error)

	// Tunnel Route operations
	CreateTunnelRoute(ctx context.Context, params TunnelRouteParams) (*TunnelRouteResult, error)
	GetTunnelRoute(ctx context.Context, network, virtualNetworkID string) (*TunnelRouteResult, error)
	GetTunnelRouteByNetwork(ctx context.Context, network string) (*TunnelRouteResult, error)
	ListTunnelRoutesByNetwork(ctx context.Context, network string) ([]TunnelRouteResult, error)
	UpdateTunnelRoute(ctx context.Context, network string, params TunnelRouteParams) (*TunnelRouteResult, error)
	DeleteTunnelRoute(ctx context.Context, network, virtualNetworkID string) error

	// Access Application operations
	CreateAccessApplication(ctx context.Context, params AccessApplicationParams) (*AccessApplicationResult, error)
	GetAccessApplication(ctx context.Context, applicationID string) (*AccessApplicationResult, error)
	UpdateAccessApplication(ctx context.Context, applicationID string, params AccessApplicationParams) (*AccessApplicationResult, error)
	DeleteAccessApplication(ctx context.Context, applicationID string) error
	ListAccessApplicationsByName(ctx context.Context, name string) (*AccessApplicationResult, error)

	// Access Policy operations
	CreateAccessPolicy(ctx context.Context, params AccessPolicyParams) (*AccessPolicyResult, error)
	GetAccessPolicy(ctx context.Context, applicationID, policyID string) (*AccessPolicyResult, error)
	UpdateAccessPolicy(ctx context.Context, policyID string, params AccessPolicyParams) (*AccessPolicyResult, error)
	DeleteAccessPolicy(ctx context.Context, applicationID, policyID string) error
	ListAccessPolicies(ctx context.Context, applicationID string) ([]AccessPolicyResult, error)

	// Access Group operations
	CreateAccessGroup(ctx context.Context, params AccessGroupParams) (*AccessGroupResult, error)
	GetAccessGroup(ctx context.Context, groupID string) (*AccessGroupResult, error)
	UpdateAccessGroup(ctx context.Context, groupID string, params AccessGroupParams) (*AccessGroupResult, error)
	DeleteAccessGroup(ctx context.Context, groupID string) error
	ListAccessGroupsByName(ctx context.Context, name string) (*AccessGroupResult, error)

	// Access Identity Provider operations
	CreateAccessIdentityProvider(ctx context.Context, params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)
	GetAccessIdentityProvider(ctx context.Context, idpID string) (*AccessIdentityProviderResult, error)
	UpdateAccessIdentityProvider(ctx context.Context, idpID string, params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)
	DeleteAccessIdentityProvider(ctx context.Context, idpID string) error
	ListAccessIdentityProvidersByName(ctx context.Context, name string) (*AccessIdentityProviderResult, error)

	// Access Service Token operations
	GetAccessServiceTokenByName(ctx context.Context, name string) (*AccessServiceTokenResult, error)
	CreateAccessServiceToken(ctx context.Context, name string, duration string) (*AccessServiceTokenResult, error)
	UpdateAccessServiceToken(ctx context.Context, tokenID string, name string, duration string) (*AccessServiceTokenResult, error)
	RefreshAccessServiceToken(ctx context.Context, tokenID string) (*AccessServiceTokenResult, error)
	DeleteAccessServiceToken(ctx context.Context, tokenID string) error

	// Device Posture Rule operations
	CreateDevicePostureRule(ctx context.Context, params DevicePostureRuleParams) (*DevicePostureRuleResult, error)
	GetDevicePostureRule(ctx context.Context, ruleID string) (*DevicePostureRuleResult, error)
	UpdateDevicePostureRule(ctx context.Context, ruleID string, params DevicePostureRuleParams) (*DevicePostureRuleResult, error)
	DeleteDevicePostureRule(ctx context.Context, ruleID string) error
	ListDevicePostureRulesByName(ctx context.Context, name string) (*DevicePostureRuleResult, error)

	// Gateway Rule operations
	CreateGatewayRule(ctx context.Context, params GatewayRuleParams) (*GatewayRuleResult, error)
	GetGatewayRule(ctx context.Context, ruleID string) (*GatewayRuleResult, error)
	UpdateGatewayRule(ctx context.Context, ruleID string, params GatewayRuleParams) (*GatewayRuleResult, error)
	DeleteGatewayRule(ctx context.Context, ruleID string) error
	ListGatewayRulesByName(ctx context.Context, name string) (*GatewayRuleResult, error)

	// Gateway List operations
	CreateGatewayList(ctx context.Context, params GatewayListParams) (*GatewayListResult, error)
	GetGatewayList(ctx context.Context, listID string) (*GatewayListResult, error)
	UpdateGatewayList(ctx context.Context, listID string, params GatewayListParams) (*GatewayListResult, error)
	DeleteGatewayList(ctx context.Context, listID string) error
	ListGatewayListsByName(ctx context.Context, name string) (*GatewayListResult, error)

	// Split Tunnel operations
	GetSplitTunnelExclude(ctx context.Context) ([]SplitTunnelEntry, error)
	UpdateSplitTunnelExclude(ctx context.Context, entries []SplitTunnelEntry) error
	GetSplitTunnelInclude(ctx context.Context) ([]SplitTunnelEntry, error)
	UpdateSplitTunnelInclude(ctx context.Context, entries []SplitTunnelEntry) error

	// Fallback Domain operations
	GetFallbackDomains(ctx context.Context) ([]FallbackDomainEntry, error)
	UpdateFallbackDomains(ctx context.Context, entries []FallbackDomainEntry) error

	// WARP Connector operations
	CreateWARPConnector(ctx context.Context, name string) (*WARPConnectorResult, error)
	GetWARPConnectorToken(ctx context.Context, connectorID string) (*WARPConnectorTokenResult, error)
	DeleteWARPConnector(ctx context.Context, connectorID string) error

	// Gateway Configuration operations
	UpdateGatewayConfiguration(ctx context.Context, params GatewayConfigurationParams) (*GatewayConfigurationResult, error)

	// Pages Project operations
	CreatePagesProject(ctx context.Context, params PagesProjectParams) (*PagesProjectResult, error)
	GetPagesProject(ctx context.Context, projectName string) (*PagesProjectResult, error)
	UpdatePagesProject(ctx context.Context, projectName string, params PagesProjectParams) (*PagesProjectResult, error)
	DeletePagesProject(ctx context.Context, projectName string) error
	ListPagesProjects(ctx context.Context) ([]PagesProjectResult, error)
	PurgePagesProjectBuildCache(ctx context.Context, projectName string) error

	// Pages Domain operations
	AddPagesDomain(ctx context.Context, projectName, domain string) (*PagesDomainResult, error)
	GetPagesDomain(ctx context.Context, projectName, domain string) (*PagesDomainResult, error)
	DeletePagesDomain(ctx context.Context, projectName, domain string) error
	PatchPagesDomain(ctx context.Context, projectName, domain string) (*PagesDomainResult, error)
	ListPagesDomains(ctx context.Context, projectName string) ([]PagesDomainResult, error)

	// Pages Deployment operations
	CreatePagesDeployment(ctx context.Context, projectName, branch string) (*PagesDeploymentResult, error)
	GetPagesDeployment(ctx context.Context, projectName, deploymentID string) (*PagesDeploymentResult, error)
	// DeletePagesDeployment deletes a deployment. If force is true, aliased deployments will be deleted.
	DeletePagesDeployment(ctx context.Context, projectName, deploymentID string, force bool) error
	ListPagesDeployments(ctx context.Context, projectName string) ([]PagesDeploymentResult, error)
	// FindPagesDeploymentByCommitHash finds an existing deployment by commit hash.
	// Returns nil (not error) if no matching deployment is found.
	// This enables idempotent deployment creation based on commit hash.
	FindPagesDeploymentByCommitHash(ctx context.Context, projectName, commitHash string) (*PagesDeploymentResult, error)
	RetryPagesDeployment(ctx context.Context, projectName, deploymentID string) (*PagesDeploymentResult, error)
	RollbackPagesDeployment(ctx context.Context, projectName, deploymentID string) (*PagesDeploymentResult, error)
	GetPagesDeploymentLogs(ctx context.Context, projectName, deploymentID string) (*PagesDeploymentLogsResult, error)

	// Web Analytics (RUM) operations
	EnableWebAnalytics(ctx context.Context, hostname string) (*RUMSite, error)
	GetWebAnalyticsSite(ctx context.Context, hostname string) (*RUMSite, error)
	UpdateWebAnalyticsSite(ctx context.Context, siteTag string, autoInstall bool) (*RUMSite, error)
	DisableWebAnalytics(ctx context.Context, siteTag string) error
}

CloudflareClient defines the interface for interacting with the Cloudflare API. This interface enables dependency injection and mocking for unit tests. The interface is intentionally large to cover all Cloudflare API operations.

type Configuration 

type Configuration struct {
	TunnelID      string                   `yaml:"tunnel" json:"tunnel"`
	Ingress       []UnvalidatedIngressRule `yaml:"ingress,omitempty" json:"ingress,omitempty"`
	WarpRouting   WarpRoutingConfig        `yaml:"warp-routing,omitempty" json:"warp-routing,omitempty"`
	OriginRequest OriginRequestConfig      `yaml:"originRequest,omitempty" json:"originRequest,omitempty"`
	SourceFile    string                   `yaml:"credentials-file" json:"credentials-file"`
	Metrics       string                   `yaml:"metrics,omitempty" json:"metrics,omitempty"`
	NoAutoUpdate  bool                     `yaml:"no-autoupdate,omitempty" json:"no-autoupdate,omitempty"`
}

Configuration is a cloudflared configuration yaml model https://github.com/cloudflare/cloudflared/blob/master/config/configuration.go Note: Both yaml and json tags are required because sigs.k8s.io/yaml uses json.Marshal internally, which only recognizes json tags.

type CustomCertificateSettings 

type CustomCertificateSettings struct {
	Enabled bool
	ID      string
}

CustomCertificateSettings for custom CA.

type DNSRecordDataParams 

type DNSRecordDataParams struct {
	// For SRV records
	Service string
	Proto   string
	Weight  int
	Port    int
	Target  string

	// For CAA records
	Flags int
	Tag   string
	Value string

	// For CERT/SSHFP/TLSA records
	Algorithm    int
	Certificate  string
	KeyTag       int
	Usage        int
	Selector     int
	MatchingType int

	// For LOC records
	LatDegrees    int
	LatMinutes    int
	LatSeconds    string
	LatDirection  string
	LongDegrees   int
	LongMinutes   int
	LongSeconds   string
	LongDirection string
	Altitude      string
	Size          string
	PrecisionHorz string
	PrecisionVert string

	// For URI records
	ContentURI string
}

DNSRecordDataParams contains structured data for special DNS record types.

type DNSRecordParams 

type DNSRecordParams struct {
	Name     string
	Type     string
	Content  string
	TTL      int
	Proxied  bool
	Priority *int
	Comment  string
	Tags     []string
	Data     *DNSRecordDataParams
}

DNSRecordParams contains parameters for creating/updating a DNS record.

type DNSRecordResult 

type DNSRecordResult struct {
	ID      string
	ZoneID  string
	Name    string
	Type    string
	Content string
	TTL     int
	Proxied bool
}

DNSRecordResult contains the result of a DNS record operation.

type DefaultClientFactory 

type DefaultClientFactory struct{}

DefaultClientFactory creates real CloudflareClient instances.

func (*DefaultClientFactory) NewClient 

func (*DefaultClientFactory) NewClient(config ClientConfig) (CloudflareClient, error)

NewClient creates a new CloudflareClient using the real Cloudflare API. If CLOUDFLARE_API_BASE_URL environment variable is set, it uses that as the API base URL.

type DevicePostureInputParams 

type DevicePostureInputParams struct {
	ID               string
	Path             string
	Exists           *bool
	Sha256           string
	Thumbprint       string
	Running          *bool
	RequireAll       *bool
	Enabled          *bool
	Version          string
	Operator         string
	Domain           string
	ComplianceStatus string
	ConnectionID     string
	LastSeen         string
	EidLastSeen      string
	ActiveThreats    *int
	Infected         *bool
	IsActive         *bool
	NetworkStatus    string
	SensorConfig     string
	VersionOperator  string
	CountOperator    string
	ScoreOperator    string
	IssueCount       *int
	Score            *int
	TotalScore       *int
	RiskLevel        string
	Overall          string
	State            string
	OperationalState string
	OSDistroName     string
	OSDistroRevision string
	OSVersionExtra   string
	OS               string
	OperatingSystem  string
	CertificateID    string
	CommonName       string
	Cn               string
	CheckPrivateKey  *bool
	ExtendedKeyUsage []string
	Locations        []DevicePostureLocationParams
	CheckDisks       []string
}

DevicePostureInputParams contains rule-specific input for Device Posture Rule.

type DevicePostureLocationParams 

type DevicePostureLocationParams struct {
	Paths       []string
	TrustStores []string
}

DevicePostureLocationParams contains location parameters for Device Posture Rule.

type DevicePostureMatchParams 

type DevicePostureMatchParams struct {
	Platform string
}

DevicePostureMatchParams contains platform matching for Device Posture Rule.

type DevicePostureRuleParams 

type DevicePostureRuleParams struct {
	Name        string
	Type        string
	Description string
	Schedule    string
	Expiration  string
	Match       []DevicePostureMatchParams
	Input       *DevicePostureInputParams
}

DevicePostureRuleParams contains parameters for a Device Posture Rule.

type DevicePostureRuleResult 

type DevicePostureRuleResult struct {
	ID          string
	Name        string
	Type        string
	Description string
	AccountID   string
}

DevicePostureRuleResult contains the result of a Device Posture Rule operation.

type DnsManagedRecordTxt 

type DnsManagedRecordTxt struct {
	DnsId      string // DnsId of the managed record
	TunnelName string // TunnelName of the managed record
	TunnelId   string // TunnelId of the managed record
}

DnsManagedRecordTxt object that represents each managed DNS record in a separate TXT record

type ErrorCategory 

type ErrorCategory string

ErrorCategory classifies errors for retry decision making 

const (
	// ErrorCategoryPermanent indicates errors that will never succeed with retry
	// Examples: NotFound, ValidationError, AuthError
	ErrorCategoryPermanent ErrorCategory = "Permanent"

	// ErrorCategoryTransient indicates temporary errors that may succeed with retry
	// Examples: RateLimit, Timeout, 5xx errors
	ErrorCategoryTransient ErrorCategory = "Transient"

	// ErrorCategoryUnknown indicates errors that cannot be classified
	// These are treated as transient with limited retries
	ErrorCategoryUnknown ErrorCategory = "Unknown"
)

func ClassifyError 

func ClassifyError(err error) ErrorCategory

ClassifyError categorizes an error for retry decision making

type FIPSSettings 

type FIPSSettings struct {
	TLS bool
}

FIPSSettings for FIPS compliance.

type FailureReason 

type FailureReason string

FailureReason provides a human-readable reason for permanent failures 

const (
	// FailureReasonNotFound indicates the resource does not exist
	FailureReasonNotFound FailureReason = "NotFound"

	// FailureReasonAuthError indicates authentication/authorization failure
	FailureReasonAuthError FailureReason = "AuthError"

	// FailureReasonValidationError indicates invalid configuration
	FailureReasonValidationError FailureReason = "ValidationError"

	// FailureReasonMaxRetriesExceeded indicates retry limit was reached
	FailureReasonMaxRetriesExceeded FailureReason = "MaxRetriesExceeded"

	// FailureReasonNonRetryable indicates the error type should not be retried
	FailureReasonNonRetryable FailureReason = "NonRetryable"
)

func GetFailureReason 

func GetFailureReason(err error) FailureReason

GetFailureReason returns a FailureReason for permanent errors

type FallbackDomainEntry 

type FallbackDomainEntry struct {
	Suffix      string   `json:"suffix"`
	Description string   `json:"description,omitempty"`
	DNSServer   []string `json:"dns_server,omitempty"`
}

FallbackDomainEntry represents a fallback domain configuration entry.

type GatewayAuditSSHParams 

type GatewayAuditSSHParams struct {
	CommandLogging bool
}

GatewayAuditSSHParams for SSH audit settings.

type GatewayBISOAdminControlsParams 

type GatewayBISOAdminControlsParams struct {
	DisablePrinting             *bool
	DisableCopyPaste            *bool
	DisableDownload             *bool
	DisableUpload               *bool
	DisableKeyboard             *bool
	DisableClipboardRedirection *bool
}

GatewayBISOAdminControlsParams for browser isolation controls.

type GatewayCheckSessionParams 

type GatewayCheckSessionParams struct {
	Enforce  bool
	Duration string
}

GatewayCheckSessionParams for session check settings.

type GatewayConfigurationParams 

type GatewayConfigurationParams struct {
	TLSDecrypt        *TLSDecryptSettings
	ActivityLog       *ActivityLogSettings
	AntiVirus         *AntiVirusSettings
	BlockPage         *BlockPageSettings
	BodyScanning      *BodyScanningSettings
	BrowserIsolation  *BrowserIsolationSettings
	FIPS              *FIPSSettings
	ProtocolDetection *ProtocolDetectionSettings
	CustomCertificate *CustomCertificateSettings
}

GatewayConfigurationParams contains parameters for Gateway Configuration.

type GatewayConfigurationResult 

type GatewayConfigurationResult struct {
	AccountID string
}

GatewayConfigurationResult contains the result of a Gateway Configuration operation.

type GatewayDNSResolverEntryParams 

type GatewayDNSResolverEntryParams struct {
	IP                         string
	Port                       int
	VNetID                     string
	RouteThroughPrivateNetwork *bool
}

GatewayDNSResolverEntryParams for a single DNS resolver.

type GatewayDNSResolversParams 

type GatewayDNSResolversParams struct {
	IPv4 []GatewayDNSResolverEntryParams
	IPv6 []GatewayDNSResolverEntryParams
}

GatewayDNSResolversParams for custom DNS resolvers.

type GatewayEgressParams 

type GatewayEgressParams struct {
	IPv4         string
	IPv6         string
	IPv4Fallback string
}

GatewayEgressParams for egress settings.

type GatewayL4OverrideParams 

type GatewayL4OverrideParams struct {
	IP   string
	Port int
}

GatewayL4OverrideParams for L4 override settings.

type GatewayListItem 

type GatewayListItem struct {
	Value       string
	Description string
}

GatewayListItem represents an item in a Gateway List.

type GatewayListParams 

type GatewayListParams struct {
	Name        string
	Description string
	Type        string // SERIAL, URL, DOMAIN, EMAIL, IP
	Items       []GatewayListItem
}

GatewayListParams contains parameters for a Gateway List.

type GatewayListResult 

type GatewayListResult struct {
	ID          string
	Name        string
	Description string
	Type        string
	Count       int
	AccountID   string
}

GatewayListResult contains the result of a Gateway List operation.

type GatewayNotificationSettingsParams 

type GatewayNotificationSettingsParams struct {
	Enabled    bool
	Message    string
	SupportURL string
}

GatewayNotificationSettingsParams for notification settings.

type GatewayPayloadLogParams 

type GatewayPayloadLogParams struct {
	Enabled bool
}

GatewayPayloadLogParams for payload logging.

type GatewayQuarantineParams 

type GatewayQuarantineParams struct {
	FileTypes []string
}

GatewayQuarantineParams for quarantine settings.

type GatewayResolveDNSInternallyParams 

type GatewayResolveDNSInternallyParams struct {
	ViewID   string
	Fallback string // "none", "public_dns", etc.
}

GatewayResolveDNSInternallyParams for internal DNS resolution.

type GatewayRuleExpirationParams 

type GatewayRuleExpirationParams struct {
	ExpiresAt string
	Duration  string
}

GatewayRuleExpirationParams for rule expiration.

type GatewayRuleParams 

type GatewayRuleParams struct {
	Name          string
	Description   string
	Precedence    int
	Enabled       bool
	Action        string
	Filters       []cloudflare.TeamsFilterType
	Traffic       string
	Identity      string
	DevicePosture string
	RuleSettings  *GatewayRuleSettingsParams
	Schedule      *GatewayRuleScheduleParams
	Expiration    *GatewayRuleExpirationParams
}

GatewayRuleParams contains parameters for a Gateway Rule.

type GatewayRuleResult 

type GatewayRuleResult struct {
	ID          string
	Name        string
	Description string
	Precedence  int
	Enabled     bool
	Action      string
}

GatewayRuleResult contains the result of a Gateway Rule operation.

type GatewayRuleScheduleParams 

type GatewayRuleScheduleParams struct {
	TimeZone string
	Mon      string
	Tue      string
	Wed      string
	Thu      string
	Fri      string
	Sat      string
	Sun      string
}

GatewayRuleScheduleParams for rule scheduling.

type GatewayRuleSettingsParams 

type GatewayRuleSettingsParams struct {
	BlockPageEnabled                *bool
	BlockReason                     string
	OverrideIPs                     []string
	OverrideHost                    string
	L4Override                      *GatewayL4OverrideParams
	BISOAdminControls               *GatewayBISOAdminControlsParams
	CheckSession                    *GatewayCheckSessionParams
	AddHeaders                      map[string]string
	InsecureDisableDNSSECValidation *bool
	Egress                          *GatewayEgressParams
	PayloadLog                      *GatewayPayloadLogParams
	UntrustedCertAction             string
	AuditSSH                        *GatewayAuditSSHParams
	ResolveDNSInternally            *GatewayResolveDNSInternallyParams
	ResolveDNSThroughCloudflare     *bool
	DNSResolvers                    *GatewayDNSResolversParams
	NotificationSettings            *GatewayNotificationSettingsParams
	AllowChildBypass                *bool
	BypassParentRule                *bool
	IgnoreCNAMECategoryMatches      *bool
	IPCategories                    *bool
	IPIndicatorFeeds                *bool
	Quarantine                      *GatewayQuarantineParams
}

GatewayRuleSettingsParams contains settings for a Gateway Rule.

type HybridAndImplicitOptionsParams 

type HybridAndImplicitOptionsParams struct {
	ReturnIDTokenFromAuthorizationEndpoint     *bool
	ReturnAccessTokenFromAuthorizationEndpoint *bool
}

HybridAndImplicitOptionsParams represents hybrid and implicit flow options.

type IngressIPRule 

type IngressIPRule struct {
	Prefix *string `yaml:"prefix,omitempty" json:"prefix,omitempty"`
	Ports  []int   `yaml:"ports,omitempty" json:"ports,omitempty"`
	Allow  bool    `yaml:"allow,omitempty" json:"allow,omitempty"`
}

IngressIPRule is a cloudflared origin ingress IP rule config model

type MergeOptions 

type MergeOptions struct {
	// Source identifies the controller/source of this configuration fragment.
	// Used for logging and debugging. Examples: "TunnelBinding/default/my-binding",
	// "Ingress/default/my-ingress", "Gateway/default/my-gateway", "Tunnel/my-tunnel"
	Source string

	// PreviousHostnames contains the hostnames that were previously synced by this source.
	// These will be removed from the remote configuration before adding CurrentRules.
	// This allows proper cleanup when a source's rules change.
	PreviousHostnames []string

	// CurrentRules contains the ingress rules to add to the configuration.
	// These rules will be merged with existing rules from other sources.
	// The last rule should be the catch-all rule (empty hostname with service).
	CurrentRules []UnvalidatedIngressRule

	// WarpRouting controls WARP routing state.
	// - nil: preserve existing warp-routing state (default)
	// - &WarpRoutingConfig{Enabled: true}: explicitly enable warp-routing
	// - &WarpRoutingConfig{Enabled: false}: explicitly disable warp-routing
	WarpRouting *WarpRoutingConfig

	// FallbackTarget is the service URL for the catch-all rule (e.g., "http_status:404").
	// - "": preserve existing fallback target
	// - non-empty: set/override the fallback target
	FallbackTarget string

	// GlobalOriginRequest is the global origin request configuration.
	// - nil: preserve existing global origin request config
	// - non-nil: set/override the global origin request config
	GlobalOriginRequest *OriginRequestConfig
}

MergeOptions defines the options for merging tunnel configuration. Each controller provides its own configuration fragment, and MergeAndSync merges it with the existing remote configuration to avoid race conditions.

type MergeSyncResult 

type MergeSyncResult struct {
	// Version is the new configuration version after update.
	Version int `json:"version"`

	// SyncedHostnames contains all hostnames that were synced by this operation.
	// Controllers should store this in their Status for tracking.
	SyncedHostnames []string `json:"syncedHostnames"`
}

MergeSyncResult contains the result of a MergeAndSync operation.

type MinifySettings 

type MinifySettings struct {
	HTML bool `json:"html"`
	CSS  bool `json:"css"`
	JS   bool `json:"js"`
}

MinifySettings represents minification settings

type NotificationSettings 

type NotificationSettings struct {
	Enabled    bool
	Message    string
	SupportURL string
}

NotificationSettings for antivirus notifications.

type OIDCClaimConfigParams 

type OIDCClaimConfigParams struct {
	Name     string
	Source   OIDCClaimSourceParams
	Required bool
	Scope    string
}

OIDCClaimConfigParams represents an OIDC claim configuration.

type OIDCClaimSourceParams 

type OIDCClaimSourceParams struct {
	Name      string
	NameByIDP map[string]string
}

OIDCClaimSourceParams represents the source of an OIDC claim.

type OriginCACertificateParams 

type OriginCACertificateParams struct {
	Hostnames       []string
	RequestType     string // "origin-rsa" or "origin-ecc"
	RequestValidity int    // days: 7, 30, 90, 365, 730, 1095, 5475
	CSR             string
}

OriginCACertificateParams contains parameters for creating an Origin CA certificate

type OriginCACertificateResult 

type OriginCACertificateResult struct {
	ID          string
	Certificate string
	Hostnames   []string
	ExpiresOn   time.Time
	RequestType string
	CSR         string
}

OriginCACertificateResult contains the result of an Origin CA certificate operation

type OriginRequestConfig 

type OriginRequestConfig struct {
	// HTTP proxy timeout for establishing a new connection
	ConnectTimeout *time.Duration `yaml:"connectTimeout,omitempty" json:"connectTimeout,omitempty"`
	// HTTP proxy timeout for completing a TLS handshake
	TLSTimeout *time.Duration `yaml:"tlsTimeout,omitempty" json:"tlsTimeout,omitempty"`
	// HTTP proxy TCP keepalive duration
	TCPKeepAlive *time.Duration `yaml:"tcpKeepAlive,omitempty" json:"tcpKeepAlive,omitempty"`
	// HTTP proxy should disable "happy eyeballs" for IPv4/v6 fallback
	NoHappyEyeballs *bool `yaml:"noHappyEyeballs,omitempty" json:"noHappyEyeballs,omitempty"`
	// HTTP proxy maximum keepalive connection pool size
	KeepAliveConnections *int `yaml:"keepAliveConnections,omitempty" json:"keepAliveConnections,omitempty"`
	// HTTP proxy timeout for closing an idle connection
	KeepAliveTimeout *time.Duration `yaml:"keepAliveTimeout,omitempty" json:"keepAliveTimeout,omitempty"`
	// Sets the HTTP Host header for the local webserver.
	HTTPHostHeader *string `yaml:"httpHostHeader,omitempty" json:"httpHostHeader,omitempty"`
	// Hostname on the origin server certificate.
	OriginServerName *string `yaml:"originServerName,omitempty" json:"originServerName,omitempty"`
	// Path to the CA for the certificate of your origin.
	// This option should be used only if your certificate is not signed by Cloudflare.
	CAPool *string `yaml:"caPool,omitempty" json:"caPool,omitempty"`
	// Disables TLS verification of the certificate presented by your origin.
	// Will allow any certificate from the origin to be accepted.
	// Note: The connection from your machine to Cloudflare's Edge is still encrypted.
	NoTLSVerify *bool `yaml:"noTLSVerify,omitempty" json:"noTLSVerify,omitempty"`
	// Attempt to connect to origin using HTTP2. Origin must be configured as https.
	HTTP2Origin *bool `yaml:"http2Origin,omitempty" json:"http2Origin,omitempty"`
	// Disables chunked transfer encoding.
	// Useful if you are running a WSGI server.
	DisableChunkedEncoding *bool `yaml:"disableChunkedEncoding,omitempty" json:"disableChunkedEncoding,omitempty"`
	// Runs as jump host
	BastionMode *bool `yaml:"bastionMode,omitempty" json:"bastionMode,omitempty"`
	// Listen address for the proxy.
	ProxyAddress *string `yaml:"proxyAddress,omitempty" json:"proxyAddress,omitempty"`
	// Listen port for the proxy.
	ProxyPort *uint `yaml:"proxyPort,omitempty" json:"proxyPort,omitempty"`
	// Valid options are 'socks' or empty.
	ProxyType *string `yaml:"proxyType,omitempty" json:"proxyType,omitempty"`
	// IP rules for the proxy service
	IPRules []IngressIPRule `yaml:"ipRules,omitempty" json:"ipRules,omitempty"`
}

OriginRequestConfig is a cloudflared origin request configuration model

type PagesBuildConfig 

type PagesBuildConfig struct {
	BuildCommand      string
	DestinationDir    string
	RootDir           string
	BuildCaching      *bool
	WebAnalyticsTag   string
	WebAnalyticsToken string
}

PagesBuildConfig defines build configuration

type PagesDeploymentConfigs 

type PagesDeploymentConfigs struct {
	Preview    *PagesDeploymentEnvConfig
	Production *PagesDeploymentEnvConfig
}

PagesDeploymentConfigs contains preview and production configs

type PagesDeploymentEnvConfig 

type PagesDeploymentEnvConfig struct {
	EnvironmentVariables    map[string]PagesEnvVar
	CompatibilityDate       string
	CompatibilityFlags      []string
	D1Bindings              map[string]string // name -> databaseID
	KVBindings              map[string]string // name -> namespaceID
	R2Bindings              map[string]string // name -> bucketName
	ServiceBindings         map[string]PagesServiceBindingConfig
	DurableObjectBindings   map[string]PagesDurableObjectBindingConfig
	QueueBindings           map[string]string // name -> queueName
	AIBindings              []string          // binding names
	VectorizeBindings       map[string]string // name -> indexName
	HyperdriveBindings      map[string]string // name -> configID
	MTLSCertificates        map[string]string // name -> certificateID
	BrowserBinding          string            // binding name
	PlacementMode           string
	UsageModel              string
	FailOpen                *bool
	AlwaysUseLatestCompDate *bool
}

PagesDeploymentEnvConfig defines environment-specific configuration

type PagesDeploymentLogEntry 

type PagesDeploymentLogEntry struct {
	Timestamp time.Time
	Message   string
}

PagesDeploymentLogEntry represents a log entry

type PagesDeploymentLogsResult 

type PagesDeploymentLogsResult struct {
	Total            int
	IncludesContents bool
	Data             []PagesDeploymentLogEntry
}

PagesDeploymentLogsResult contains deployment logs

type PagesDeploymentMetadata 

type PagesDeploymentMetadata struct {
	// Branch is the branch name for this deployment.
	Branch string
	// CommitHash is the commit identifier (e.g., "a1b2c3d4e5f6").
	CommitHash string
	// CommitMessage is a description of this deployment.
	CommitMessage string
	// CommitDirty indicates if the repository has uncommitted changes.
	CommitDirty *bool
}

PagesDeploymentMetadata contains metadata for creating deployments. These fields are passed to Cloudflare API as deployment trigger metadata.

type PagesDeploymentResult 

type PagesDeploymentResult struct {
	ID               string
	ShortID          string
	ProjectID        string
	ProjectName      string
	Environment      string
	URL              string
	ProductionBranch string
	CreatedOn        time.Time
	ModifiedOn       time.Time
	Stage            string
	StageStatus      string
	Stages           []PagesDeploymentStage
	// Aliases contains all URLs for this deployment (hash URL, branch URL, etc.)
	Aliases []string
	// DeploymentTrigger contains trigger information from Cloudflare
	DeploymentTrigger *PagesDeploymentTrigger
}

PagesDeploymentResult contains the result of a Pages deployment operation

type PagesDeploymentStage 

type PagesDeploymentStage struct {
	Name      string
	StartedOn string
	EndedOn   string
	Status    string
}

PagesDeploymentStage represents a deployment stage

type PagesDeploymentTrigger 

type PagesDeploymentTrigger struct {
	// Type is the trigger type (e.g., "ad_hoc", "push").
	Type string
	// Metadata contains the trigger metadata.
	Metadata *PagesDeploymentTriggerMetadata
}

PagesDeploymentTrigger contains deployment trigger information from Cloudflare.

type PagesDeploymentTriggerMetadata 

type PagesDeploymentTriggerMetadata struct {
	Branch        string
	CommitHash    string
	CommitMessage string
	CommitDirty   bool
}

PagesDeploymentTriggerMetadata contains the metadata within a deployment trigger.

type PagesDirectUploadResult 

type PagesDirectUploadResult struct {
	ID    string `json:"id"`
	URL   string `json:"url"`
	Stage string `json:"stage"`
}

PagesDirectUploadResult contains the result of a direct upload deployment.

type PagesDomainResult 

type PagesDomainResult struct {
	ID               string
	Name             string
	Status           string
	ZoneTag          string
	ValidationMethod string
	ValidationStatus string
	CreatedOn        time.Time
}

PagesDomainResult contains the result of a Pages domain operation

type PagesDurableObjectBindingConfig 

type PagesDurableObjectBindingConfig struct {
	ClassName       string
	ScriptName      string
	EnvironmentName string
}

PagesDurableObjectBindingConfig defines a Durable Object binding

type PagesEnvVar 

type PagesEnvVar struct {
	Value string
	Type  string // "plain_text" or "secret_text"
}

PagesEnvVar defines an environment variable

type PagesGitHubConfig 

type PagesGitHubConfig struct {
	Owner                        string
	Repo                         string
	ProductionDeploymentsEnabled *bool
	PreviewDeploymentsEnabled    *bool
	PRCommentsEnabled            *bool
	DeploymentsEnabled           *bool
}

PagesGitHubConfig defines GitHub source configuration

type PagesGitLabConfig 

type PagesGitLabConfig struct {
	Owner                        string
	Repo                         string
	ProductionDeploymentsEnabled *bool
	PreviewDeploymentsEnabled    *bool
	DeploymentsEnabled           *bool
}

PagesGitLabConfig defines GitLab source configuration

type PagesProjectParams 

type PagesProjectParams struct {
	Name             string
	ProductionBranch string
	Source           *PagesSourceConfig
	BuildConfig      *PagesBuildConfig
	DeploymentConfig *PagesDeploymentConfigs
}

PagesProjectParams contains parameters for creating or updating a Pages project

type PagesProjectResult 

type PagesProjectResult struct {
	ID               string
	Name             string
	Subdomain        string
	Domains          []string
	ProductionBranch string
	CreatedOn        time.Time
	Source           *PagesSourceConfig
	BuildConfig      *PagesBuildConfig
	LatestDeployment *PagesDeploymentResult
}

PagesProjectResult contains the result of a Pages project operation

type PagesServiceBindingConfig 

type PagesServiceBindingConfig struct {
	Service     string
	Environment string
}

PagesServiceBindingConfig defines a service binding

type PagesSourceConfig 

type PagesSourceConfig struct {
	Type   string
	GitHub *PagesGitHubConfig
	GitLab *PagesGitLabConfig
}

PagesSourceConfig defines the source configuration

type PagesSpecialFiles 

type PagesSpecialFiles struct {
	// Headers is the _headers file content
	Headers []byte
	// Redirects is the _redirects file content
	Redirects []byte
	// RoutesJSON is the _routes.json file content
	RoutesJSON []byte
	// WorkerJS is the _worker.js file content (mutually exclusive with WorkerBundle)
	WorkerJS []byte
	// WorkerBundle is the _worker.bundle file content (mutually exclusive with WorkerJS)
	WorkerBundle []byte
}

PagesSpecialFiles contains special Pages configuration files. These are uploaded as separate form fields instead of being included in the manifest.

type ProtocolDetectionSettings 

type ProtocolDetectionSettings struct {
	Enabled bool
}

ProtocolDetectionSettings for protocol detection.

type Queue 

type Queue struct {
	ID         string `json:"queue_id"`
	Name       string `json:"queue_name"`
	CreatedOn  string `json:"created_on,omitempty"`
	ModifiedOn string `json:"modified_on,omitempty"`
}

Queue represents a Cloudflare Queue

type R2BucketParams 

type R2BucketParams struct {
	Name         string
	LocationHint string
}

R2BucketParams contains parameters for creating an R2 bucket

type R2BucketResult 

type R2BucketResult struct {
	Name         string
	Location     string
	CreationDate time.Time
}

R2BucketResult contains the result of an R2 bucket operation

type R2CORSRule 

type R2CORSRule struct {
	ID             string   `json:"id,omitempty"`
	AllowedOrigins []string `json:"allowedOrigins"`
	AllowedMethods []string `json:"allowedMethods"`
	AllowedHeaders []string `json:"allowedHeaders,omitempty"`
	ExposeHeaders  []string `json:"exposeHeaders,omitempty"`
	MaxAgeSeconds  *int     `json:"maxAgeSeconds,omitempty"`
}

R2CORSRule represents a CORS rule for an R2 bucket

type R2CustomDomain 

type R2CustomDomain struct {
	Domain   string         `json:"domain"`
	Enabled  bool           `json:"enabled"`
	Status   R2DomainStatus `json:"status"`
	MinTLS   string         `json:"minTLS,omitempty"`
	ZoneID   string         `json:"zoneId,omitempty"`
	ZoneName string         `json:"zoneName,omitempty"`
}

R2CustomDomain represents a custom domain attached to an R2 bucket

type R2CustomDomainParams 

type R2CustomDomainParams struct {
	Domain  string `json:"domain"`
	ZoneID  string `json:"zoneId,omitempty"`
	MinTLS  string `json:"minTLS,omitempty"`
	Enabled bool   `json:"enabled"`
}

R2CustomDomainParams contains parameters for attaching a custom domain

type R2DomainStatus 

type R2DomainStatus struct {
	Ownership string `json:"ownership,omitempty"`
	SSL       string `json:"ssl,omitempty"`
}

R2DomainStatus represents the status of an R2 custom domain

type R2LifecycleAbortUpload 

type R2LifecycleAbortUpload struct {
	DaysAfterInitiation int `json:"daysAfterInitiation"`
}

R2LifecycleAbortUpload represents abort incomplete upload settings

type R2LifecycleExpiration 

type R2LifecycleExpiration struct {
	Days *int   `json:"days,omitempty"`
	Date string `json:"date,omitempty"`
}

R2LifecycleExpiration represents expiration settings

type R2LifecycleRule 

type R2LifecycleRule struct {
	ID                             string                  `json:"id"`
	Enabled                        bool                    `json:"enabled"`
	Prefix                         string                  `json:"prefix,omitempty"`
	Expiration                     *R2LifecycleExpiration  `json:"expiration,omitempty"`
	AbortIncompleteMultipartUpload *R2LifecycleAbortUpload `json:"abortIncompleteMultipartUpload,omitempty"`
}

R2LifecycleRule represents a lifecycle rule for an R2 bucket

type R2NotificationRule 

type R2NotificationRule struct {
	RuleID      string   `json:"ruleId,omitempty"`
	Prefix      string   `json:"prefix,omitempty"`
	Suffix      string   `json:"suffix,omitempty"`
	EventTypes  []string `json:"eventType"`
	Description string   `json:"description,omitempty"`
}

R2NotificationRule represents a notification rule

type RUMRule 

type RUMRule struct {
	ID          string   `json:"id,omitempty"`
	Host        string   `json:"host,omitempty"`
	Paths       []string `json:"paths,omitempty"`
	IsPageviews bool     `json:"is_pageveiws,omitempty"`
	Inclusive   bool     `json:"inclusive,omitempty"`
	IsPaused    bool     `json:"is_paused,omitempty"`
	Priority    int      `json:"priority,omitempty"`
	CreatedAt   string   `json:"created,omitempty"`
}

RUMRule represents a Web Analytics rule.

type RUMRuleset 

type RUMRuleset struct {
	ID       string    `json:"id,omitempty"`
	ZoneTag  string    `json:"zone_tag,omitempty"`
	ZoneName string    `json:"zone_name,omitempty"`
	Enabled  bool      `json:"enabled"`
	Rules    []RUMRule `json:"rules,omitempty"`
}

RUMRuleset contains ruleset configuration.

type RUMSite 

type RUMSite struct {
	// SiteTag is the unique identifier for the site
	SiteTag string `json:"site_tag,omitempty"`
	// SiteToken is the token used for tracking
	SiteToken string `json:"site_token,omitempty"`
	// Host is the hostname being tracked
	Host string `json:"host,omitempty"`
	// ZoneTag is the zone ID if applicable
	ZoneTag string `json:"zone_tag,omitempty"`
	// AutoInstall enables automatic script injection
	AutoInstall bool `json:"auto_install"`
	// Ruleset contains rule configuration
	Ruleset *RUMRuleset `json:"ruleset,omitempty"`
}

RUMSite represents a Web Analytics site configuration.

type RefreshTokenOptionsParams 

type RefreshTokenOptionsParams struct {
	Lifetime string
}

RefreshTokenOptionsParams represents refresh token options.

type RegistrantContactInfo 

type RegistrantContactInfo struct {
	ID           string
	FirstName    string
	LastName     string
	Organization string
	Address      string
	Address2     string
	City         string
	State        string
	Zip          string
	Country      string
	Phone        string
	Email        string
	Fax          string
}

RegistrantContactInfo contains registrant contact information

type RegistrarDomainConfig 

type RegistrarDomainConfig struct {
	NameServers []string
	Privacy     bool
	Locked      bool
	AutoRenew   bool
}

RegistrarDomainConfig contains domain configuration

type RegistrarDomainInfo 

type RegistrarDomainInfo struct {
	ID                string
	Available         bool
	SupportedTLD      bool
	CanRegister       bool
	CurrentRegistrar  string
	ExpiresAt         time.Time
	CreatedAt         time.Time
	UpdatedAt         time.Time
	RegistryStatuses  string
	Locked            bool
	TransferInStatus  string // Combined transfer status
	CanCancelTransfer bool
	RegistrantContact *RegistrantContactInfo
}

RegistrarDomainInfo contains information about a registered domain

type RetryConfig 

type RetryConfig struct {
	// BaseDelay is the initial delay before retry
	BaseDelay time.Duration
	// MaxDelay is the maximum delay between retries
	MaxDelay time.Duration
	// MaxRetries is the maximum number of retries (0 = no limit)
	MaxRetries int
	// RetryCount tracks the current retry count (for exponential backoff)
	RetryCount int
}

RetryConfig holds configuration for retry behavior

func DefaultRetryConfig 

func DefaultRetryConfig() RetryConfig

DefaultRetryConfig returns a default retry configuration

type ReusableAccessPolicyParams 

type ReusableAccessPolicyParams struct {
	Name                         string
	Decision                     string // allow, deny, bypass, non_identity
	Precedence                   int
	Include                      []AccessGroupRuleParams
	Exclude                      []AccessGroupRuleParams
	Require                      []AccessGroupRuleParams
	SessionDuration              *string
	IsolationRequired            *bool
	PurposeJustificationRequired *bool
	PurposeJustificationPrompt   string
	ApprovalRequired             *bool
	ApprovalGroups               []AccessApprovalGroupParams
}

ReusableAccessPolicyParams contains parameters for creating/updating a reusable Access Policy.

type ReusableAccessPolicyResult 

type ReusableAccessPolicyResult struct {
	ID         string
	Name       string
	Decision   string
	Precedence int
}

ReusableAccessPolicyResult contains the result of a reusable Access Policy operation.

type RulesetResult 

type RulesetResult struct {
	ID          string
	Name        string
	Description string
	Kind        string
	Phase       string
	Version     string
	LastUpdated time.Time
	Rules       []cloudflare.RulesetRule
}

RulesetResult contains the result of a ruleset operation

type SAMLAttributeConfigParams 

type SAMLAttributeConfigParams struct {
	Name         string
	NameFormat   string
	Source       SAMLAttributeSourceParams
	FriendlyName string
	Required     bool
}

SAMLAttributeConfigParams represents a SAML attribute configuration.

type SAMLAttributeSourceParams 

type SAMLAttributeSourceParams struct {
	Name      string
	NameByIDP map[string]string
}

SAMLAttributeSourceParams represents the source of a SAML attribute.

type SCIMAuthenticationParams 

type SCIMAuthenticationParams struct {
	Scheme           string // httpbasic, oauthbearertoken, oauth2
	User             string
	Password         string
	Token            string
	ClientID         string
	ClientSecret     string
	AuthorizationURL string
	TokenURL         string
	Scopes           []string
}

SCIMAuthenticationParams represents SCIM authentication.

type SCIMMappingOperationsParams 

type SCIMMappingOperationsParams struct {
	Create *bool
	Update *bool
	Delete *bool
}

SCIMMappingOperationsParams represents SCIM mapping operations.

type SCIMMappingParams 

type SCIMMappingParams struct {
	Schema           string
	Enabled          *bool
	Filter           string
	TransformJsonata string
	Operations       *SCIMMappingOperationsParams
	Strictness       string
}

SCIMMappingParams represents a SCIM mapping.

type SaasApplicationParams 

type SaasApplicationParams struct {
	AuthType                      string // saml, oidc
	ConsumerServiceURL            string
	SPEntityID                    string
	NameIDFormat                  string
	DefaultRelayState             string
	CustomAttributes              []SAMLAttributeConfigParams
	NameIDTransformJsonata        string
	SamlAttributeTransformJsonata string
	RedirectURIs                  []string
	GrantTypes                    []string
	Scopes                        []string
	AppLauncherURL                string
	GroupFilterRegex              string
	CustomClaims                  []OIDCClaimConfigParams
	AllowPKCEWithoutClientSecret  *bool
	AccessTokenLifetime           string
	RefreshTokenOptions           *RefreshTokenOptionsParams
	HybridAndImplicitOptions      *HybridAndImplicitOptionsParams
}

SaasApplicationParams represents SaaS application configuration.

type SplitTunnelEntry 

type SplitTunnelEntry struct {
	Address     string `json:"address,omitempty"`
	Host        string `json:"host,omitempty"`
	Description string `json:"description,omitempty"`
}

SplitTunnelEntry represents a split tunnel configuration entry.

type TLSDecryptSettings 

type TLSDecryptSettings struct {
	Enabled bool
}

TLSDecryptSettings for TLS decryption.

type TunnelConfigurationResult 

type TunnelConfigurationResult = cloudflare.TunnelConfigurationResult

TunnelConfigurationResult is an alias for cloudflare.TunnelConfigurationResult for use in the controller package without direct cloudflare-go imports.

type TunnelCreateResult 

type TunnelCreateResult struct {
	ID          string
	Name        string
	Credentials *TunnelCredentialsFile
}

TunnelCreateResult contains the result of a tunnel creation.

type TunnelCredentialsFile 

type TunnelCredentialsFile struct {
	AccountTag   string `json:"AccountTag"`
	TunnelID     string `json:"TunnelID"`
	TunnelName   string `json:"TunnelName"`
	TunnelSecret string `json:"TunnelSecret"`
}

TunnelCredentialsFile object containing the fields that make up a Cloudflare Tunnel's credentials

type TunnelRouteParams 

type TunnelRouteParams struct {
	Network          string // CIDR notation
	TunnelID         string
	VirtualNetworkID string
	Comment          string
}

TunnelRouteParams contains parameters for creating a Tunnel Route.

type TunnelRouteResult 

type TunnelRouteResult struct {
	Network          string
	TunnelID         string
	TunnelName       string
	VirtualNetworkID string
	Comment          string
}

TunnelRouteResult contains the result of a Tunnel Route operation.

type UnvalidatedIngressRule 

type UnvalidatedIngressRule struct {
	Hostname      string              `yaml:"hostname,omitempty" json:"hostname,omitempty"`
	Path          string              `yaml:"path,omitempty" json:"path,omitempty"`
	Service       string              `yaml:"service" json:"service"`
	OriginRequest OriginRequestConfig `yaml:"originRequest,omitempty" json:"originRequest,omitempty"`
}

UnvalidatedIngressRule is a cloudflared ingress entry model

type VirtualNetworkParams 

type VirtualNetworkParams struct {
	Name             string
	Comment          string
	IsDefaultNetwork bool
}

VirtualNetworkParams contains parameters for creating or updating a Virtual Network.

type VirtualNetworkResult 

type VirtualNetworkResult struct {
	ID               string
	Name             string
	Comment          string
	IsDefaultNetwork bool
	DeletedAt        *string
}

VirtualNetworkResult contains the result of a Virtual Network operation.

type WARPConnectorResult 

type WARPConnectorResult struct {
	ID          string
	TunnelID    string
	TunnelToken string
	Name        string
}

WARPConnectorResult contains the result of a WARP Connector operation.

type WARPConnectorTokenResult 

type WARPConnectorTokenResult struct {
	Token string
}

WARPConnectorTokenResult contains the tunnel token for a WARP connector.

type WarpRoutingConfig 

type WarpRoutingConfig struct {
	Enabled bool `yaml:"enabled,omitempty" json:"enabled,omitempty"`
}

WarpRoutingConfig is a cloudflared warp routing model

type ZoneSettings 

type ZoneSettings struct {
	// SSL/TLS settings
	SSLMode                 string `json:"ssl,omitempty"`
	MinTLSVersion           string `json:"min_tls_version,omitempty"`
	TLS13                   string `json:"tls_1_3,omitempty"`
	AlwaysUseHTTPS          string `json:"always_use_https,omitempty"`
	AutomaticHTTPSRewrites  string `json:"automatic_https_rewrites,omitempty"`
	OpportunisticEncryption string `json:"opportunistic_encryption,omitempty"`
	TLSClientAuth           string `json:"tls_client_auth,omitempty"`

	// Cache settings
	BrowserCacheTTL int    `json:"browser_cache_ttl,omitempty"`
	DevelopmentMode string `json:"development_mode,omitempty"`
	CacheLevel      string `json:"cache_level,omitempty"`
	AlwaysOnline    string `json:"always_online,omitempty"`
	SortQueryString string `json:"sort_query_string_for_cache,omitempty"`

	// Security settings
	SecurityLevel     string `json:"security_level,omitempty"`
	BrowserCheck      string `json:"browser_check,omitempty"`
	EmailObfuscation  string `json:"email_obfuscation,omitempty"`
	ServerSideExclude string `json:"server_side_exclude,omitempty"`
	HotlinkProtection string `json:"hotlink_protection,omitempty"`
	ChallengePassage  int    `json:"challenge_ttl,omitempty"`
	WAF               string `json:"waf,omitempty"`

	// Performance settings
	Brotli          string          `json:"brotli,omitempty"`
	HTTP2           string          `json:"http2,omitempty"`
	HTTP3           string          `json:"http3,omitempty"`
	ZeroRTT         string          `json:"0rtt,omitempty"`
	Minify          *MinifySettings `json:"minify,omitempty"`
	Polish          string          `json:"polish,omitempty"`
	WebP            string          `json:"webp,omitempty"`
	Mirage          string          `json:"mirage,omitempty"`
	EarlyHints      string          `json:"early_hints,omitempty"`
	RocketLoader    string          `json:"rocket_loader,omitempty"`
	PrefetchPreload string          `json:"prefetch_preload,omitempty"`
	IPGeolocation   string          `json:"ip_geolocation,omitempty"`
	Websockets      string          `json:"websockets,omitempty"`
}

ZoneSettings represents a collection of zone settings

Source Files

View all Source files

Directories

Path Synopsis
Package mock is a generated GoMock package.
 Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.