Documentation
¶
Index ¶
- Constants
- Variables
- func BuildGroupIncludeRule(groupID string) map[string]any
- func GetRequeueDelay(err error, cfg RetryConfig) time.Duration
- func IsAuthError(err error) bool
- func IsConflictError(err error) bool
- func IsNotFoundError(err error) bool
- func IsRateLimitError(err error) bool
- func IsTemporaryError(err error) bool
- func ResetDefaultFactory()
- func SanitizeErrorMessage(err error) string
- func SetDefaultFactory(factory ClientFactory)
- func ShouldRetry(err error, retryCount int, maxRetries int) bool
- func WrapConflict(resource string, err error) error
- func WrapNotFound(resource string, err error) error
- type API
- func NewAPIClientFromCredentialsRef(ctx context.Context, k8sClient client.Client, ...) (*API, error)
- func NewAPIClientFromDefaultCredentials(ctx context.Context, k8sClient client.Client) (*API, error)
- func NewAPIClientFromDetails(ctx context.Context, k8sClient client.Client, namespace string, ...) (*API, error)
- func NewAPIClientFromSecret(ctx context.Context, k8sClient client.Client, secretName, namespace string, ...) (*API, error)
- func (c *API) CreateAccessApplication(params AccessApplicationParams) (*AccessApplicationResult, error)
- func (c *API) CreateAccessGroup(params AccessGroupParams) (*AccessGroupResult, error)
- func (c *API) CreateAccessIdentityProvider(params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)
- func (c *API) CreateAccessPolicy(params AccessPolicyParams) (*AccessPolicyResult, error)
- func (c *API) CreateAccessServiceToken(name string, duration string) (*AccessServiceTokenResult, error)
- func (c *API) CreateDNSRecord(params DNSRecordParams) (*DNSRecordResult, error)
- func (c *API) CreateDNSRecordInZone(zoneID string, params DNSRecordParams) (*DNSRecordResult, error)
- func (c *API) CreateDevicePostureRule(params DevicePostureRuleParams) (*DevicePostureRuleResult, error)
- func (c *API) CreateGatewayList(params GatewayListParams) (*GatewayListResult, error)
- func (c *API) CreateGatewayRule(params GatewayRuleParams) (*GatewayRuleResult, error)
- func (c *API) CreateTunnel() (string, string, error)
- func (c *API) CreateTunnelRoute(params TunnelRouteParams) (*TunnelRouteResult, error)
- func (c *API) CreateVirtualNetwork(params VirtualNetworkParams) (*VirtualNetworkResult, error)
- func (c *API) CreateWARPConnector(name string) (*WARPConnectorResult, error)
- func (c *API) DeleteAccessApplication(applicationID string) error
- func (c *API) DeleteAccessGroup(groupID string) error
- func (c *API) DeleteAccessIdentityProvider(idpID string) error
- func (c *API) DeleteAccessPolicy(applicationID, policyID string) error
- func (c *API) DeleteAccessServiceToken(tokenID string) error
- func (c *API) DeleteDNSId(fqdn, dnsId string, created bool) error
- func (c *API) DeleteDNSRecord(zoneID, recordID string) error
- func (c *API) DeleteDNSRecordInZone(zoneID, recordID string) error
- func (c *API) DeleteDevicePostureRule(ruleID string) error
- func (c *API) DeleteGatewayList(listID string) error
- func (c *API) DeleteGatewayRule(ruleID string) error
- func (c *API) DeleteTunnel() error
- func (c *API) DeleteTunnelRoute(network, virtualNetworkID string) error
- func (c *API) DeleteTunnelRoutesByTunnelID(tunnelID string) (int, error)
- func (c *API) DeleteTunnelRoutesByVirtualNetworkID(virtualNetworkID string) (int, error)
- func (c *API) DeleteVirtualNetwork(virtualNetworkID string) error
- func (c *API) DeleteWARPConnector(connectorID string) error
- func (c *API) GetAccessApplication(applicationID string) (*AccessApplicationResult, error)
- func (c *API) GetAccessGroup(groupID string) (*AccessGroupResult, error)
- func (c *API) GetAccessIdentityProvider(idpID string) (*AccessIdentityProviderResult, error)
- func (c *API) GetAccessPolicy(applicationID, policyID string) (*AccessPolicyResult, error)
- func (c *API) GetAccessServiceTokenByName(name string) (*AccessServiceTokenResult, error)
- func (c *API) GetAccountId() (string, error)
- func (c *API) GetDNSCNameId(fqdn string) (string, error)
- func (c *API) GetDNSCNameIdInZone(zoneID, fqdn string) (string, error)
- func (c *API) GetDNSRecord(zoneID, recordID string) (*DNSRecordResult, error)
- func (c *API) GetDNSRecordIdInZone(zoneID, fqdn, recordType string) (string, error)
- func (c *API) GetDevicePostureRule(ruleID string) (*DevicePostureRuleResult, error)
- func (c *API) GetFallbackDomains() ([]FallbackDomainEntry, error)
- func (c *API) GetGatewayList(listID string) (*GatewayListResult, error)
- func (c *API) GetGatewayRule(ruleID string) (*GatewayRuleResult, error)
- func (c *API) GetManagedDnsTxt(fqdn string) (string, DnsManagedRecordTxt, bool, error)
- func (c *API) GetSplitTunnelExclude() ([]SplitTunnelEntry, error)
- func (c *API) GetSplitTunnelInclude() ([]SplitTunnelEntry, error)
- func (c *API) GetTunnelCreds(tunnelSecret string) (string, error)
- func (c *API) GetTunnelId() (string, error)
- func (c *API) GetTunnelRoute(network, virtualNetworkID string) (*TunnelRouteResult, error)
- func (c *API) GetVirtualNetwork(virtualNetworkID string) (*VirtualNetworkResult, error)
- func (c *API) GetVirtualNetworkByName(name string) (*VirtualNetworkResult, error)
- func (c *API) GetWARPConnectorToken(connectorID string) (*WARPConnectorTokenResult, error)
- func (c *API) GetZoneId() (string, error)
- func (c *API) InsertOrUpdateCName(fqdn, dnsId string) (string, error)
- func (c *API) InsertOrUpdateCNameInZone(zoneID, fqdn, dnsId, tunnelID string, proxied bool) (string, error)
- func (c *API) InsertOrUpdateTXT(fqdn, txtId, dnsId string) error
- func (c *API) ListAccessApplicationsByName(name string) (*AccessApplicationResult, error)
- func (c *API) ListAccessGroupsByName(name string) (*AccessGroupResult, error)
- func (c *API) ListAccessIdentityProvidersByName(name string) (*AccessIdentityProviderResult, error)
- func (c *API) ListAccessPolicies(applicationID string) ([]AccessPolicyResult, error)
- func (c *API) ListDevicePostureRulesByName(name string) (*DevicePostureRuleResult, error)
- func (c *API) ListGatewayListsByName(name string) (*GatewayListResult, error)
- func (c *API) ListGatewayRulesByName(name string) (*GatewayRuleResult, error)
- func (c *API) ListTunnelRoutesByTunnelID(tunnelID string) ([]TunnelRouteResult, error)
- func (c *API) ListTunnelRoutesByVirtualNetworkID(virtualNetworkID string) ([]TunnelRouteResult, error)
- func (c *API) RefreshAccessServiceToken(tokenID string) (*AccessServiceTokenResult, error)
- func (c *API) UpdateAccessApplication(applicationID string, params AccessApplicationParams) (*AccessApplicationResult, error)
- func (c *API) UpdateAccessGroup(groupID string, params AccessGroupParams) (*AccessGroupResult, error)
- func (c *API) UpdateAccessIdentityProvider(idpID string, params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)
- func (c *API) UpdateAccessPolicy(policyID string, params AccessPolicyParams) (*AccessPolicyResult, error)
- func (c *API) UpdateAccessServiceToken(tokenID string, name string, duration string) (*AccessServiceTokenResult, error)
- func (c *API) UpdateDNSRecord(zoneID, recordID string, params DNSRecordParams) (*DNSRecordResult, error)
- func (c *API) UpdateDNSRecordInZone(zoneID, recordID string, params DNSRecordParams) (*DNSRecordResult, error)
- func (c *API) UpdateDevicePostureRule(ruleID string, params DevicePostureRuleParams) (*DevicePostureRuleResult, error)
- func (c *API) UpdateFallbackDomains(entries []FallbackDomainEntry) error
- func (c *API) UpdateGatewayConfiguration(params GatewayConfigurationParams) (*GatewayConfigurationResult, error)
- func (c *API) UpdateGatewayList(listID string, params GatewayListParams) (*GatewayListResult, error)
- func (c *API) UpdateGatewayRule(ruleID string, params GatewayRuleParams) (*GatewayRuleResult, error)
- func (c *API) UpdateSplitTunnelExclude(entries []SplitTunnelEntry) error
- func (c *API) UpdateSplitTunnelInclude(entries []SplitTunnelEntry) error
- func (c *API) UpdateTunnelRoute(network string, params TunnelRouteParams) (*TunnelRouteResult, error)
- func (c *API) UpdateVirtualNetwork(virtualNetworkID string, params VirtualNetworkParams) (*VirtualNetworkResult, error)
- func (c *API) ValidateAll() error
- type APIError
- type AccessApplicationParams
- type AccessApplicationResult
- type AccessGroupParams
- type AccessGroupResult
- type AccessIdentityProviderParams
- type AccessIdentityProviderResult
- type AccessPolicyParams
- type AccessPolicyResult
- type AccessServiceTokenResult
- type ActivityLogSettings
- type AntiVirusSettings
- type BlockPageSettings
- type BodyScanningSettings
- type BrowserIsolationSettings
- type ClientConfig
- type ClientFactory
- type CloudflareClient
- type Configuration
- type CustomCertificateSettings
- type DNSRecordParams
- type DNSRecordResult
- type DefaultClientFactory
- type DevicePostureRuleParams
- type DevicePostureRuleResult
- type DnsManagedRecordTxt
- type FIPSSettings
- type FallbackDomainEntry
- type GatewayConfigurationParams
- type GatewayConfigurationResult
- type GatewayListItem
- type GatewayListParams
- type GatewayListResult
- type GatewayRuleParams
- type GatewayRuleResult
- type IngressIPRule
- type NotificationSettings
- type OriginRequestConfig
- type ProtocolDetectionSettings
- type RetryConfig
- type SplitTunnelEntry
- type TLSDecryptSettings
- type TunnelCredentialsFile
- type TunnelRouteParams
- type TunnelRouteResult
- type UnvalidatedIngressRule
- type VirtualNetworkParams
- type VirtualNetworkResult
- type WARPConnectorResult
- type WARPConnectorTokenResult
- type WarpRoutingConfig
Constants ¶
const TXT_PREFIX = "_managed."
TXT_PREFIX is the prefix added to TXT records for whom the corresponding DNS records are managed by the operator.
Variables ¶
var ( // ErrResourceNotFound indicates the requested resource was not found ErrResourceNotFound = errors.New("resource not found") // ErrResourceConflict indicates the resource is already managed by another K8s object ErrResourceConflict = errors.New("resource already managed by another object") // ErrMultipleResourcesFound indicates multiple resources matched when only one was expected ErrMultipleResourcesFound = errors.New("multiple resources found") // ErrAPIRateLimited indicates the API rate limit was exceeded ErrAPIRateLimited = errors.New("API rate limit exceeded") // ErrTemporaryFailure indicates a temporary failure that should be retried ErrTemporaryFailure = errors.New("temporary failure") // ErrInvalidConfiguration indicates invalid configuration ErrInvalidConfiguration = errors.New("invalid configuration") // ErrAuthenticationFailed indicates authentication failed ErrAuthenticationFailed = errors.New("authentication failed") // ErrPermissionDenied indicates permission was denied ErrPermissionDenied = errors.New("permission denied") // ErrInvalidTunnelId indicates tunnel ID is missing or invalid ErrInvalidTunnelId = errors.New("invalid or missing tunnel ID") // ErrInvalidZoneId indicates zone ID is missing or invalid ErrInvalidZoneId = errors.New("invalid or missing zone ID") )
Error types for Cloudflare API operations
var ErrNoCredentials = errors.New("no API credentials provided: either APIToken or (APIKey + Email) required")
ErrNoCredentials is returned when no API credentials are provided.
Functions ¶
func BuildGroupIncludeRule ¶ added in v0.18.0
BuildGroupIncludeRule constructs an include rule that references an Access Group. This uses the "group" rule type with the group's UUID.
func GetRequeueDelay ¶ added in v0.17.3
func GetRequeueDelay(err error, cfg RetryConfig) time.Duration
GetRequeueDelay calculates the appropriate requeue delay based on error type Uses exponential backoff for temporary errors
func IsAuthError ¶ added in v0.17.3
IsAuthError checks if the error indicates an authentication/authorization failure
func IsConflictError ¶ added in v0.17.3
IsConflictError checks if the error indicates a resource conflict
func IsNotFoundError ¶ added in v0.17.3
IsNotFoundError checks if the error indicates a resource was not found
func IsRateLimitError ¶ added in v0.17.3
IsRateLimitError checks if the error indicates rate limiting
func IsTemporaryError ¶ added in v0.17.3
IsTemporaryError checks if the error is temporary and should be retried
func ResetDefaultFactory ¶
func ResetDefaultFactory()
ResetDefaultFactory resets the default ClientFactory to the real implementation.
func SanitizeErrorMessage ¶ added in v0.17.3
SanitizeErrorMessage removes potentially sensitive information from error messages before storing them in Status conditions
func SetDefaultFactory ¶
func SetDefaultFactory(factory ClientFactory)
SetDefaultFactory sets the default ClientFactory (useful for testing).
func ShouldRetry ¶ added in v0.17.3
ShouldRetry determines if an operation should be retried based on error type and retry count
func WrapConflict ¶ added in v0.17.3
WrapConflict wraps an error as a conflict error
func WrapNotFound ¶ added in v0.17.3
WrapNotFound wraps an error as a not found error
Types ¶
type API ¶
type API struct {
Log logr.Logger
TunnelName string
TunnelId string
AccountName string
AccountId string
Domain string
ValidAccountId string
ValidTunnelId string
ValidTunnelName string
ValidZoneId string
ValidDomainName string // Domain name corresponding to ValidZoneId
CloudflareClient *cloudflare.API
}
API config object holding all relevant fields to use the API
func NewAPIClientFromCredentialsRef ¶ added in v0.17.0
func NewAPIClientFromCredentialsRef(ctx context.Context, k8sClient client.Client, ref *networkingv1alpha2.CloudflareCredentialsRef) (*API, error)
NewAPIClientFromCredentialsRef creates a new API client from a CloudflareCredentials reference.
func NewAPIClientFromDefaultCredentials ¶ added in v0.17.0
NewAPIClientFromDefaultCredentials creates a new API client using the default CloudflareCredentials.
func NewAPIClientFromDetails ¶
func NewAPIClientFromDetails(ctx context.Context, k8sClient client.Client, namespace string, details networkingv1alpha2.CloudflareDetails) (*API, error)
NewAPIClientFromDetails creates a new API client from CloudflareDetails. This function supports both the new CloudflareCredentials reference and legacy inline secrets. Priority order:
- credentialsRef (if specified) - references a CloudflareCredentials resource
- inline secret (if specified) - legacy mode for backwards compatibility
- default CloudflareCredentials (if no credentials specified)
func NewAPIClientFromSecret ¶
func NewAPIClientFromSecret(ctx context.Context, k8sClient client.Client, secretName, namespace string, log logr.Logger) (*API, error)
NewAPIClientFromSecret creates a new API client from a secret reference. This is a legacy function maintained for backwards compatibility.
func (*API) CreateAccessApplication ¶
func (c *API) CreateAccessApplication(params AccessApplicationParams) (*AccessApplicationResult, error)
CreateAccessApplication creates a new Access Application.
func (*API) CreateAccessGroup ¶
func (c *API) CreateAccessGroup(params AccessGroupParams) (*AccessGroupResult, error)
CreateAccessGroup creates a new Access Group.
func (*API) CreateAccessIdentityProvider ¶
func (c *API) CreateAccessIdentityProvider(params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)
CreateAccessIdentityProvider creates a new Access Identity Provider.
func (*API) CreateAccessPolicy ¶ added in v0.18.0
func (c *API) CreateAccessPolicy(params AccessPolicyParams) (*AccessPolicyResult, error)
CreateAccessPolicy creates a new Access Policy for an application.
func (*API) CreateAccessServiceToken ¶
func (c *API) CreateAccessServiceToken(name string, duration string) (*AccessServiceTokenResult, error)
CreateAccessServiceToken creates a new Access Service Token.
func (*API) CreateDNSRecord ¶
func (c *API) CreateDNSRecord(params DNSRecordParams) (*DNSRecordResult, error)
CreateDNSRecord creates a new DNS record.
func (*API) CreateDNSRecordInZone ¶ added in v0.19.0
func (c *API) CreateDNSRecordInZone(zoneID string, params DNSRecordParams) (*DNSRecordResult, error)
CreateDNSRecordInZone creates a new DNS record in the specified zone.
func (*API) CreateDevicePostureRule ¶
func (c *API) CreateDevicePostureRule(params DevicePostureRuleParams) (*DevicePostureRuleResult, error)
CreateDevicePostureRule creates a new Device Posture Rule.
func (*API) CreateGatewayList ¶
func (c *API) CreateGatewayList(params GatewayListParams) (*GatewayListResult, error)
CreateGatewayList creates a new Gateway List.
func (*API) CreateGatewayRule ¶
func (c *API) CreateGatewayRule(params GatewayRuleParams) (*GatewayRuleResult, error)
CreateGatewayRule creates a new Gateway Rule.
func (*API) CreateTunnel ¶
CreateTunnel creates a Cloudflare Tunnel and returns the tunnel Id and credentials file
func (*API) CreateTunnelRoute ¶
func (c *API) CreateTunnelRoute(params TunnelRouteParams) (*TunnelRouteResult, error)
CreateTunnelRoute creates a new Tunnel Route for private network access.
func (*API) CreateVirtualNetwork ¶
func (c *API) CreateVirtualNetwork(params VirtualNetworkParams) (*VirtualNetworkResult, error)
CreateVirtualNetwork creates a new Virtual Network in Cloudflare.
func (*API) CreateWARPConnector ¶
func (c *API) CreateWARPConnector(name string) (*WARPConnectorResult, error)
CreateWARPConnector creates a new WARP Connector.
func (*API) DeleteAccessApplication ¶
DeleteAccessApplication deletes an Access Application.
func (*API) DeleteAccessGroup ¶
DeleteAccessGroup deletes an Access Group.
func (*API) DeleteAccessIdentityProvider ¶
DeleteAccessIdentityProvider deletes an Access Identity Provider.
func (*API) DeleteAccessPolicy ¶ added in v0.18.0
DeleteAccessPolicy deletes an Access Policy.
func (*API) DeleteAccessServiceToken ¶
DeleteAccessServiceToken deletes an Access Service Token.
func (*API) DeleteDNSId ¶
DeleteDNSId deletes DNS entry for the given dnsId
func (*API) DeleteDNSRecord ¶
DeleteDNSRecord deletes a DNS record.
func (*API) DeleteDNSRecordInZone ¶ added in v0.19.0
DeleteDNSRecordInZone deletes a DNS record in the specified zone.
func (*API) DeleteDevicePostureRule ¶
DeleteDevicePostureRule deletes a Device Posture Rule.
func (*API) DeleteGatewayList ¶
DeleteGatewayList deletes a Gateway List.
func (*API) DeleteGatewayRule ¶
DeleteGatewayRule deletes a Gateway Rule.
func (*API) DeleteTunnel ¶
DeleteTunnel deletes a Cloudflare Tunnel
func (*API) DeleteTunnelRoute ¶
DeleteTunnelRoute deletes a Tunnel Route.
func (*API) DeleteTunnelRoutesByTunnelID ¶ added in v0.17.10
DeleteTunnelRoutesByTunnelID deletes all routes associated with a tunnel. Returns the number of routes deleted and any error encountered.
func (*API) DeleteTunnelRoutesByVirtualNetworkID ¶ added in v0.17.10
DeleteTunnelRoutesByVirtualNetworkID deletes all routes associated with a virtual network. Returns the number of routes deleted and any error encountered.
func (*API) DeleteVirtualNetwork ¶
DeleteVirtualNetwork deletes a Virtual Network.
func (*API) DeleteWARPConnector ¶
DeleteWARPConnector deletes a WARP Connector.
func (*API) GetAccessApplication ¶
func (c *API) GetAccessApplication(applicationID string) (*AccessApplicationResult, error)
GetAccessApplication retrieves an Access Application by ID.
func (*API) GetAccessGroup ¶
func (c *API) GetAccessGroup(groupID string) (*AccessGroupResult, error)
GetAccessGroup retrieves an Access Group by ID.
func (*API) GetAccessIdentityProvider ¶
func (c *API) GetAccessIdentityProvider(idpID string) (*AccessIdentityProviderResult, error)
GetAccessIdentityProvider retrieves an Access Identity Provider by ID.
func (*API) GetAccessPolicy ¶ added in v0.18.0
func (c *API) GetAccessPolicy(applicationID, policyID string) (*AccessPolicyResult, error)
GetAccessPolicy retrieves an Access Policy by ID.
func (*API) GetAccessServiceTokenByName ¶ added in v0.17.3
func (c *API) GetAccessServiceTokenByName(name string) (*AccessServiceTokenResult, error)
GetAccessServiceTokenByName retrieves an Access Service Token by name. Returns nil if no token with the given name is found.
func (*API) GetAccountId ¶
GetAccountId gets AccountId from Account Name
func (*API) GetDNSCNameId ¶
GetDNSCNameId returns the ID of the CNAME record requested. Returns empty string and nil error if the record does not exist (this is not an error condition). Returns empty string and error if there was an actual API error or multiple records found.
func (*API) GetDNSCNameIdInZone ¶ added in v0.19.0
GetDNSCNameIdInZone returns the ID of the CNAME record for the given fqdn in the specified zone. Returns empty string and nil error if the record does not exist (this is not an error condition). Returns empty string and error if there was an actual API error or multiple records found.
func (*API) GetDNSRecord ¶
func (c *API) GetDNSRecord(zoneID, recordID string) (*DNSRecordResult, error)
GetDNSRecord retrieves a DNS record by ID.
func (*API) GetDNSRecordIdInZone ¶ added in v0.19.0
GetDNSRecordIdInZone returns the ID of a DNS record of the given type for the fqdn in the specified zone. Returns empty string and nil error if the record does not exist.
func (*API) GetDevicePostureRule ¶
func (c *API) GetDevicePostureRule(ruleID string) (*DevicePostureRuleResult, error)
GetDevicePostureRule retrieves a Device Posture Rule by ID.
func (*API) GetFallbackDomains ¶
func (c *API) GetFallbackDomains() ([]FallbackDomainEntry, error)
GetFallbackDomains retrieves the current fallback domains list.
func (*API) GetGatewayList ¶
func (c *API) GetGatewayList(listID string) (*GatewayListResult, error)
GetGatewayList retrieves a Gateway List by ID.
func (*API) GetGatewayRule ¶
func (c *API) GetGatewayRule(ruleID string) (*GatewayRuleResult, error)
GetGatewayRule retrieves a Gateway Rule by ID.
func (*API) GetManagedDnsTxt ¶
GetManagedDnsTxt gets the TXT record corresponding to the fqdn
func (*API) GetSplitTunnelExclude ¶
func (c *API) GetSplitTunnelExclude() ([]SplitTunnelEntry, error)
GetSplitTunnelExclude retrieves the current split tunnel exclude list.
func (*API) GetSplitTunnelInclude ¶
func (c *API) GetSplitTunnelInclude() ([]SplitTunnelEntry, error)
GetSplitTunnelInclude retrieves the current split tunnel include list.
func (*API) GetTunnelCreds ¶
GetTunnelCreds gets Tunnel Credentials from Tunnel secret
func (*API) GetTunnelId ¶
GetTunnelId gets Tunnel Id from available information
func (*API) GetTunnelRoute ¶
func (c *API) GetTunnelRoute(network, virtualNetworkID string) (*TunnelRouteResult, error)
GetTunnelRoute retrieves a Tunnel Route by network CIDR and virtual network ID.
func (*API) GetVirtualNetwork ¶
func (c *API) GetVirtualNetwork(virtualNetworkID string) (*VirtualNetworkResult, error)
GetVirtualNetwork retrieves a Virtual Network by ID.
func (*API) GetVirtualNetworkByName ¶
func (c *API) GetVirtualNetworkByName(name string) (*VirtualNetworkResult, error)
GetVirtualNetworkByName retrieves a Virtual Network by name.
func (*API) GetWARPConnectorToken ¶
func (c *API) GetWARPConnectorToken(connectorID string) (*WARPConnectorTokenResult, error)
GetWARPConnectorToken retrieves the tunnel token for a WARP connector.
func (*API) InsertOrUpdateCName ¶
InsertOrUpdateCName upsert DNS CNAME record for the given FQDN to point to the tunnel
func (*API) InsertOrUpdateCNameInZone ¶ added in v0.19.0
func (c *API) InsertOrUpdateCNameInZone(zoneID, fqdn, dnsId, tunnelID string, proxied bool) (string, error)
InsertOrUpdateCNameInZone upserts DNS CNAME record for the given FQDN to point to the tunnel in the specified zone. If tunnelID is empty, it uses c.ValidTunnelId.
func (*API) InsertOrUpdateTXT ¶
InsertOrUpdateTXT upsert DNS TXT record for the given FQDN to point to the tunnel
func (*API) ListAccessApplicationsByName ¶
func (c *API) ListAccessApplicationsByName(name string) (*AccessApplicationResult, error)
ListAccessApplicationsByName finds an Access Application by name.
func (*API) ListAccessGroupsByName ¶ added in v0.17.3
func (c *API) ListAccessGroupsByName(name string) (*AccessGroupResult, error)
ListAccessGroupsByName finds an Access Group by name. Returns nil if no group with the given name is found.
func (*API) ListAccessIdentityProvidersByName ¶ added in v0.17.3
func (c *API) ListAccessIdentityProvidersByName(name string) (*AccessIdentityProviderResult, error)
ListAccessIdentityProvidersByName finds an Access Identity Provider by name. Returns nil if no provider with the given name is found.
func (*API) ListAccessPolicies ¶ added in v0.18.0
func (c *API) ListAccessPolicies(applicationID string) ([]AccessPolicyResult, error)
ListAccessPolicies lists all Access Policies for an application.
func (*API) ListDevicePostureRulesByName ¶ added in v0.17.3
func (c *API) ListDevicePostureRulesByName(name string) (*DevicePostureRuleResult, error)
ListDevicePostureRulesByName finds a Device Posture Rule by name. Returns nil if no rule with the given name is found.
func (*API) ListGatewayListsByName ¶
func (c *API) ListGatewayListsByName(name string) (*GatewayListResult, error)
ListGatewayListsByName finds a Gateway List by name. Returns nil if no list with the given name is found.
func (*API) ListGatewayRulesByName ¶
func (c *API) ListGatewayRulesByName(name string) (*GatewayRuleResult, error)
ListGatewayRulesByName finds a Gateway Rule by name. Returns nil if no rule with the given name is found.
func (*API) ListTunnelRoutesByTunnelID ¶ added in v0.17.10
func (c *API) ListTunnelRoutesByTunnelID(tunnelID string) ([]TunnelRouteResult, error)
ListTunnelRoutesByTunnelID lists all Tunnel Routes associated with a specific Tunnel. This is used to clean up routes before deleting a tunnel.
func (*API) ListTunnelRoutesByVirtualNetworkID ¶ added in v0.17.10
func (c *API) ListTunnelRoutesByVirtualNetworkID(virtualNetworkID string) ([]TunnelRouteResult, error)
ListTunnelRoutesByVirtualNetworkID lists all Tunnel Routes associated with a specific Virtual Network. This is used to clean up routes before deleting a virtual network.
func (*API) RefreshAccessServiceToken ¶
func (c *API) RefreshAccessServiceToken(tokenID string) (*AccessServiceTokenResult, error)
RefreshAccessServiceToken refreshes an Access Service Token, generating a new client secret.
func (*API) UpdateAccessApplication ¶
func (c *API) UpdateAccessApplication(applicationID string, params AccessApplicationParams) (*AccessApplicationResult, error)
UpdateAccessApplication updates an existing Access Application.
func (*API) UpdateAccessGroup ¶
func (c *API) UpdateAccessGroup(groupID string, params AccessGroupParams) (*AccessGroupResult, error)
UpdateAccessGroup updates an existing Access Group.
func (*API) UpdateAccessIdentityProvider ¶
func (c *API) UpdateAccessIdentityProvider(idpID string, params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)
UpdateAccessIdentityProvider updates an existing Access Identity Provider.
func (*API) UpdateAccessPolicy ¶ added in v0.18.0
func (c *API) UpdateAccessPolicy(policyID string, params AccessPolicyParams) (*AccessPolicyResult, error)
UpdateAccessPolicy updates an existing Access Policy.
func (*API) UpdateAccessServiceToken ¶
func (c *API) UpdateAccessServiceToken(tokenID string, name string, duration string) (*AccessServiceTokenResult, error)
UpdateAccessServiceToken updates an existing Access Service Token.
func (*API) UpdateDNSRecord ¶
func (c *API) UpdateDNSRecord(zoneID, recordID string, params DNSRecordParams) (*DNSRecordResult, error)
UpdateDNSRecord updates an existing DNS record.
func (*API) UpdateDNSRecordInZone ¶ added in v0.19.0
func (c *API) UpdateDNSRecordInZone(zoneID, recordID string, params DNSRecordParams) (*DNSRecordResult, error)
UpdateDNSRecordInZone updates an existing DNS record in the specified zone.
func (*API) UpdateDevicePostureRule ¶
func (c *API) UpdateDevicePostureRule(ruleID string, params DevicePostureRuleParams) (*DevicePostureRuleResult, error)
UpdateDevicePostureRule updates an existing Device Posture Rule.
func (*API) UpdateFallbackDomains ¶
func (c *API) UpdateFallbackDomains(entries []FallbackDomainEntry) error
UpdateFallbackDomains updates the fallback domains list.
func (*API) UpdateGatewayConfiguration ¶
func (c *API) UpdateGatewayConfiguration(params GatewayConfigurationParams) (*GatewayConfigurationResult, error)
UpdateGatewayConfiguration updates the Gateway configuration for an account.
func (*API) UpdateGatewayList ¶
func (c *API) UpdateGatewayList(listID string, params GatewayListParams) (*GatewayListResult, error)
UpdateGatewayList updates an existing Gateway List.
func (*API) UpdateGatewayRule ¶
func (c *API) UpdateGatewayRule(ruleID string, params GatewayRuleParams) (*GatewayRuleResult, error)
UpdateGatewayRule updates an existing Gateway Rule.
func (*API) UpdateSplitTunnelExclude ¶
func (c *API) UpdateSplitTunnelExclude(entries []SplitTunnelEntry) error
UpdateSplitTunnelExclude updates the split tunnel exclude list.
func (*API) UpdateSplitTunnelInclude ¶
func (c *API) UpdateSplitTunnelInclude(entries []SplitTunnelEntry) error
UpdateSplitTunnelInclude updates the split tunnel include list.
func (*API) UpdateTunnelRoute ¶
func (c *API) UpdateTunnelRoute(network string, params TunnelRouteParams) (*TunnelRouteResult, error)
UpdateTunnelRoute updates an existing Tunnel Route.
func (*API) UpdateVirtualNetwork ¶
func (c *API) UpdateVirtualNetwork(virtualNetworkID string, params VirtualNetworkParams) (*VirtualNetworkResult, error)
UpdateVirtualNetwork updates an existing Virtual Network.
func (*API) ValidateAll ¶
ValidateAll validates the contents of the API struct
type APIError ¶ added in v0.17.3
APIError wraps a Cloudflare API error with additional context
func NewAPIError ¶ added in v0.17.3
NewAPIError creates a new APIError
type AccessApplicationParams ¶
type AccessApplicationParams struct {
Name string
Domain string
Type string // self_hosted, saas, ssh, vnc, app_launcher, warp, biso, bookmark, dash_sso
SessionDuration string
AllowedIdps []string
AutoRedirectToIdentity *bool
EnableBindingCookie *bool
HttpOnlyCookieAttribute *bool
SameSiteCookieAttribute string
LogoURL string
SkipInterstitial *bool
AppLauncherVisible *bool
ServiceAuth401Redirect *bool
CustomDenyMessage string
CustomDenyURL string
AllowAuthenticateViaWarp *bool
Tags []string
}
AccessApplicationParams contains parameters for creating/updating an Access Application.
type AccessApplicationResult ¶
type AccessApplicationResult struct {
ID string
AUD string
Name string
Domain string
Type string
SessionDuration string
AllowedIdps []string
AutoRedirectToIdentity bool
}
AccessApplicationResult contains the result of an Access Application operation.
type AccessGroupParams ¶
type AccessGroupParams struct {
Name string
Include []interface{}
Exclude []interface{}
Require []interface{}
}
AccessGroupParams contains parameters for creating/updating an Access Group.
type AccessGroupResult ¶
AccessGroupResult contains the result of an Access Group operation.
type AccessIdentityProviderParams ¶
type AccessIdentityProviderParams struct {
Name string
Type string
Config cloudflare.AccessIdentityProviderConfiguration
ScimConfig cloudflare.AccessIdentityProviderScimConfiguration
}
AccessIdentityProviderParams contains parameters for an Access Identity Provider.
type AccessIdentityProviderResult ¶
AccessIdentityProviderResult contains the result of an Access Identity Provider operation.
type AccessPolicyParams ¶ added in v0.18.0
type AccessPolicyParams struct {
ApplicationID string // Required: The Application ID this policy belongs to
Name string // Policy name
Decision string // allow, deny, bypass, non_identity
Precedence int // Order of evaluation (lower = higher priority)
Include []any // Include rules (e.g., group references)
Exclude []any // Exclude rules
Require []any // Require rules
SessionDuration *string // Optional session duration override
}
AccessPolicyParams contains parameters for creating/updating an Access Policy.
type AccessPolicyResult ¶ added in v0.18.0
AccessPolicyResult contains the result of an Access Policy operation.
type AccessServiceTokenResult ¶
type AccessServiceTokenResult struct {
ID string
TokenID string
Name string
ClientID string
ClientSecret string
AccountID string
ExpiresAt string
}
AccessServiceTokenResult contains the result of an Access Service Token operation.
type ActivityLogSettings ¶ added in v0.17.5
type ActivityLogSettings struct {
Enabled bool
}
ActivityLogSettings for activity logging.
type AntiVirusSettings ¶ added in v0.17.5
type AntiVirusSettings struct {
EnabledDownloadPhase bool
EnabledUploadPhase bool
FailClosed bool
NotificationSettings *NotificationSettings
}
AntiVirusSettings for AV scanning.
type BlockPageSettings ¶ added in v0.17.5
type BlockPageSettings struct {
Enabled bool
HeaderText string
LogoPath string
BackgroundColor string
}
BlockPageSettings for block page customization.
type BodyScanningSettings ¶ added in v0.17.5
type BodyScanningSettings struct {
InspectionMode string
}
BodyScanningSettings for body scanning.
type BrowserIsolationSettings ¶ added in v0.17.5
BrowserIsolationSettings for browser isolation.
type ClientConfig ¶
type ClientConfig struct {
Log logr.Logger
APIToken string
APIKey string
Email string
AccountID string
AccountName string
Domain string
TunnelID string
TunnelName string
}
ClientConfig contains configuration for creating a CloudflareClient.
type ClientFactory ¶
type ClientFactory interface {
// NewClient creates a new CloudflareClient with the given configuration.
NewClient(config ClientConfig) (CloudflareClient, error)
}
ClientFactory creates CloudflareClient instances. This interface enables dependency injection for testing.
func GetDefaultFactory ¶
func GetDefaultFactory() ClientFactory
GetDefaultFactory returns the default ClientFactory.
func NewDefaultClientFactory ¶
func NewDefaultClientFactory() ClientFactory
NewDefaultClientFactory creates a new DefaultClientFactory.
type CloudflareClient ¶
type CloudflareClient interface {
// Tunnel operations
CreateTunnel() (string, string, error)
DeleteTunnel() error
ValidateAll() error
GetAccountId() (string, error)
GetTunnelId() (string, error)
GetTunnelCreds(tunnelSecret string) (string, error)
GetZoneId() (string, error)
// DNS operations (api.go - CNAME/TXT for tunnels)
InsertOrUpdateCName(fqdn, dnsID string) (string, error)
DeleteDNSId(fqdn, dnsID string, created bool) error
GetDNSCNameId(fqdn string) (string, error)
GetManagedDnsTxt(fqdn string) (string, DnsManagedRecordTxt, bool, error)
InsertOrUpdateTXT(fqdn, txtID, dnsID string) error
// DNS operations (dns.go - Generic DNS records)
CreateDNSRecord(params DNSRecordParams) (*DNSRecordResult, error)
GetDNSRecord(zoneID, recordID string) (*DNSRecordResult, error)
UpdateDNSRecord(zoneID, recordID string, params DNSRecordParams) (*DNSRecordResult, error)
DeleteDNSRecord(zoneID, recordID string) error
// Virtual Network operations
CreateVirtualNetwork(params VirtualNetworkParams) (*VirtualNetworkResult, error)
GetVirtualNetwork(virtualNetworkID string) (*VirtualNetworkResult, error)
GetVirtualNetworkByName(name string) (*VirtualNetworkResult, error)
UpdateVirtualNetwork(virtualNetworkID string, params VirtualNetworkParams) (*VirtualNetworkResult, error)
DeleteVirtualNetwork(virtualNetworkID string) error
// Tunnel Route operations
CreateTunnelRoute(params TunnelRouteParams) (*TunnelRouteResult, error)
GetTunnelRoute(network, virtualNetworkID string) (*TunnelRouteResult, error)
UpdateTunnelRoute(network string, params TunnelRouteParams) (*TunnelRouteResult, error)
DeleteTunnelRoute(network, virtualNetworkID string) error
// Access Application operations
CreateAccessApplication(params AccessApplicationParams) (*AccessApplicationResult, error)
GetAccessApplication(applicationID string) (*AccessApplicationResult, error)
UpdateAccessApplication(applicationID string, params AccessApplicationParams) (*AccessApplicationResult, error)
DeleteAccessApplication(applicationID string) error
ListAccessApplicationsByName(name string) (*AccessApplicationResult, error)
// Access Policy operations
CreateAccessPolicy(params AccessPolicyParams) (*AccessPolicyResult, error)
GetAccessPolicy(applicationID, policyID string) (*AccessPolicyResult, error)
UpdateAccessPolicy(policyID string, params AccessPolicyParams) (*AccessPolicyResult, error)
DeleteAccessPolicy(applicationID, policyID string) error
ListAccessPolicies(applicationID string) ([]AccessPolicyResult, error)
// Access Group operations
CreateAccessGroup(params AccessGroupParams) (*AccessGroupResult, error)
GetAccessGroup(groupID string) (*AccessGroupResult, error)
UpdateAccessGroup(groupID string, params AccessGroupParams) (*AccessGroupResult, error)
DeleteAccessGroup(groupID string) error
ListAccessGroupsByName(name string) (*AccessGroupResult, error)
// Access Identity Provider operations
CreateAccessIdentityProvider(params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)
GetAccessIdentityProvider(idpID string) (*AccessIdentityProviderResult, error)
UpdateAccessIdentityProvider(idpID string, params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)
DeleteAccessIdentityProvider(idpID string) error
ListAccessIdentityProvidersByName(name string) (*AccessIdentityProviderResult, error)
// Access Service Token operations
GetAccessServiceTokenByName(name string) (*AccessServiceTokenResult, error)
CreateAccessServiceToken(name string, duration string) (*AccessServiceTokenResult, error)
UpdateAccessServiceToken(tokenID string, name string, duration string) (*AccessServiceTokenResult, error)
RefreshAccessServiceToken(tokenID string) (*AccessServiceTokenResult, error)
DeleteAccessServiceToken(tokenID string) error
// Device Posture Rule operations
CreateDevicePostureRule(params DevicePostureRuleParams) (*DevicePostureRuleResult, error)
GetDevicePostureRule(ruleID string) (*DevicePostureRuleResult, error)
UpdateDevicePostureRule(ruleID string, params DevicePostureRuleParams) (*DevicePostureRuleResult, error)
DeleteDevicePostureRule(ruleID string) error
ListDevicePostureRulesByName(name string) (*DevicePostureRuleResult, error)
// Gateway Rule operations
CreateGatewayRule(params GatewayRuleParams) (*GatewayRuleResult, error)
GetGatewayRule(ruleID string) (*GatewayRuleResult, error)
UpdateGatewayRule(ruleID string, params GatewayRuleParams) (*GatewayRuleResult, error)
DeleteGatewayRule(ruleID string) error
ListGatewayRulesByName(name string) (*GatewayRuleResult, error)
// Gateway List operations
CreateGatewayList(params GatewayListParams) (*GatewayListResult, error)
GetGatewayList(listID string) (*GatewayListResult, error)
UpdateGatewayList(listID string, params GatewayListParams) (*GatewayListResult, error)
DeleteGatewayList(listID string) error
ListGatewayListsByName(name string) (*GatewayListResult, error)
// Split Tunnel operations
GetSplitTunnelExclude() ([]SplitTunnelEntry, error)
UpdateSplitTunnelExclude(entries []SplitTunnelEntry) error
GetSplitTunnelInclude() ([]SplitTunnelEntry, error)
UpdateSplitTunnelInclude(entries []SplitTunnelEntry) error
// Fallback Domain operations
GetFallbackDomains() ([]FallbackDomainEntry, error)
UpdateFallbackDomains(entries []FallbackDomainEntry) error
// WARP Connector operations
CreateWARPConnector(name string) (*WARPConnectorResult, error)
GetWARPConnectorToken(connectorID string) (*WARPConnectorTokenResult, error)
DeleteWARPConnector(connectorID string) error
// Gateway Configuration operations
UpdateGatewayConfiguration(params GatewayConfigurationParams) (*GatewayConfigurationResult, error)
}
CloudflareClient defines the interface for interacting with the Cloudflare API. This interface enables dependency injection and mocking for unit tests. The interface is intentionally large to cover all Cloudflare API operations.
type Configuration ¶
type Configuration struct {
TunnelId string `yaml:"tunnel" json:"tunnel"`
Ingress []UnvalidatedIngressRule `yaml:"ingress,omitempty" json:"ingress,omitempty"`
WarpRouting WarpRoutingConfig `yaml:"warp-routing,omitempty" json:"warp-routing,omitempty"`
OriginRequest OriginRequestConfig `yaml:"originRequest,omitempty" json:"originRequest,omitempty"`
SourceFile string `yaml:"credentials-file" json:"credentials-file"`
Metrics string `yaml:"metrics,omitempty" json:"metrics,omitempty"`
NoAutoUpdate bool `yaml:"no-autoupdate,omitempty" json:"no-autoupdate,omitempty"`
}
Configuration is a cloudflared configuration yaml model https://github.com/cloudflare/cloudflared/blob/master/config/configuration.go Note: Both yaml and json tags are required because sigs.k8s.io/yaml uses json.Marshal internally, which only recognizes json tags.
type CustomCertificateSettings ¶ added in v0.17.5
CustomCertificateSettings for custom CA.
type DNSRecordParams ¶
type DNSRecordParams struct {
Name string
Type string
Content string
TTL int
Proxied bool
Priority *int
Comment string
Tags []string
Data map[string]interface{}
}
DNSRecordParams contains parameters for creating/updating a DNS record.
type DNSRecordResult ¶
type DNSRecordResult struct {
ID string
ZoneID string
Name string
Type string
Content string
TTL int
Proxied bool
}
DNSRecordResult contains the result of a DNS record operation.
type DefaultClientFactory ¶
type DefaultClientFactory struct{}
DefaultClientFactory creates real CloudflareClient instances.
func (*DefaultClientFactory) NewClient ¶
func (*DefaultClientFactory) NewClient(config ClientConfig) (CloudflareClient, error)
NewClient creates a new CloudflareClient using the real Cloudflare API.
type DevicePostureRuleParams ¶
type DevicePostureRuleParams struct {
Name string
Type string
Description string
Schedule string
Expiration string
Match []map[string]any
Input map[string]any
}
DevicePostureRuleParams contains parameters for a Device Posture Rule.
type DevicePostureRuleResult ¶
type DevicePostureRuleResult struct {
ID string
Name string
Type string
Description string
AccountID string
}
DevicePostureRuleResult contains the result of a Device Posture Rule operation.
type DnsManagedRecordTxt ¶
type DnsManagedRecordTxt struct {
DnsId string // DnsId of the managed record
TunnelName string // TunnelName of the managed record
TunnelId string // TunnelId of the managed record
}
DnsManagedRecordTxt object that represents each managed DNS record in a separate TXT record
type FIPSSettings ¶ added in v0.17.5
type FIPSSettings struct {
TLS bool
}
FIPSSettings for FIPS compliance.
type FallbackDomainEntry ¶
type FallbackDomainEntry struct {
Suffix string `json:"suffix"`
Description string `json:"description,omitempty"`
DNSServer []string `json:"dns_server,omitempty"`
}
FallbackDomainEntry represents a fallback domain configuration entry.
type GatewayConfigurationParams ¶
type GatewayConfigurationParams struct {
TLSDecrypt *TLSDecryptSettings
ActivityLog *ActivityLogSettings
AntiVirus *AntiVirusSettings
BlockPage *BlockPageSettings
BodyScanning *BodyScanningSettings
BrowserIsolation *BrowserIsolationSettings
FIPS *FIPSSettings
ProtocolDetection *ProtocolDetectionSettings
CustomCertificate *CustomCertificateSettings
}
GatewayConfigurationParams contains parameters for Gateway Configuration.
type GatewayConfigurationResult ¶
type GatewayConfigurationResult struct {
AccountID string
}
GatewayConfigurationResult contains the result of a Gateway Configuration operation.
type GatewayListItem ¶
GatewayListItem represents an item in a Gateway List.
type GatewayListParams ¶
type GatewayListParams struct {
Name string
Description string
Type string // SERIAL, URL, DOMAIN, EMAIL, IP
Items []string
}
GatewayListParams contains parameters for a Gateway List.
type GatewayListResult ¶
type GatewayListResult struct {
ID string
Name string
Description string
Type string
Count int
AccountID string
}
GatewayListResult contains the result of a Gateway List operation.
type GatewayRuleParams ¶
type GatewayRuleParams struct {
Name string
Description string
Precedence int
Enabled bool
Action string
Filters []cloudflare.TeamsFilterType
Traffic string
Identity string
DevicePosture string
RuleSettings map[string]interface{}
}
GatewayRuleParams contains parameters for a Gateway Rule.
type GatewayRuleResult ¶
type GatewayRuleResult struct {
ID string
Name string
Description string
Precedence int
Enabled bool
Action string
}
GatewayRuleResult contains the result of a Gateway Rule operation.
type IngressIPRule ¶
type IngressIPRule struct {
Prefix *string `yaml:"prefix,omitempty" json:"prefix,omitempty"`
Ports []int `yaml:"ports,omitempty" json:"ports,omitempty"`
Allow bool `yaml:"allow,omitempty" json:"allow,omitempty"`
}
IngressIPRule is a cloudflared origin ingress IP rule config model
type NotificationSettings ¶ added in v0.17.5
NotificationSettings for antivirus notifications.
type OriginRequestConfig ¶
type OriginRequestConfig struct {
// HTTP proxy timeout for establishing a new connection
ConnectTimeout *time.Duration `yaml:"connectTimeout,omitempty" json:"connectTimeout,omitempty"`
// HTTP proxy timeout for completing a TLS handshake
TLSTimeout *time.Duration `yaml:"tlsTimeout,omitempty" json:"tlsTimeout,omitempty"`
// HTTP proxy TCP keepalive duration
TCPKeepAlive *time.Duration `yaml:"tcpKeepAlive,omitempty" json:"tcpKeepAlive,omitempty"`
// HTTP proxy should disable "happy eyeballs" for IPv4/v6 fallback
NoHappyEyeballs *bool `yaml:"noHappyEyeballs,omitempty" json:"noHappyEyeballs,omitempty"`
// HTTP proxy maximum keepalive connection pool size
KeepAliveConnections *int `yaml:"keepAliveConnections,omitempty" json:"keepAliveConnections,omitempty"`
// HTTP proxy timeout for closing an idle connection
KeepAliveTimeout *time.Duration `yaml:"keepAliveTimeout,omitempty" json:"keepAliveTimeout,omitempty"`
// Sets the HTTP Host header for the local webserver.
HTTPHostHeader *string `yaml:"httpHostHeader,omitempty" json:"httpHostHeader,omitempty"`
// Hostname on the origin server certificate.
OriginServerName *string `yaml:"originServerName,omitempty" json:"originServerName,omitempty"`
// Path to the CA for the certificate of your origin.
// This option should be used only if your certificate is not signed by Cloudflare.
CAPool *string `yaml:"caPool,omitempty" json:"caPool,omitempty"`
// Disables TLS verification of the certificate presented by your origin.
// Will allow any certificate from the origin to be accepted.
// Note: The connection from your machine to Cloudflare's Edge is still encrypted.
NoTLSVerify *bool `yaml:"noTLSVerify,omitempty" json:"noTLSVerify,omitempty"`
// Attempt to connect to origin using HTTP2. Origin must be configured as https.
Http2Origin *bool `yaml:"http2Origin,omitempty" json:"http2Origin,omitempty"`
// Disables chunked transfer encoding.
// Useful if you are running a WSGI server.
DisableChunkedEncoding *bool `yaml:"disableChunkedEncoding,omitempty" json:"disableChunkedEncoding,omitempty"`
// Runs as jump host
BastionMode *bool `yaml:"bastionMode,omitempty" json:"bastionMode,omitempty"`
// Listen address for the proxy.
ProxyAddress *string `yaml:"proxyAddress,omitempty" json:"proxyAddress,omitempty"`
// Listen port for the proxy.
ProxyPort *uint `yaml:"proxyPort,omitempty" json:"proxyPort,omitempty"`
// Valid options are 'socks' or empty.
ProxyType *string `yaml:"proxyType,omitempty" json:"proxyType,omitempty"`
// IP rules for the proxy service
IPRules []IngressIPRule `yaml:"ipRules,omitempty" json:"ipRules,omitempty"`
}
OriginRequestConfig is a cloudflared origin request configuration model
type ProtocolDetectionSettings ¶ added in v0.17.5
type ProtocolDetectionSettings struct {
Enabled bool
}
ProtocolDetectionSettings for protocol detection.
type RetryConfig ¶ added in v0.17.3
type RetryConfig struct {
// BaseDelay is the initial delay before retry
BaseDelay time.Duration
// MaxDelay is the maximum delay between retries
MaxDelay time.Duration
// MaxRetries is the maximum number of retries (0 = no limit)
MaxRetries int
// RetryCount tracks the current retry count (for exponential backoff)
RetryCount int
}
RetryConfig holds configuration for retry behavior
func DefaultRetryConfig ¶ added in v0.17.3
func DefaultRetryConfig() RetryConfig
DefaultRetryConfig returns a default retry configuration
type SplitTunnelEntry ¶
type SplitTunnelEntry struct {
Address string `json:"address,omitempty"`
Host string `json:"host,omitempty"`
Description string `json:"description,omitempty"`
}
SplitTunnelEntry represents a split tunnel configuration entry.
type TLSDecryptSettings ¶ added in v0.17.5
type TLSDecryptSettings struct {
Enabled bool
}
TLSDecryptSettings for TLS decryption.
type TunnelCredentialsFile ¶
type TunnelCredentialsFile struct {
AccountTag string `json:"AccountTag"`
TunnelID string `json:"TunnelID"`
TunnelName string `json:"TunnelName"`
TunnelSecret string `json:"TunnelSecret"`
}
TunnelCredentialsFile object containing the fields that make up a Cloudflare Tunnel's credentials
type TunnelRouteParams ¶
type TunnelRouteParams struct {
Network string // CIDR notation
TunnelID string
VirtualNetworkID string
Comment string
}
TunnelRouteParams contains parameters for creating a Tunnel Route.
type TunnelRouteResult ¶
type TunnelRouteResult struct {
Network string
TunnelID string
TunnelName string
VirtualNetworkID string
Comment string
}
TunnelRouteResult contains the result of a Tunnel Route operation.
type UnvalidatedIngressRule ¶
type UnvalidatedIngressRule struct {
Hostname string `yaml:"hostname,omitempty" json:"hostname,omitempty"`
Path string `yaml:"path,omitempty" json:"path,omitempty"`
Service string `yaml:"service" json:"service"`
OriginRequest OriginRequestConfig `yaml:"originRequest,omitempty" json:"originRequest,omitempty"`
}
UnvalidatedIngressRule is a cloudflared ingress entry model
type VirtualNetworkParams ¶
VirtualNetworkParams contains parameters for creating or updating a Virtual Network.
type VirtualNetworkResult ¶
type VirtualNetworkResult struct {
ID string
Name string
Comment string
IsDefaultNetwork bool
DeletedAt *string
}
VirtualNetworkResult contains the result of a Virtual Network operation.
type WARPConnectorResult ¶
WARPConnectorResult contains the result of a WARP Connector operation.
type WARPConnectorTokenResult ¶
type WARPConnectorTokenResult struct {
Token string
}
WARPConnectorTokenResult contains the tunnel token for a WARP connector.
type WarpRoutingConfig ¶
type WarpRoutingConfig struct {
Enabled bool `yaml:"enabled,omitempty" json:"enabled,omitempty"`
}
WarpRoutingConfig is a cloudflared warp routing model
Source Files
Directories