cf

package

v0.17.0 Latest Latest Go to latest Published: Jan 7, 2026 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/StringKe/cloudflare-operator

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func ResetDefaultFactory()
func SetDefaultFactory(factory ClientFactory)
type API
- func NewAPIClientFromCredentialsRef(ctx context.Context, k8sClient client.Client, ...) (*API, error)
- func NewAPIClientFromDefaultCredentials(ctx context.Context, k8sClient client.Client) (*API, error)
- func NewAPIClientFromDetails(ctx context.Context, k8sClient client.Client, namespace string, ...) (*API, error)
- func NewAPIClientFromSecret(ctx context.Context, k8sClient client.Client, secretName, namespace string, ...) (*API, error)
- func (c *API) CreateAccessApplication(params AccessApplicationParams) (*AccessApplicationResult, error)
- func (c *API) CreateAccessGroup(params AccessGroupParams) (*AccessGroupResult, error)
- func (c *API) CreateAccessIdentityProvider(params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)
- func (c *API) CreateAccessServiceToken(name string, duration string) (*AccessServiceTokenResult, error)
- func (c *API) CreateDNSRecord(params DNSRecordParams) (*DNSRecordResult, error)
- func (c *API) CreateDevicePostureRule(params DevicePostureRuleParams) (*DevicePostureRuleResult, error)
- func (c *API) CreateGatewayList(params GatewayListParams) (*GatewayListResult, error)
- func (c *API) CreateGatewayRule(params GatewayRuleParams) (*GatewayRuleResult, error)
- func (c *API) CreateTunnel() (string, string, error)
- func (c *API) CreateTunnelRoute(params TunnelRouteParams) (*TunnelRouteResult, error)
- func (c *API) CreateVirtualNetwork(params VirtualNetworkParams) (*VirtualNetworkResult, error)
- func (c *API) CreateWARPConnector(name string) (*WARPConnectorResult, error)
- func (c *API) DeleteAccessApplication(applicationID string) error
- func (c *API) DeleteAccessGroup(groupID string) error
- func (c *API) DeleteAccessIdentityProvider(idpID string) error
- func (c *API) DeleteAccessServiceToken(tokenID string) error
- func (c *API) DeleteDNSId(fqdn, dnsId string, created bool) error
- func (c *API) DeleteDNSRecord(zoneID, recordID string) error
- func (c *API) DeleteDevicePostureRule(ruleID string) error
- func (c *API) DeleteGatewayList(listID string) error
- func (c *API) DeleteGatewayRule(ruleID string) error
- func (c *API) DeleteTunnel() error
- func (c *API) DeleteTunnelRoute(network, virtualNetworkID string) error
- func (c *API) DeleteVirtualNetwork(virtualNetworkID string) error
- func (c *API) DeleteWARPConnector(connectorID string) error
- func (c *API) GetAccessApplication(applicationID string) (*AccessApplicationResult, error)
- func (c *API) GetAccessGroup(groupID string) (*AccessGroupResult, error)
- func (c *API) GetAccessIdentityProvider(idpID string) (*AccessIdentityProviderResult, error)
- func (c *API) GetAccountId() (string, error)
- func (c *API) GetDNSCNameId(fqdn string) (string, error)
- func (c *API) GetDNSRecord(zoneID, recordID string) (*DNSRecordResult, error)
- func (c *API) GetDevicePostureRule(ruleID string) (*DevicePostureRuleResult, error)
- func (c *API) GetFallbackDomains() ([]FallbackDomainEntry, error)
- func (c *API) GetGatewayList(listID string) (*GatewayListResult, error)
- func (c *API) GetGatewayRule(ruleID string) (*GatewayRuleResult, error)
- func (c *API) GetManagedDnsTxt(fqdn string) (string, DnsManagedRecordTxt, bool, error)
- func (c *API) GetSplitTunnelExclude() ([]SplitTunnelEntry, error)
- func (c *API) GetSplitTunnelInclude() ([]SplitTunnelEntry, error)
- func (c *API) GetTunnelCreds(tunnelSecret string) (string, error)
- func (c *API) GetTunnelId() (string, error)
- func (c *API) GetTunnelRoute(network, virtualNetworkID string) (*TunnelRouteResult, error)
- func (c *API) GetVirtualNetwork(virtualNetworkID string) (*VirtualNetworkResult, error)
- func (c *API) GetVirtualNetworkByName(name string) (*VirtualNetworkResult, error)
- func (c *API) GetWARPConnectorToken(connectorID string) (*WARPConnectorTokenResult, error)
- func (c *API) GetZoneId() (string, error)
- func (c *API) InsertOrUpdateCName(fqdn, dnsId string) (string, error)
- func (c *API) InsertOrUpdateTXT(fqdn, txtId, dnsId string) error
- func (c *API) ListAccessApplicationsByName(name string) (*AccessApplicationResult, error)
- func (c *API) ListGatewayListsByName(name string) (*GatewayListResult, error)
- func (c *API) ListGatewayRulesByName(name string) (*GatewayRuleResult, error)
- func (c *API) RefreshAccessServiceToken(tokenID string) (*AccessServiceTokenResult, error)
- func (c *API) UpdateAccessApplication(applicationID string, params AccessApplicationParams) (*AccessApplicationResult, error)
- func (c *API) UpdateAccessGroup(groupID string, params AccessGroupParams) (*AccessGroupResult, error)
- func (c *API) UpdateAccessIdentityProvider(idpID string, params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)
- func (c *API) UpdateAccessServiceToken(tokenID string, name string, duration string) (*AccessServiceTokenResult, error)
- func (c *API) UpdateDNSRecord(zoneID, recordID string, params DNSRecordParams) (*DNSRecordResult, error)
- func (c *API) UpdateDevicePostureRule(ruleID string, params DevicePostureRuleParams) (*DevicePostureRuleResult, error)
- func (c *API) UpdateFallbackDomains(entries []FallbackDomainEntry) error
- func (c *API) UpdateGatewayConfiguration(params GatewayConfigurationParams) (*GatewayConfigurationResult, error)
- func (c *API) UpdateGatewayList(listID string, params GatewayListParams) (*GatewayListResult, error)
- func (c *API) UpdateGatewayRule(ruleID string, params GatewayRuleParams) (*GatewayRuleResult, error)
- func (c *API) UpdateSplitTunnelExclude(entries []SplitTunnelEntry) error
- func (c *API) UpdateSplitTunnelInclude(entries []SplitTunnelEntry) error
- func (c *API) UpdateTunnelRoute(network string, params TunnelRouteParams) (*TunnelRouteResult, error)
- func (c *API) UpdateVirtualNetwork(virtualNetworkID string, params VirtualNetworkParams) (*VirtualNetworkResult, error)
- func (c *API) ValidateAll() error
type AccessApplicationParams
type AccessApplicationResult
type AccessGroupParams
type AccessGroupResult
type AccessIdentityProviderParams
type AccessIdentityProviderResult
type AccessServiceTokenResult
type ClientConfig
type ClientFactory
- func GetDefaultFactory() ClientFactory
- func NewDefaultClientFactory() ClientFactory
type CloudflareClient
type Configuration
type DNSRecordParams
type DNSRecordResult
type DefaultClientFactory
- func (*DefaultClientFactory) NewClient(config ClientConfig) (CloudflareClient, error)
type DevicePostureRuleParams
type DevicePostureRuleResult
type DnsManagedRecordTxt
type FallbackDomainEntry
type GatewayConfigurationParams
type GatewayConfigurationResult
type GatewayListItem
type GatewayListParams
type GatewayListResult
type GatewayRuleParams
type GatewayRuleResult
type IngressIPRule
type OriginRequestConfig
type SplitTunnelEntry
type TunnelCredentialsFile
type TunnelRouteParams
type TunnelRouteResult
type UnvalidatedIngressRule
type VirtualNetworkParams
type VirtualNetworkResult
type WARPConnectorResult
type WARPConnectorTokenResult
type WarpRoutingConfig

Constants ¶

View Source

const TXT_PREFIX = "_managed."

TXT_PREFIX is the prefix added to TXT records for whom the corresponding DNS records are managed by the operator.

Variables ¶

View Source

var ErrNoCredentials = errors.New("no API credentials provided: either APIToken or (APIKey + Email) required")

ErrNoCredentials is returned when no API credentials are provided.

Functions ¶

func ResetDefaultFactory ¶

func ResetDefaultFactory()

ResetDefaultFactory resets the default ClientFactory to the real implementation.

func SetDefaultFactory ¶

func SetDefaultFactory(factory ClientFactory)

SetDefaultFactory sets the default ClientFactory (useful for testing).

Types ¶

type API ¶

type API struct {
	Log              logr.Logger
	TunnelName       string
	TunnelId         string
	AccountName      string
	AccountId        string
	Domain           string
	ValidAccountId   string
	ValidTunnelId    string
	ValidTunnelName  string
	ValidZoneId      string
	CloudflareClient *cloudflare.API
}

API config object holding all relevant fields to use the API

func NewAPIClientFromCredentialsRef ¶ added in v0.17.0

func NewAPIClientFromCredentialsRef(ctx context.Context, k8sClient client.Client, ref *networkingv1alpha2.CloudflareCredentialsRef) (*API, error)

NewAPIClientFromCredentialsRef creates a new API client from a CloudflareCredentials reference.

func NewAPIClientFromDefaultCredentials ¶ added in v0.17.0

func NewAPIClientFromDefaultCredentials(ctx context.Context, k8sClient client.Client) (*API, error)

NewAPIClientFromDefaultCredentials creates a new API client using the default CloudflareCredentials.

func NewAPIClientFromDetails ¶

func NewAPIClientFromDetails(ctx context.Context, k8sClient client.Client, namespace string, details networkingv1alpha2.CloudflareDetails) (*API, error)

NewAPIClientFromDetails creates a new API client from CloudflareDetails. This function supports both the new CloudflareCredentials reference and legacy inline secrets. Priority order:

credentialsRef (if specified) - references a CloudflareCredentials resource
inline secret (if specified) - legacy mode for backwards compatibility
default CloudflareCredentials (if no credentials specified)

func NewAPIClientFromSecret ¶

func NewAPIClientFromSecret(ctx context.Context, k8sClient client.Client, secretName, namespace string, log logr.Logger) (*API, error)

NewAPIClientFromSecret creates a new API client from a secret reference. This is a legacy function maintained for backwards compatibility.

func (*API) CreateAccessApplication ¶

func (c *API) CreateAccessApplication(params AccessApplicationParams) (*AccessApplicationResult, error)

CreateAccessApplication creates a new Access Application.

func (*API) CreateAccessGroup ¶

func (c *API) CreateAccessGroup(params AccessGroupParams) (*AccessGroupResult, error)

CreateAccessGroup creates a new Access Group.

func (*API) CreateAccessIdentityProvider ¶

func (c *API) CreateAccessIdentityProvider(params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)

CreateAccessIdentityProvider creates a new Access Identity Provider.

func (*API) CreateAccessServiceToken ¶

func (c *API) CreateAccessServiceToken(name string, duration string) (*AccessServiceTokenResult, error)

CreateAccessServiceToken creates a new Access Service Token.

func (*API) CreateDNSRecord ¶

func (c *API) CreateDNSRecord(params DNSRecordParams) (*DNSRecordResult, error)

CreateDNSRecord creates a new DNS record.

func (*API) CreateDevicePostureRule ¶

func (c *API) CreateDevicePostureRule(params DevicePostureRuleParams) (*DevicePostureRuleResult, error)

CreateDevicePostureRule creates a new Device Posture Rule.

func (*API) CreateGatewayList ¶

func (c *API) CreateGatewayList(params GatewayListParams) (*GatewayListResult, error)

CreateGatewayList creates a new Gateway List.

func (*API) CreateGatewayRule ¶

func (c *API) CreateGatewayRule(params GatewayRuleParams) (*GatewayRuleResult, error)

CreateGatewayRule creates a new Gateway Rule.

func (*API) CreateTunnel ¶

func (c *API) CreateTunnel() (string, string, error)

CreateTunnel creates a Cloudflare Tunnel and returns the tunnel Id and credentials file

func (*API) CreateTunnelRoute ¶

func (c *API) CreateTunnelRoute(params TunnelRouteParams) (*TunnelRouteResult, error)

CreateTunnelRoute creates a new Tunnel Route for private network access.

func (*API) CreateVirtualNetwork ¶

func (c *API) CreateVirtualNetwork(params VirtualNetworkParams) (*VirtualNetworkResult, error)

CreateVirtualNetwork creates a new Virtual Network in Cloudflare.

func (*API) CreateWARPConnector ¶

func (c *API) CreateWARPConnector(name string) (*WARPConnectorResult, error)

CreateWARPConnector creates a new WARP Connector.

func (*API) DeleteAccessApplication ¶

func (c *API) DeleteAccessApplication(applicationID string) error

DeleteAccessApplication deletes an Access Application.

func (*API) DeleteAccessGroup ¶

func (c *API) DeleteAccessGroup(groupID string) error

DeleteAccessGroup deletes an Access Group.

func (*API) DeleteAccessIdentityProvider ¶

func (c *API) DeleteAccessIdentityProvider(idpID string) error

DeleteAccessIdentityProvider deletes an Access Identity Provider.

func (*API) DeleteAccessServiceToken ¶

func (c *API) DeleteAccessServiceToken(tokenID string) error

DeleteAccessServiceToken deletes an Access Service Token.

func (*API) DeleteDNSId ¶

func (c *API) DeleteDNSId(fqdn, dnsId string, created bool) error

DeleteDNSId deletes DNS entry for the given dnsId

func (*API) DeleteDevicePostureRule ¶

func (c *API) DeleteDevicePostureRule(ruleID string) error

DeleteDevicePostureRule deletes a Device Posture Rule.

func (*API) DeleteGatewayList ¶

func (c *API) DeleteGatewayList(listID string) error

DeleteGatewayList deletes a Gateway List.

func (*API) DeleteGatewayRule ¶

func (c *API) DeleteGatewayRule(ruleID string) error

DeleteGatewayRule deletes a Gateway Rule.

func (*API) DeleteTunnelRoute ¶

func (c *API) DeleteTunnelRoute(network, virtualNetworkID string) error

DeleteTunnelRoute deletes a Tunnel Route.

func (*API) DeleteVirtualNetwork ¶

func (c *API) DeleteVirtualNetwork(virtualNetworkID string) error

DeleteVirtualNetwork deletes a Virtual Network.

func (*API) DeleteWARPConnector ¶

func (c *API) DeleteWARPConnector(connectorID string) error

DeleteWARPConnector deletes a WARP Connector.

func (*API) GetAccessApplication ¶

func (c *API) GetAccessApplication(applicationID string) (*AccessApplicationResult, error)

GetAccessApplication retrieves an Access Application by ID.

func (*API) GetAccessGroup ¶

func (c *API) GetAccessGroup(groupID string) (*AccessGroupResult, error)

GetAccessGroup retrieves an Access Group by ID.

func (*API) GetAccessIdentityProvider ¶

func (c *API) GetAccessIdentityProvider(idpID string) (*AccessIdentityProviderResult, error)

GetAccessIdentityProvider retrieves an Access Identity Provider by ID.

func (*API) GetAccountId ¶

func (c *API) GetAccountId() (string, error)

GetAccountId gets AccountId from Account Name

func (*API) GetDNSCNameId ¶

func (c *API) GetDNSCNameId(fqdn string) (string, error)

GetDNSCNameId returns the ID of the CNAME record requested

func (*API) GetDNSRecord ¶

func (c *API) GetDNSRecord(zoneID, recordID string) (*DNSRecordResult, error)

GetDNSRecord retrieves a DNS record by ID.

func (*API) GetDevicePostureRule ¶

func (c *API) GetDevicePostureRule(ruleID string) (*DevicePostureRuleResult, error)

GetDevicePostureRule retrieves a Device Posture Rule by ID.

func (*API) GetFallbackDomains ¶

func (c *API) GetFallbackDomains() ([]FallbackDomainEntry, error)

GetFallbackDomains retrieves the current fallback domains list.

func (*API) GetGatewayList ¶

func (c *API) GetGatewayList(listID string) (*GatewayListResult, error)

GetGatewayList retrieves a Gateway List by ID.

func (*API) GetGatewayRule ¶

func (c *API) GetGatewayRule(ruleID string) (*GatewayRuleResult, error)

GetGatewayRule retrieves a Gateway Rule by ID.

func (*API) GetManagedDnsTxt ¶

func (c *API) GetManagedDnsTxt(fqdn string) (string, DnsManagedRecordTxt, bool, error)

GetManagedDnsTxt gets the TXT record corresponding to the fqdn

func (*API) GetSplitTunnelExclude ¶

func (c *API) GetSplitTunnelExclude() ([]SplitTunnelEntry, error)

GetSplitTunnelExclude retrieves the current split tunnel exclude list.

func (*API) GetSplitTunnelInclude ¶

func (c *API) GetSplitTunnelInclude() ([]SplitTunnelEntry, error)

GetSplitTunnelInclude retrieves the current split tunnel include list.

func (*API) GetTunnelCreds ¶

func (c *API) GetTunnelCreds(tunnelSecret string) (string, error)

GetTunnelCreds gets Tunnel Credentials from Tunnel secret

func (*API) GetTunnelId ¶

func (c *API) GetTunnelId() (string, error)

GetTunnelId gets Tunnel Id from available information

func (*API) GetTunnelRoute ¶

func (c *API) GetTunnelRoute(network, virtualNetworkID string) (*TunnelRouteResult, error)

GetTunnelRoute retrieves a Tunnel Route by network CIDR and virtual network ID.

func (*API) GetVirtualNetwork ¶

func (c *API) GetVirtualNetwork(virtualNetworkID string) (*VirtualNetworkResult, error)

GetVirtualNetwork retrieves a Virtual Network by ID.

func (*API) GetVirtualNetworkByName ¶

func (c *API) GetVirtualNetworkByName(name string) (*VirtualNetworkResult, error)

GetVirtualNetworkByName retrieves a Virtual Network by name.

func (*API) GetWARPConnectorToken ¶

func (c *API) GetWARPConnectorToken(connectorID string) (*WARPConnectorTokenResult, error)

GetWARPConnectorToken retrieves the tunnel token for a WARP connector.

func (*API) GetZoneId ¶

func (c *API) GetZoneId() (string, error)

GetZoneId gets Zone Id from DNS domain

func (*API) InsertOrUpdateCName ¶

func (c *API) InsertOrUpdateCName(fqdn, dnsId string) (string, error)

InsertOrUpdateCName upsert DNS CNAME record for the given FQDN to point to the tunnel

func (*API) InsertOrUpdateTXT ¶

func (c *API) InsertOrUpdateTXT(fqdn, txtId, dnsId string) error

InsertOrUpdateTXT upsert DNS TXT record for the given FQDN to point to the tunnel

func (*API) ListAccessApplicationsByName ¶

func (c *API) ListAccessApplicationsByName(name string) (*AccessApplicationResult, error)

ListAccessApplicationsByName finds an Access Application by name.

func (*API) ListGatewayListsByName ¶

func (c *API) ListGatewayListsByName(name string) (*GatewayListResult, error)

ListGatewayListsByName finds a Gateway List by name.

func (*API) ListGatewayRulesByName ¶

func (c *API) ListGatewayRulesByName(name string) (*GatewayRuleResult, error)

ListGatewayRulesByName finds a Gateway Rule by name.

func (*API) RefreshAccessServiceToken ¶

func (c *API) RefreshAccessServiceToken(tokenID string) (*AccessServiceTokenResult, error)

RefreshAccessServiceToken refreshes an Access Service Token, generating a new client secret.

func (*API) UpdateAccessApplication ¶

func (c *API) UpdateAccessApplication(applicationID string, params AccessApplicationParams) (*AccessApplicationResult, error)

UpdateAccessApplication updates an existing Access Application.

func (*API) UpdateAccessGroup ¶

func (c *API) UpdateAccessGroup(groupID string, params AccessGroupParams) (*AccessGroupResult, error)

UpdateAccessGroup updates an existing Access Group.

func (*API) UpdateAccessIdentityProvider ¶

func (c *API) UpdateAccessIdentityProvider(idpID string, params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)

UpdateAccessIdentityProvider updates an existing Access Identity Provider.

func (*API) UpdateAccessServiceToken ¶

func (c *API) UpdateAccessServiceToken(tokenID string, name string, duration string) (*AccessServiceTokenResult, error)

UpdateAccessServiceToken updates an existing Access Service Token.

func (*API) UpdateDNSRecord ¶

func (c *API) UpdateDNSRecord(zoneID, recordID string, params DNSRecordParams) (*DNSRecordResult, error)

UpdateDNSRecord updates an existing DNS record.

func (*API) UpdateDevicePostureRule ¶

func (c *API) UpdateDevicePostureRule(ruleID string, params DevicePostureRuleParams) (*DevicePostureRuleResult, error)

UpdateDevicePostureRule updates an existing Device Posture Rule.

func (*API) UpdateFallbackDomains ¶

func (c *API) UpdateFallbackDomains(entries []FallbackDomainEntry) error

UpdateFallbackDomains updates the fallback domains list.

func (*API) UpdateGatewayConfiguration ¶

func (c *API) UpdateGatewayConfiguration(params GatewayConfigurationParams) (*GatewayConfigurationResult, error)

UpdateGatewayConfiguration updates the Gateway configuration for an account.

func (*API) UpdateGatewayList ¶

func (c *API) UpdateGatewayList(listID string, params GatewayListParams) (*GatewayListResult, error)

UpdateGatewayList updates an existing Gateway List.

func (*API) UpdateGatewayRule ¶

func (c *API) UpdateGatewayRule(ruleID string, params GatewayRuleParams) (*GatewayRuleResult, error)

UpdateGatewayRule updates an existing Gateway Rule.

func (*API) UpdateSplitTunnelExclude ¶

func (c *API) UpdateSplitTunnelExclude(entries []SplitTunnelEntry) error

UpdateSplitTunnelExclude updates the split tunnel exclude list.

func (*API) UpdateSplitTunnelInclude ¶

func (c *API) UpdateSplitTunnelInclude(entries []SplitTunnelEntry) error

UpdateSplitTunnelInclude updates the split tunnel include list.

func (*API) UpdateTunnelRoute ¶

func (c *API) UpdateTunnelRoute(network string, params TunnelRouteParams) (*TunnelRouteResult, error)

UpdateTunnelRoute updates an existing Tunnel Route.

func (*API) UpdateVirtualNetwork ¶

func (c *API) UpdateVirtualNetwork(virtualNetworkID string, params VirtualNetworkParams) (*VirtualNetworkResult, error)

UpdateVirtualNetwork updates an existing Virtual Network.

func (*API) ValidateAll ¶

func (c *API) ValidateAll() error

ValidateAll validates the contents of the API struct

type AccessApplicationParams ¶

type AccessApplicationParams struct {
	Name                     string
	Domain                   string
	Type                     string // self_hosted, saas, ssh, vnc, app_launcher, warp, biso, bookmark, dash_sso
	SessionDuration          string
	AllowedIdps              []string
	AutoRedirectToIdentity   *bool
	EnableBindingCookie      *bool
	HttpOnlyCookieAttribute  *bool
	SameSiteCookieAttribute  string
	LogoURL                  string
	SkipInterstitial         *bool
	AppLauncherVisible       *bool
	ServiceAuth401Redirect   *bool
	CustomDenyMessage        string
	CustomDenyURL            string
	AllowAuthenticateViaWarp *bool
	Tags                     []string
}

AccessApplicationParams contains parameters for creating/updating an Access Application.

type AccessApplicationResult ¶

type AccessApplicationResult struct {
	ID                     string
	AUD                    string
	Name                   string
	Domain                 string
	Type                   string
	SessionDuration        string
	AllowedIdps            []string
	AutoRedirectToIdentity bool
}

AccessApplicationResult contains the result of an Access Application operation.

type AccessGroupParams ¶

type AccessGroupParams struct {
	Name    string
	Include []interface{}
	Exclude []interface{}
	Require []interface{}
}

AccessGroupParams contains parameters for creating/updating an Access Group.

type AccessGroupResult ¶

type AccessGroupResult struct {
	ID   string
	Name string
}

AccessGroupResult contains the result of an Access Group operation.

type AccessIdentityProviderParams ¶

type AccessIdentityProviderParams struct {
	Name       string
	Type       string
	Config     cloudflare.AccessIdentityProviderConfiguration
	ScimConfig cloudflare.AccessIdentityProviderScimConfiguration
}

AccessIdentityProviderParams contains parameters for an Access Identity Provider.

type AccessIdentityProviderResult ¶

type AccessIdentityProviderResult struct {
	ID   string
	Name string
	Type string
}

AccessIdentityProviderResult contains the result of an Access Identity Provider operation.

type AccessServiceTokenResult ¶

type AccessServiceTokenResult struct {
	ID           string
	TokenID      string
	Name         string
	ClientID     string
	ClientSecret string
	AccountID    string
	ExpiresAt    string
}

AccessServiceTokenResult contains the result of an Access Service Token operation.

type ClientConfig ¶

type ClientConfig struct {
	Log         logr.Logger
	APIToken    string
	APIKey      string
	Email       string
	AccountID   string
	AccountName string
	Domain      string
	TunnelID    string
	TunnelName  string
}

ClientConfig contains configuration for creating a CloudflareClient.

type ClientFactory ¶

type ClientFactory interface {
	// NewClient creates a new CloudflareClient with the given configuration.
	NewClient(config ClientConfig) (CloudflareClient, error)
}

ClientFactory creates CloudflareClient instances. This interface enables dependency injection for testing.

func GetDefaultFactory ¶

func GetDefaultFactory() ClientFactory

GetDefaultFactory returns the default ClientFactory.

func NewDefaultClientFactory ¶

func NewDefaultClientFactory() ClientFactory

NewDefaultClientFactory creates a new DefaultClientFactory.

type CloudflareClient ¶

type CloudflareClient interface {
	// Tunnel operations
	CreateTunnel() (string, string, error)
	DeleteTunnel() error
	ValidateAll() error
	GetAccountId() (string, error)
	GetTunnelId() (string, error)
	GetTunnelCreds(tunnelSecret string) (string, error)
	GetZoneId() (string, error)

	// DNS operations (api.go - CNAME/TXT for tunnels)
	InsertOrUpdateCName(fqdn, dnsID string) (string, error)
	DeleteDNSId(fqdn, dnsID string, created bool) error
	GetDNSCNameId(fqdn string) (string, error)
	GetManagedDnsTxt(fqdn string) (string, DnsManagedRecordTxt, bool, error)
	InsertOrUpdateTXT(fqdn, txtID, dnsID string) error

	// DNS operations (dns.go - Generic DNS records)
	CreateDNSRecord(params DNSRecordParams) (*DNSRecordResult, error)
	GetDNSRecord(zoneID, recordID string) (*DNSRecordResult, error)
	UpdateDNSRecord(zoneID, recordID string, params DNSRecordParams) (*DNSRecordResult, error)
	DeleteDNSRecord(zoneID, recordID string) error

	// Virtual Network operations
	CreateVirtualNetwork(params VirtualNetworkParams) (*VirtualNetworkResult, error)
	GetVirtualNetwork(virtualNetworkID string) (*VirtualNetworkResult, error)
	GetVirtualNetworkByName(name string) (*VirtualNetworkResult, error)
	UpdateVirtualNetwork(virtualNetworkID string, params VirtualNetworkParams) (*VirtualNetworkResult, error)
	DeleteVirtualNetwork(virtualNetworkID string) error

	// Tunnel Route operations
	CreateTunnelRoute(params TunnelRouteParams) (*TunnelRouteResult, error)
	GetTunnelRoute(network, virtualNetworkID string) (*TunnelRouteResult, error)
	UpdateTunnelRoute(network string, params TunnelRouteParams) (*TunnelRouteResult, error)
	DeleteTunnelRoute(network, virtualNetworkID string) error

	// Access Application operations
	CreateAccessApplication(params AccessApplicationParams) (*AccessApplicationResult, error)
	GetAccessApplication(applicationID string) (*AccessApplicationResult, error)
	UpdateAccessApplication(applicationID string, params AccessApplicationParams) (*AccessApplicationResult, error)
	DeleteAccessApplication(applicationID string) error
	ListAccessApplicationsByName(name string) (*AccessApplicationResult, error)

	// Access Group operations
	CreateAccessGroup(params AccessGroupParams) (*AccessGroupResult, error)
	GetAccessGroup(groupID string) (*AccessGroupResult, error)
	UpdateAccessGroup(groupID string, params AccessGroupParams) (*AccessGroupResult, error)
	DeleteAccessGroup(groupID string) error

	// Access Identity Provider operations
	CreateAccessIdentityProvider(params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)
	GetAccessIdentityProvider(idpID string) (*AccessIdentityProviderResult, error)
	UpdateAccessIdentityProvider(idpID string, params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)
	DeleteAccessIdentityProvider(idpID string) error

	// Access Service Token operations
	CreateAccessServiceToken(name string, duration string) (*AccessServiceTokenResult, error)
	UpdateAccessServiceToken(tokenID string, name string, duration string) (*AccessServiceTokenResult, error)
	RefreshAccessServiceToken(tokenID string) (*AccessServiceTokenResult, error)
	DeleteAccessServiceToken(tokenID string) error

	// Device Posture Rule operations
	CreateDevicePostureRule(params DevicePostureRuleParams) (*DevicePostureRuleResult, error)
	GetDevicePostureRule(ruleID string) (*DevicePostureRuleResult, error)
	UpdateDevicePostureRule(ruleID string, params DevicePostureRuleParams) (*DevicePostureRuleResult, error)
	DeleteDevicePostureRule(ruleID string) error

	// Gateway Rule operations
	CreateGatewayRule(params GatewayRuleParams) (*GatewayRuleResult, error)
	GetGatewayRule(ruleID string) (*GatewayRuleResult, error)
	UpdateGatewayRule(ruleID string, params GatewayRuleParams) (*GatewayRuleResult, error)
	DeleteGatewayRule(ruleID string) error
	ListGatewayRulesByName(name string) (*GatewayRuleResult, error)

	// Gateway List operations
	CreateGatewayList(params GatewayListParams) (*GatewayListResult, error)
	GetGatewayList(listID string) (*GatewayListResult, error)
	UpdateGatewayList(listID string, params GatewayListParams) (*GatewayListResult, error)
	DeleteGatewayList(listID string) error
	ListGatewayListsByName(name string) (*GatewayListResult, error)

	// Split Tunnel operations
	GetSplitTunnelExclude() ([]SplitTunnelEntry, error)
	UpdateSplitTunnelExclude(entries []SplitTunnelEntry) error
	GetSplitTunnelInclude() ([]SplitTunnelEntry, error)
	UpdateSplitTunnelInclude(entries []SplitTunnelEntry) error

	// Fallback Domain operations
	GetFallbackDomains() ([]FallbackDomainEntry, error)
	UpdateFallbackDomains(entries []FallbackDomainEntry) error

	// WARP Connector operations
	CreateWARPConnector(name string) (*WARPConnectorResult, error)
	GetWARPConnectorToken(connectorID string) (*WARPConnectorTokenResult, error)
	DeleteWARPConnector(connectorID string) error

	// Gateway Configuration operations
	UpdateGatewayConfiguration(params GatewayConfigurationParams) (*GatewayConfigurationResult, error)
}

CloudflareClient defines the interface for interacting with the Cloudflare API. This interface enables dependency injection and mocking for unit tests. The interface is intentionally large to cover all Cloudflare API operations.

type Configuration ¶

type Configuration struct {
	TunnelId      string                   `yaml:"tunnel"`
	Ingress       []UnvalidatedIngressRule `yaml:"ingress,omitempty"`
	WarpRouting   WarpRoutingConfig        `yaml:"warp-routing,omitempty"`
	OriginRequest OriginRequestConfig      `yaml:"originRequest,omitempty"`
	SourceFile    string                   `yaml:"credentials-file"`
	Metrics       string                   `yaml:"metrics,omitempty"`
	NoAutoUpdate  bool                     `yaml:"no-autoupdate,omitempty"`
}

Configuration is a cloudflared configuration yaml model https://github.com/cloudflare/cloudflared/blob/master/config/configuration.go

type DNSRecordParams ¶

type DNSRecordParams struct {
	Name     string
	Type     string
	Content  string
	TTL      int
	Proxied  bool
	Priority *int
	Comment  string
	Tags     []string
	Data     map[string]interface{}
}

DNSRecordParams contains parameters for creating/updating a DNS record.

type DNSRecordResult ¶

type DNSRecordResult struct {
	ID      string
	ZoneID  string
	Name    string
	Type    string
	Content string
	TTL     int
	Proxied bool
}

DNSRecordResult contains the result of a DNS record operation.

type DefaultClientFactory ¶

type DefaultClientFactory struct{}

DefaultClientFactory creates real CloudflareClient instances.

func (*DefaultClientFactory) NewClient ¶

func (*DefaultClientFactory) NewClient(config ClientConfig) (CloudflareClient, error)

NewClient creates a new CloudflareClient using the real Cloudflare API.

type DevicePostureRuleParams ¶

type DevicePostureRuleParams struct {
	Name        string
	Type        string
	Description string
	Schedule    string
	Expiration  string
	Match       []map[string]interface{}
	Input       map[string]interface{}
}

DevicePostureRuleParams contains parameters for a Device Posture Rule.

type DevicePostureRuleResult ¶

type DevicePostureRuleResult struct {
	ID          string
	Name        string
	Type        string
	Description string
	AccountID   string
}

DevicePostureRuleResult contains the result of a Device Posture Rule operation.

type DnsManagedRecordTxt ¶

type DnsManagedRecordTxt struct {
	DnsId      string // DnsId of the managed record
	TunnelName string // TunnelName of the managed record
	TunnelId   string // TunnelId of the managed record
}

DnsManagedRecordTxt object that represents each managed DNS record in a separate TXT record

type FallbackDomainEntry ¶

type FallbackDomainEntry struct {
	Suffix      string   `json:"suffix"`
	Description string   `json:"description,omitempty"`
	DNSServer   []string `json:"dns_server,omitempty"`
}

FallbackDomainEntry represents a fallback domain configuration entry.

type GatewayConfigurationParams ¶

type GatewayConfigurationParams struct {
	Settings map[string]interface{}
}

GatewayConfigurationParams contains parameters for Gateway Configuration.

type GatewayConfigurationResult ¶

type GatewayConfigurationResult struct {
	AccountID string
}

GatewayConfigurationResult contains the result of a Gateway Configuration operation.

type GatewayListItem ¶

type GatewayListItem struct {
	Value       string
	Description string
}

GatewayListItem represents an item in a Gateway List.

type GatewayListParams ¶

type GatewayListParams struct {
	Name        string
	Description string
	Type        string // SERIAL, URL, DOMAIN, EMAIL, IP
	Items       []string
}

GatewayListParams contains parameters for a Gateway List.

type GatewayListResult ¶

type GatewayListResult struct {
	ID          string
	Name        string
	Description string
	Type        string
	Count       int
	AccountID   string
}

GatewayListResult contains the result of a Gateway List operation.

type GatewayRuleParams ¶

type GatewayRuleParams struct {
	Name          string
	Description   string
	Precedence    int
	Enabled       bool
	Action        string
	Filters       []cloudflare.TeamsFilterType
	Traffic       string
	Identity      string
	DevicePosture string
	RuleSettings  map[string]interface{}
}

GatewayRuleParams contains parameters for a Gateway Rule.

type GatewayRuleResult ¶

type GatewayRuleResult struct {
	ID          string
	Name        string
	Description string
	Precedence  int
	Enabled     bool
	Action      string
}

GatewayRuleResult contains the result of a Gateway Rule operation.

type IngressIPRule ¶

type IngressIPRule struct {
	Prefix *string `yaml:"prefix,omitempty"`
	Ports  []int   `yaml:"ports,omitempty"`
	Allow  bool    `yaml:"allow,omitempty"`
}

IngressIPRule is a cloudflared origin ingress IP rule config model

type OriginRequestConfig ¶

type OriginRequestConfig struct {
	// HTTP proxy timeout for establishing a new connection
	ConnectTimeout *time.Duration `yaml:"connectTimeout,omitempty"`
	// HTTP proxy timeout for completing a TLS handshake
	TLSTimeout *time.Duration `yaml:"tlsTimeout,omitempty"`
	// HTTP proxy TCP keepalive duration
	TCPKeepAlive *time.Duration `yaml:"tcpKeepAlive,omitempty"`
	// HTTP proxy should disable "happy eyeballs" for IPv4/v6 fallback
	NoHappyEyeballs *bool `yaml:"noHappyEyeballs,omitempty"`
	// HTTP proxy maximum keepalive connection pool size
	KeepAliveConnections *int `yaml:"keepAliveConnections,omitempty"`
	// HTTP proxy timeout for closing an idle connection
	KeepAliveTimeout *time.Duration `yaml:"keepAliveTimeout,omitempty"`
	// Sets the HTTP Host header for the local webserver.
	HTTPHostHeader *string `yaml:"httpHostHeader,omitempty"`
	// Hostname on the origin server certificate.
	OriginServerName *string `yaml:"originServerName,omitempty"`
	// Path to the CA for the certificate of your origin.
	// This option should be used only if your certificate is not signed by Cloudflare.
	CAPool *string `yaml:"caPool,omitempty"`
	// Disables TLS verification of the certificate presented by your origin.
	// Will allow any certificate from the origin to be accepted.
	// Note: The connection from your machine to Cloudflare's Edge is still encrypted.
	NoTLSVerify *bool `yaml:"noTLSVerify,omitempty"`
	// Attempt to connect to origin using HTTP2. Origin must be configured as https.
	Http2Origin *bool `yaml:"http2Origin,omitempty"`
	// Disables chunked transfer encoding.
	// Useful if you are running a WSGI server.
	DisableChunkedEncoding *bool `yaml:"disableChunkedEncoding,omitempty"`
	// Runs as jump host
	BastionMode *bool `yaml:"bastionMode,omitempty"`
	// Listen address for the proxy.
	ProxyAddress *string `yaml:"proxyAddress,omitempty"`
	// Listen port for the proxy.
	ProxyPort *uint `yaml:"proxyPort,omitempty"`
	// Valid options are 'socks' or empty.
	ProxyType *string `yaml:"proxyType,omitempty"`
	// IP rules for the proxy service
	IPRules []IngressIPRule `yaml:"ipRules,omitempty"`
}

OriginRequestConfig is a cloudflared origin request configuration model

type SplitTunnelEntry ¶

type SplitTunnelEntry struct {
	Address     string `json:"address,omitempty"`
	Host        string `json:"host,omitempty"`
	Description string `json:"description,omitempty"`
}

SplitTunnelEntry represents a split tunnel configuration entry.

type TunnelCredentialsFile ¶

type TunnelCredentialsFile struct {
	AccountTag   string `json:"AccountTag"`
	TunnelID     string `json:"TunnelID"`
	TunnelName   string `json:"TunnelName"`
	TunnelSecret string `json:"TunnelSecret"`
}

TunnelCredentialsFile object containing the fields that make up a Cloudflare Tunnel's credentials

type TunnelRouteParams ¶

type TunnelRouteParams struct {
	Network          string // CIDR notation
	TunnelID         string
	VirtualNetworkID string
	Comment          string
}

TunnelRouteParams contains parameters for creating a Tunnel Route.

type TunnelRouteResult ¶

type TunnelRouteResult struct {
	Network          string
	TunnelID         string
	TunnelName       string
	VirtualNetworkID string
	Comment          string
}

TunnelRouteResult contains the result of a Tunnel Route operation.

type UnvalidatedIngressRule ¶

type UnvalidatedIngressRule struct {
	Hostname      string `yaml:"hostname,omitempty"`
	Path          string `yaml:"path,omitempty"`
	Service       string
	OriginRequest OriginRequestConfig `yaml:"originRequest,omitempty"`
}

UnvalidatedIngressRule is a cloudflared ingress entry model

type VirtualNetworkParams ¶

type VirtualNetworkParams struct {
	Name             string
	Comment          string
	IsDefaultNetwork bool
}

VirtualNetworkParams contains parameters for creating or updating a Virtual Network.

type VirtualNetworkResult ¶

type VirtualNetworkResult struct {
	ID               string
	Name             string
	Comment          string
	IsDefaultNetwork bool
	DeletedAt        *string
}

VirtualNetworkResult contains the result of a Virtual Network operation.

type WARPConnectorResult ¶

type WARPConnectorResult struct {
	ID          string
	TunnelID    string
	TunnelToken string
	Name        string
}

WARPConnectorResult contains the result of a WARP Connector operation.

type WARPConnectorTokenResult ¶

type WARPConnectorTokenResult struct {
	Token string
}

WARPConnectorTokenResult contains the tunnel token for a WARP connector.

type WarpRoutingConfig ¶

type WarpRoutingConfig struct {
	Enabled bool `yaml:"enabled,omitempty"`
}

WarpRoutingConfig is a cloudflared warp routing model

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mock Package mock is a generated GoMock package.	Package mock is a generated GoMock package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL