cf

package
v0.18.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 10, 2026 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const TXT_PREFIX = "_managed."

TXT_PREFIX is the prefix added to TXT records for whom the corresponding DNS records are managed by the operator.

Variables

View Source 
var (
	// ErrResourceNotFound indicates the requested resource was not found
	ErrResourceNotFound = errors.New("resource not found")

	// ErrResourceConflict indicates the resource is already managed by another K8s object
	ErrResourceConflict = errors.New("resource already managed by another object")

	// ErrMultipleResourcesFound indicates multiple resources matched when only one was expected
	ErrMultipleResourcesFound = errors.New("multiple resources found")

	// ErrAPIRateLimited indicates the API rate limit was exceeded
	ErrAPIRateLimited = errors.New("API rate limit exceeded")

	// ErrTemporaryFailure indicates a temporary failure that should be retried
	ErrTemporaryFailure = errors.New("temporary failure")

	// ErrInvalidConfiguration indicates invalid configuration
	ErrInvalidConfiguration = errors.New("invalid configuration")

	// ErrAuthenticationFailed indicates authentication failed
	ErrAuthenticationFailed = errors.New("authentication failed")

	// ErrPermissionDenied indicates permission was denied
	ErrPermissionDenied = errors.New("permission denied")
)

Error types for Cloudflare API operations

View Source 
var ErrNoCredentials = errors.New("no API credentials provided: either APIToken or (APIKey + Email) required")

ErrNoCredentials is returned when no API credentials are provided.

Functions

func BuildGroupIncludeRule added in v0.18.0 

func BuildGroupIncludeRule(groupID string) map[string]any

BuildGroupIncludeRule constructs an include rule that references an Access Group. This uses the "group" rule type with the group's UUID.

func GetRequeueDelay added in v0.17.3 

func GetRequeueDelay(err error, cfg RetryConfig) time.Duration

GetRequeueDelay calculates the appropriate requeue delay based on error type Uses exponential backoff for temporary errors

func IsAuthError added in v0.17.3 

func IsAuthError(err error) bool

IsAuthError checks if the error indicates an authentication/authorization failure

func IsConflictError added in v0.17.3 

func IsConflictError(err error) bool

IsConflictError checks if the error indicates a resource conflict

func IsNotFoundError added in v0.17.3 

func IsNotFoundError(err error) bool

IsNotFoundError checks if the error indicates a resource was not found

func IsRateLimitError added in v0.17.3 

func IsRateLimitError(err error) bool

IsRateLimitError checks if the error indicates rate limiting

func IsTemporaryError added in v0.17.3 

func IsTemporaryError(err error) bool

IsTemporaryError checks if the error is temporary and should be retried

func ResetDefaultFactory 

func ResetDefaultFactory()

ResetDefaultFactory resets the default ClientFactory to the real implementation.

func SanitizeErrorMessage added in v0.17.3 

func SanitizeErrorMessage(err error) string

SanitizeErrorMessage removes potentially sensitive information from error messages before storing them in Status conditions

func SetDefaultFactory 

func SetDefaultFactory(factory ClientFactory)

SetDefaultFactory sets the default ClientFactory (useful for testing).

func ShouldRetry added in v0.17.3 

func ShouldRetry(err error, retryCount int, maxRetries int) bool

ShouldRetry determines if an operation should be retried based on error type and retry count

func WrapConflict added in v0.17.3 

func WrapConflict(resource string, err error) error

WrapConflict wraps an error as a conflict error

func WrapNotFound added in v0.17.3 

func WrapNotFound(resource string, err error) error

WrapNotFound wraps an error as a not found error

Types

type API 

type API struct {
	Log              logr.Logger
	TunnelName       string
	TunnelId         string
	AccountName      string
	AccountId        string
	Domain           string
	ValidAccountId   string
	ValidTunnelId    string
	ValidTunnelName  string
	ValidZoneId      string
	CloudflareClient *cloudflare.API
}

API config object holding all relevant fields to use the API

func NewAPIClientFromCredentialsRef added in v0.17.0 

func NewAPIClientFromCredentialsRef(ctx context.Context, k8sClient client.Client, ref *networkingv1alpha2.CloudflareCredentialsRef) (*API, error)

NewAPIClientFromCredentialsRef creates a new API client from a CloudflareCredentials reference.

func NewAPIClientFromDefaultCredentials added in v0.17.0 

func NewAPIClientFromDefaultCredentials(ctx context.Context, k8sClient client.Client) (*API, error)

NewAPIClientFromDefaultCredentials creates a new API client using the default CloudflareCredentials.

func NewAPIClientFromDetails 

func NewAPIClientFromDetails(ctx context.Context, k8sClient client.Client, namespace string, details networkingv1alpha2.CloudflareDetails) (*API, error)

NewAPIClientFromDetails creates a new API client from CloudflareDetails. This function supports both the new CloudflareCredentials reference and legacy inline secrets. Priority order:

  1. credentialsRef (if specified) - references a CloudflareCredentials resource
  2. inline secret (if specified) - legacy mode for backwards compatibility
  3. default CloudflareCredentials (if no credentials specified)

func NewAPIClientFromSecret 

func NewAPIClientFromSecret(ctx context.Context, k8sClient client.Client, secretName, namespace string, log logr.Logger) (*API, error)

NewAPIClientFromSecret creates a new API client from a secret reference. This is a legacy function maintained for backwards compatibility.

func (*API) CreateAccessApplication 

func (c *API) CreateAccessApplication(params AccessApplicationParams) (*AccessApplicationResult, error)

CreateAccessApplication creates a new Access Application.

func (*API) CreateAccessGroup 

func (c *API) CreateAccessGroup(params AccessGroupParams) (*AccessGroupResult, error)

CreateAccessGroup creates a new Access Group.

func (*API) CreateAccessIdentityProvider 

func (c *API) CreateAccessIdentityProvider(params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)

CreateAccessIdentityProvider creates a new Access Identity Provider.

func (*API) CreateAccessPolicy added in v0.18.0 

func (c *API) CreateAccessPolicy(params AccessPolicyParams) (*AccessPolicyResult, error)

CreateAccessPolicy creates a new Access Policy for an application.

func (*API) CreateAccessServiceToken 

func (c *API) CreateAccessServiceToken(name string, duration string) (*AccessServiceTokenResult, error)

CreateAccessServiceToken creates a new Access Service Token.

func (*API) CreateDNSRecord 

func (c *API) CreateDNSRecord(params DNSRecordParams) (*DNSRecordResult, error)

CreateDNSRecord creates a new DNS record.

func (*API) CreateDevicePostureRule 

func (c *API) CreateDevicePostureRule(params DevicePostureRuleParams) (*DevicePostureRuleResult, error)

CreateDevicePostureRule creates a new Device Posture Rule.

func (*API) CreateGatewayList 

func (c *API) CreateGatewayList(params GatewayListParams) (*GatewayListResult, error)

CreateGatewayList creates a new Gateway List.

func (*API) CreateGatewayRule 

func (c *API) CreateGatewayRule(params GatewayRuleParams) (*GatewayRuleResult, error)

CreateGatewayRule creates a new Gateway Rule.

func (*API) CreateTunnel 

func (c *API) CreateTunnel() (string, string, error)

CreateTunnel creates a Cloudflare Tunnel and returns the tunnel Id and credentials file

func (*API) CreateTunnelRoute 

func (c *API) CreateTunnelRoute(params TunnelRouteParams) (*TunnelRouteResult, error)

CreateTunnelRoute creates a new Tunnel Route for private network access.

func (*API) CreateVirtualNetwork 

func (c *API) CreateVirtualNetwork(params VirtualNetworkParams) (*VirtualNetworkResult, error)

CreateVirtualNetwork creates a new Virtual Network in Cloudflare.

func (*API) CreateWARPConnector 

func (c *API) CreateWARPConnector(name string) (*WARPConnectorResult, error)

CreateWARPConnector creates a new WARP Connector.

func (*API) DeleteAccessApplication 

func (c *API) DeleteAccessApplication(applicationID string) error

DeleteAccessApplication deletes an Access Application.

func (*API) DeleteAccessGroup 

func (c *API) DeleteAccessGroup(groupID string) error

DeleteAccessGroup deletes an Access Group.

func (*API) DeleteAccessIdentityProvider 

func (c *API) DeleteAccessIdentityProvider(idpID string) error

DeleteAccessIdentityProvider deletes an Access Identity Provider.

func (*API) DeleteAccessPolicy added in v0.18.0 

func (c *API) DeleteAccessPolicy(applicationID, policyID string) error

DeleteAccessPolicy deletes an Access Policy.

func (*API) DeleteAccessServiceToken 

func (c *API) DeleteAccessServiceToken(tokenID string) error

DeleteAccessServiceToken deletes an Access Service Token.

func (*API) DeleteDNSId 

func (c *API) DeleteDNSId(fqdn, dnsId string, created bool) error

DeleteDNSId deletes DNS entry for the given dnsId

func (*API) DeleteDNSRecord 

func (c *API) DeleteDNSRecord(zoneID, recordID string) error

DeleteDNSRecord deletes a DNS record.

func (*API) DeleteDevicePostureRule 

func (c *API) DeleteDevicePostureRule(ruleID string) error

DeleteDevicePostureRule deletes a Device Posture Rule.

func (*API) DeleteGatewayList 

func (c *API) DeleteGatewayList(listID string) error

DeleteGatewayList deletes a Gateway List.

func (*API) DeleteGatewayRule 

func (c *API) DeleteGatewayRule(ruleID string) error

DeleteGatewayRule deletes a Gateway Rule.

func (*API) DeleteTunnel 

func (c *API) DeleteTunnel() error

DeleteTunnel deletes a Cloudflare Tunnel

func (*API) DeleteTunnelRoute 

func (c *API) DeleteTunnelRoute(network, virtualNetworkID string) error

DeleteTunnelRoute deletes a Tunnel Route.

func (*API) DeleteTunnelRoutesByTunnelID added in v0.17.10 

func (c *API) DeleteTunnelRoutesByTunnelID(tunnelID string) (int, error)

DeleteTunnelRoutesByTunnelID deletes all routes associated with a tunnel. Returns the number of routes deleted and any error encountered.

func (*API) DeleteTunnelRoutesByVirtualNetworkID added in v0.17.10 

func (c *API) DeleteTunnelRoutesByVirtualNetworkID(virtualNetworkID string) (int, error)

DeleteTunnelRoutesByVirtualNetworkID deletes all routes associated with a virtual network. Returns the number of routes deleted and any error encountered.

func (*API) DeleteVirtualNetwork 

func (c *API) DeleteVirtualNetwork(virtualNetworkID string) error

DeleteVirtualNetwork deletes a Virtual Network.

func (*API) DeleteWARPConnector 

func (c *API) DeleteWARPConnector(connectorID string) error

DeleteWARPConnector deletes a WARP Connector.

func (*API) GetAccessApplication 

func (c *API) GetAccessApplication(applicationID string) (*AccessApplicationResult, error)

GetAccessApplication retrieves an Access Application by ID.

func (*API) GetAccessGroup 

func (c *API) GetAccessGroup(groupID string) (*AccessGroupResult, error)

GetAccessGroup retrieves an Access Group by ID.

func (*API) GetAccessIdentityProvider 

func (c *API) GetAccessIdentityProvider(idpID string) (*AccessIdentityProviderResult, error)

GetAccessIdentityProvider retrieves an Access Identity Provider by ID.

func (*API) GetAccessPolicy added in v0.18.0 

func (c *API) GetAccessPolicy(applicationID, policyID string) (*AccessPolicyResult, error)

GetAccessPolicy retrieves an Access Policy by ID.

func (*API) GetAccessServiceTokenByName added in v0.17.3 

func (c *API) GetAccessServiceTokenByName(name string) (*AccessServiceTokenResult, error)

GetAccessServiceTokenByName retrieves an Access Service Token by name. Returns nil if no token with the given name is found.

func (*API) GetAccountId 

func (c *API) GetAccountId() (string, error)

GetAccountId gets AccountId from Account Name

func (*API) GetDNSCNameId 

func (c *API) GetDNSCNameId(fqdn string) (string, error)

GetDNSCNameId returns the ID of the CNAME record requested

func (*API) GetDNSRecord 

func (c *API) GetDNSRecord(zoneID, recordID string) (*DNSRecordResult, error)

GetDNSRecord retrieves a DNS record by ID.

func (*API) GetDevicePostureRule 

func (c *API) GetDevicePostureRule(ruleID string) (*DevicePostureRuleResult, error)

GetDevicePostureRule retrieves a Device Posture Rule by ID.

func (*API) GetFallbackDomains 

func (c *API) GetFallbackDomains() ([]FallbackDomainEntry, error)

GetFallbackDomains retrieves the current fallback domains list.

func (*API) GetGatewayList 

func (c *API) GetGatewayList(listID string) (*GatewayListResult, error)

GetGatewayList retrieves a Gateway List by ID.

func (*API) GetGatewayRule 

func (c *API) GetGatewayRule(ruleID string) (*GatewayRuleResult, error)

GetGatewayRule retrieves a Gateway Rule by ID.

func (*API) GetManagedDnsTxt 

func (c *API) GetManagedDnsTxt(fqdn string) (string, DnsManagedRecordTxt, bool, error)

GetManagedDnsTxt gets the TXT record corresponding to the fqdn

func (*API) GetSplitTunnelExclude 

func (c *API) GetSplitTunnelExclude() ([]SplitTunnelEntry, error)

GetSplitTunnelExclude retrieves the current split tunnel exclude list.

func (*API) GetSplitTunnelInclude 

func (c *API) GetSplitTunnelInclude() ([]SplitTunnelEntry, error)

GetSplitTunnelInclude retrieves the current split tunnel include list.

func (*API) GetTunnelCreds 

func (c *API) GetTunnelCreds(tunnelSecret string) (string, error)

GetTunnelCreds gets Tunnel Credentials from Tunnel secret

func (*API) GetTunnelId 

func (c *API) GetTunnelId() (string, error)

GetTunnelId gets Tunnel Id from available information

func (*API) GetTunnelRoute 

func (c *API) GetTunnelRoute(network, virtualNetworkID string) (*TunnelRouteResult, error)

GetTunnelRoute retrieves a Tunnel Route by network CIDR and virtual network ID.

func (*API) GetVirtualNetwork 

func (c *API) GetVirtualNetwork(virtualNetworkID string) (*VirtualNetworkResult, error)

GetVirtualNetwork retrieves a Virtual Network by ID.

func (*API) GetVirtualNetworkByName 

func (c *API) GetVirtualNetworkByName(name string) (*VirtualNetworkResult, error)

GetVirtualNetworkByName retrieves a Virtual Network by name.

func (*API) GetWARPConnectorToken 

func (c *API) GetWARPConnectorToken(connectorID string) (*WARPConnectorTokenResult, error)

GetWARPConnectorToken retrieves the tunnel token for a WARP connector.

func (*API) GetZoneId 

func (c *API) GetZoneId() (string, error)

GetZoneId gets Zone Id from DNS domain

func (*API) InsertOrUpdateCName 

func (c *API) InsertOrUpdateCName(fqdn, dnsId string) (string, error)

InsertOrUpdateCName upsert DNS CNAME record for the given FQDN to point to the tunnel

func (*API) InsertOrUpdateTXT 

func (c *API) InsertOrUpdateTXT(fqdn, txtId, dnsId string) error

InsertOrUpdateTXT upsert DNS TXT record for the given FQDN to point to the tunnel

func (*API) ListAccessApplicationsByName 

func (c *API) ListAccessApplicationsByName(name string) (*AccessApplicationResult, error)

ListAccessApplicationsByName finds an Access Application by name.

func (*API) ListAccessGroupsByName added in v0.17.3 

func (c *API) ListAccessGroupsByName(name string) (*AccessGroupResult, error)

ListAccessGroupsByName finds an Access Group by name. Returns nil if no group with the given name is found.

func (*API) ListAccessIdentityProvidersByName added in v0.17.3 

func (c *API) ListAccessIdentityProvidersByName(name string) (*AccessIdentityProviderResult, error)

ListAccessIdentityProvidersByName finds an Access Identity Provider by name. Returns nil if no provider with the given name is found.

func (*API) ListAccessPolicies added in v0.18.0 

func (c *API) ListAccessPolicies(applicationID string) ([]AccessPolicyResult, error)

ListAccessPolicies lists all Access Policies for an application.

func (*API) ListDevicePostureRulesByName added in v0.17.3 

func (c *API) ListDevicePostureRulesByName(name string) (*DevicePostureRuleResult, error)

ListDevicePostureRulesByName finds a Device Posture Rule by name. Returns nil if no rule with the given name is found.

func (*API) ListGatewayListsByName 

func (c *API) ListGatewayListsByName(name string) (*GatewayListResult, error)

ListGatewayListsByName finds a Gateway List by name. Returns nil if no list with the given name is found.

func (*API) ListGatewayRulesByName 

func (c *API) ListGatewayRulesByName(name string) (*GatewayRuleResult, error)

ListGatewayRulesByName finds a Gateway Rule by name. Returns nil if no rule with the given name is found.

func (*API) ListTunnelRoutesByTunnelID added in v0.17.10 

func (c *API) ListTunnelRoutesByTunnelID(tunnelID string) ([]TunnelRouteResult, error)

ListTunnelRoutesByTunnelID lists all Tunnel Routes associated with a specific Tunnel. This is used to clean up routes before deleting a tunnel.

func (*API) ListTunnelRoutesByVirtualNetworkID added in v0.17.10 

func (c *API) ListTunnelRoutesByVirtualNetworkID(virtualNetworkID string) ([]TunnelRouteResult, error)

ListTunnelRoutesByVirtualNetworkID lists all Tunnel Routes associated with a specific Virtual Network. This is used to clean up routes before deleting a virtual network.

func (*API) RefreshAccessServiceToken 

func (c *API) RefreshAccessServiceToken(tokenID string) (*AccessServiceTokenResult, error)

RefreshAccessServiceToken refreshes an Access Service Token, generating a new client secret.

func (*API) UpdateAccessApplication 

func (c *API) UpdateAccessApplication(applicationID string, params AccessApplicationParams) (*AccessApplicationResult, error)

UpdateAccessApplication updates an existing Access Application.

func (*API) UpdateAccessGroup 

func (c *API) UpdateAccessGroup(groupID string, params AccessGroupParams) (*AccessGroupResult, error)

UpdateAccessGroup updates an existing Access Group.

func (*API) UpdateAccessIdentityProvider 

func (c *API) UpdateAccessIdentityProvider(idpID string, params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)

UpdateAccessIdentityProvider updates an existing Access Identity Provider.

func (*API) UpdateAccessPolicy added in v0.18.0 

func (c *API) UpdateAccessPolicy(policyID string, params AccessPolicyParams) (*AccessPolicyResult, error)

UpdateAccessPolicy updates an existing Access Policy.

func (*API) UpdateAccessServiceToken 

func (c *API) UpdateAccessServiceToken(tokenID string, name string, duration string) (*AccessServiceTokenResult, error)

UpdateAccessServiceToken updates an existing Access Service Token.

func (*API) UpdateDNSRecord 

func (c *API) UpdateDNSRecord(zoneID, recordID string, params DNSRecordParams) (*DNSRecordResult, error)

UpdateDNSRecord updates an existing DNS record.

func (*API) UpdateDevicePostureRule 

func (c *API) UpdateDevicePostureRule(ruleID string, params DevicePostureRuleParams) (*DevicePostureRuleResult, error)

UpdateDevicePostureRule updates an existing Device Posture Rule.

func (*API) UpdateFallbackDomains 

func (c *API) UpdateFallbackDomains(entries []FallbackDomainEntry) error

UpdateFallbackDomains updates the fallback domains list.

func (*API) UpdateGatewayConfiguration 

func (c *API) UpdateGatewayConfiguration(params GatewayConfigurationParams) (*GatewayConfigurationResult, error)

UpdateGatewayConfiguration updates the Gateway configuration for an account.

func (*API) UpdateGatewayList 

func (c *API) UpdateGatewayList(listID string, params GatewayListParams) (*GatewayListResult, error)

UpdateGatewayList updates an existing Gateway List.

func (*API) UpdateGatewayRule 

func (c *API) UpdateGatewayRule(ruleID string, params GatewayRuleParams) (*GatewayRuleResult, error)

UpdateGatewayRule updates an existing Gateway Rule.

func (*API) UpdateSplitTunnelExclude 

func (c *API) UpdateSplitTunnelExclude(entries []SplitTunnelEntry) error

UpdateSplitTunnelExclude updates the split tunnel exclude list.

func (*API) UpdateSplitTunnelInclude 

func (c *API) UpdateSplitTunnelInclude(entries []SplitTunnelEntry) error

UpdateSplitTunnelInclude updates the split tunnel include list.

func (*API) UpdateTunnelRoute 

func (c *API) UpdateTunnelRoute(network string, params TunnelRouteParams) (*TunnelRouteResult, error)

UpdateTunnelRoute updates an existing Tunnel Route.

func (*API) UpdateVirtualNetwork 

func (c *API) UpdateVirtualNetwork(virtualNetworkID string, params VirtualNetworkParams) (*VirtualNetworkResult, error)

UpdateVirtualNetwork updates an existing Virtual Network.

func (*API) ValidateAll 

func (c *API) ValidateAll() error

ValidateAll validates the contents of the API struct

type APIError added in v0.17.3 

type APIError struct {
	Operation string
	Resource  string
	Err       error
}

APIError wraps a Cloudflare API error with additional context

func NewAPIError added in v0.17.3 

func NewAPIError(operation, resource string, err error) *APIError

NewAPIError creates a new APIError

func (*APIError) Error added in v0.17.3 

func (e *APIError) Error() string

func (*APIError) Unwrap added in v0.17.3 

func (e *APIError) Unwrap() error

type AccessApplicationParams 

type AccessApplicationParams struct {
	Name                     string
	Domain                   string
	Type                     string // self_hosted, saas, ssh, vnc, app_launcher, warp, biso, bookmark, dash_sso
	SessionDuration          string
	AllowedIdps              []string
	AutoRedirectToIdentity   *bool
	EnableBindingCookie      *bool
	HttpOnlyCookieAttribute  *bool
	SameSiteCookieAttribute  string
	LogoURL                  string
	SkipInterstitial         *bool
	AppLauncherVisible       *bool
	ServiceAuth401Redirect   *bool
	CustomDenyMessage        string
	CustomDenyURL            string
	AllowAuthenticateViaWarp *bool
	Tags                     []string
}

AccessApplicationParams contains parameters for creating/updating an Access Application.

type AccessApplicationResult 

type AccessApplicationResult struct {
	ID                     string
	AUD                    string
	Name                   string
	Domain                 string
	Type                   string
	SessionDuration        string
	AllowedIdps            []string
	AutoRedirectToIdentity bool
}

AccessApplicationResult contains the result of an Access Application operation.

type AccessGroupParams 

type AccessGroupParams struct {
	Name    string
	Include []interface{}
	Exclude []interface{}
	Require []interface{}
}

AccessGroupParams contains parameters for creating/updating an Access Group.

type AccessGroupResult 

type AccessGroupResult struct {
	ID   string
	Name string
}

AccessGroupResult contains the result of an Access Group operation.

type AccessIdentityProviderParams 

type AccessIdentityProviderParams struct {
	Name       string
	Type       string
	Config     cloudflare.AccessIdentityProviderConfiguration
	ScimConfig cloudflare.AccessIdentityProviderScimConfiguration
}

AccessIdentityProviderParams contains parameters for an Access Identity Provider.

type AccessIdentityProviderResult 

type AccessIdentityProviderResult struct {
	ID   string
	Name string
	Type string
}

AccessIdentityProviderResult contains the result of an Access Identity Provider operation.

type AccessPolicyParams added in v0.18.0 

type AccessPolicyParams struct {
	ApplicationID   string  // Required: The Application ID this policy belongs to
	Name            string  // Policy name
	Decision        string  // allow, deny, bypass, non_identity
	Precedence      int     // Order of evaluation (lower = higher priority)
	Include         []any   // Include rules (e.g., group references)
	Exclude         []any   // Exclude rules
	Require         []any   // Require rules
	SessionDuration *string // Optional session duration override
}

AccessPolicyParams contains parameters for creating/updating an Access Policy.

type AccessPolicyResult added in v0.18.0 

type AccessPolicyResult struct {
	ID         string
	Name       string
	Decision   string
	Precedence int
}

AccessPolicyResult contains the result of an Access Policy operation.

type AccessServiceTokenResult 

type AccessServiceTokenResult struct {
	ID           string
	TokenID      string
	Name         string
	ClientID     string
	ClientSecret string
	AccountID    string
	ExpiresAt    string
}

AccessServiceTokenResult contains the result of an Access Service Token operation.

type ActivityLogSettings added in v0.17.5 

type ActivityLogSettings struct {
	Enabled bool
}

ActivityLogSettings for activity logging.

type AntiVirusSettings added in v0.17.5 

type AntiVirusSettings struct {
	EnabledDownloadPhase bool
	EnabledUploadPhase   bool
	FailClosed           bool
	NotificationSettings *NotificationSettings
}

AntiVirusSettings for AV scanning.

type BlockPageSettings added in v0.17.5 

type BlockPageSettings struct {
	Enabled         bool
	FooterText      string
	HeaderText      string
	LogoPath        string
	BackgroundColor string
}

BlockPageSettings for block page customization.

type BodyScanningSettings added in v0.17.5 

type BodyScanningSettings struct {
	InspectionMode string
}

BodyScanningSettings for body scanning.

type BrowserIsolationSettings added in v0.17.5 

type BrowserIsolationSettings struct {
	URLBrowserIsolationEnabled bool
	NonIdentityEnabled         bool
}

BrowserIsolationSettings for browser isolation.

type ClientConfig 

type ClientConfig struct {
	Log         logr.Logger
	APIToken    string
	APIKey      string
	Email       string
	AccountID   string
	AccountName string
	Domain      string
	TunnelID    string
	TunnelName  string
}

ClientConfig contains configuration for creating a CloudflareClient.

type ClientFactory 

type ClientFactory interface {
	// NewClient creates a new CloudflareClient with the given configuration.
	NewClient(config ClientConfig) (CloudflareClient, error)
}

ClientFactory creates CloudflareClient instances. This interface enables dependency injection for testing.

func GetDefaultFactory 

func GetDefaultFactory() ClientFactory

GetDefaultFactory returns the default ClientFactory.

func NewDefaultClientFactory 

func NewDefaultClientFactory() ClientFactory

NewDefaultClientFactory creates a new DefaultClientFactory.

type CloudflareClient 

type CloudflareClient interface {
	// Tunnel operations
	CreateTunnel() (string, string, error)
	DeleteTunnel() error
	ValidateAll() error
	GetAccountId() (string, error)
	GetTunnelId() (string, error)
	GetTunnelCreds(tunnelSecret string) (string, error)
	GetZoneId() (string, error)

	// DNS operations (api.go - CNAME/TXT for tunnels)
	InsertOrUpdateCName(fqdn, dnsID string) (string, error)
	DeleteDNSId(fqdn, dnsID string, created bool) error
	GetDNSCNameId(fqdn string) (string, error)
	GetManagedDnsTxt(fqdn string) (string, DnsManagedRecordTxt, bool, error)
	InsertOrUpdateTXT(fqdn, txtID, dnsID string) error

	// DNS operations (dns.go - Generic DNS records)
	CreateDNSRecord(params DNSRecordParams) (*DNSRecordResult, error)
	GetDNSRecord(zoneID, recordID string) (*DNSRecordResult, error)
	UpdateDNSRecord(zoneID, recordID string, params DNSRecordParams) (*DNSRecordResult, error)
	DeleteDNSRecord(zoneID, recordID string) error

	// Virtual Network operations
	CreateVirtualNetwork(params VirtualNetworkParams) (*VirtualNetworkResult, error)
	GetVirtualNetwork(virtualNetworkID string) (*VirtualNetworkResult, error)
	GetVirtualNetworkByName(name string) (*VirtualNetworkResult, error)
	UpdateVirtualNetwork(virtualNetworkID string, params VirtualNetworkParams) (*VirtualNetworkResult, error)
	DeleteVirtualNetwork(virtualNetworkID string) error

	// Tunnel Route operations
	CreateTunnelRoute(params TunnelRouteParams) (*TunnelRouteResult, error)
	GetTunnelRoute(network, virtualNetworkID string) (*TunnelRouteResult, error)
	UpdateTunnelRoute(network string, params TunnelRouteParams) (*TunnelRouteResult, error)
	DeleteTunnelRoute(network, virtualNetworkID string) error

	// Access Application operations
	CreateAccessApplication(params AccessApplicationParams) (*AccessApplicationResult, error)
	GetAccessApplication(applicationID string) (*AccessApplicationResult, error)
	UpdateAccessApplication(applicationID string, params AccessApplicationParams) (*AccessApplicationResult, error)
	DeleteAccessApplication(applicationID string) error
	ListAccessApplicationsByName(name string) (*AccessApplicationResult, error)

	// Access Policy operations
	CreateAccessPolicy(params AccessPolicyParams) (*AccessPolicyResult, error)
	GetAccessPolicy(applicationID, policyID string) (*AccessPolicyResult, error)
	UpdateAccessPolicy(policyID string, params AccessPolicyParams) (*AccessPolicyResult, error)
	DeleteAccessPolicy(applicationID, policyID string) error
	ListAccessPolicies(applicationID string) ([]AccessPolicyResult, error)

	// Access Group operations
	CreateAccessGroup(params AccessGroupParams) (*AccessGroupResult, error)
	GetAccessGroup(groupID string) (*AccessGroupResult, error)
	UpdateAccessGroup(groupID string, params AccessGroupParams) (*AccessGroupResult, error)
	DeleteAccessGroup(groupID string) error
	ListAccessGroupsByName(name string) (*AccessGroupResult, error)

	// Access Identity Provider operations
	CreateAccessIdentityProvider(params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)
	GetAccessIdentityProvider(idpID string) (*AccessIdentityProviderResult, error)
	UpdateAccessIdentityProvider(idpID string, params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)
	DeleteAccessIdentityProvider(idpID string) error
	ListAccessIdentityProvidersByName(name string) (*AccessIdentityProviderResult, error)

	// Access Service Token operations
	GetAccessServiceTokenByName(name string) (*AccessServiceTokenResult, error)
	CreateAccessServiceToken(name string, duration string) (*AccessServiceTokenResult, error)
	UpdateAccessServiceToken(tokenID string, name string, duration string) (*AccessServiceTokenResult, error)
	RefreshAccessServiceToken(tokenID string) (*AccessServiceTokenResult, error)
	DeleteAccessServiceToken(tokenID string) error

	// Device Posture Rule operations
	CreateDevicePostureRule(params DevicePostureRuleParams) (*DevicePostureRuleResult, error)
	GetDevicePostureRule(ruleID string) (*DevicePostureRuleResult, error)
	UpdateDevicePostureRule(ruleID string, params DevicePostureRuleParams) (*DevicePostureRuleResult, error)
	DeleteDevicePostureRule(ruleID string) error
	ListDevicePostureRulesByName(name string) (*DevicePostureRuleResult, error)

	// Gateway Rule operations
	CreateGatewayRule(params GatewayRuleParams) (*GatewayRuleResult, error)
	GetGatewayRule(ruleID string) (*GatewayRuleResult, error)
	UpdateGatewayRule(ruleID string, params GatewayRuleParams) (*GatewayRuleResult, error)
	DeleteGatewayRule(ruleID string) error
	ListGatewayRulesByName(name string) (*GatewayRuleResult, error)

	// Gateway List operations
	CreateGatewayList(params GatewayListParams) (*GatewayListResult, error)
	GetGatewayList(listID string) (*GatewayListResult, error)
	UpdateGatewayList(listID string, params GatewayListParams) (*GatewayListResult, error)
	DeleteGatewayList(listID string) error
	ListGatewayListsByName(name string) (*GatewayListResult, error)

	// Split Tunnel operations
	GetSplitTunnelExclude() ([]SplitTunnelEntry, error)
	UpdateSplitTunnelExclude(entries []SplitTunnelEntry) error
	GetSplitTunnelInclude() ([]SplitTunnelEntry, error)
	UpdateSplitTunnelInclude(entries []SplitTunnelEntry) error

	// Fallback Domain operations
	GetFallbackDomains() ([]FallbackDomainEntry, error)
	UpdateFallbackDomains(entries []FallbackDomainEntry) error

	// WARP Connector operations
	CreateWARPConnector(name string) (*WARPConnectorResult, error)
	GetWARPConnectorToken(connectorID string) (*WARPConnectorTokenResult, error)
	DeleteWARPConnector(connectorID string) error

	// Gateway Configuration operations
	UpdateGatewayConfiguration(params GatewayConfigurationParams) (*GatewayConfigurationResult, error)
}

CloudflareClient defines the interface for interacting with the Cloudflare API. This interface enables dependency injection and mocking for unit tests. The interface is intentionally large to cover all Cloudflare API operations.

type Configuration 

type Configuration struct {
	TunnelId      string                   `yaml:"tunnel" json:"tunnel"`
	Ingress       []UnvalidatedIngressRule `yaml:"ingress,omitempty" json:"ingress,omitempty"`
	WarpRouting   WarpRoutingConfig        `yaml:"warp-routing,omitempty" json:"warp-routing,omitempty"`
	OriginRequest OriginRequestConfig      `yaml:"originRequest,omitempty" json:"originRequest,omitempty"`
	SourceFile    string                   `yaml:"credentials-file" json:"credentials-file"`
	Metrics       string                   `yaml:"metrics,omitempty" json:"metrics,omitempty"`
	NoAutoUpdate  bool                     `yaml:"no-autoupdate,omitempty" json:"no-autoupdate,omitempty"`
}

Configuration is a cloudflared configuration yaml model https://github.com/cloudflare/cloudflared/blob/master/config/configuration.go Note: Both yaml and json tags are required because sigs.k8s.io/yaml uses json.Marshal internally, which only recognizes json tags.

type CustomCertificateSettings added in v0.17.5 

type CustomCertificateSettings struct {
	Enabled bool
	ID      string
}

CustomCertificateSettings for custom CA.

type DNSRecordParams 

type DNSRecordParams struct {
	Name     string
	Type     string
	Content  string
	TTL      int
	Proxied  bool
	Priority *int
	Comment  string
	Tags     []string
	Data     map[string]interface{}
}

DNSRecordParams contains parameters for creating/updating a DNS record.

type DNSRecordResult 

type DNSRecordResult struct {
	ID      string
	ZoneID  string
	Name    string
	Type    string
	Content string
	TTL     int
	Proxied bool
}

DNSRecordResult contains the result of a DNS record operation.

type DefaultClientFactory 

type DefaultClientFactory struct{}

DefaultClientFactory creates real CloudflareClient instances.

func (*DefaultClientFactory) NewClient 

func (*DefaultClientFactory) NewClient(config ClientConfig) (CloudflareClient, error)

NewClient creates a new CloudflareClient using the real Cloudflare API.

type DevicePostureRuleParams 

type DevicePostureRuleParams struct {
	Name        string
	Type        string
	Description string
	Schedule    string
	Expiration  string
	Match       []map[string]any
	Input       map[string]any
}

DevicePostureRuleParams contains parameters for a Device Posture Rule.

type DevicePostureRuleResult 

type DevicePostureRuleResult struct {
	ID          string
	Name        string
	Type        string
	Description string
	AccountID   string
}

DevicePostureRuleResult contains the result of a Device Posture Rule operation.

type DnsManagedRecordTxt 

type DnsManagedRecordTxt struct {
	DnsId      string // DnsId of the managed record
	TunnelName string // TunnelName of the managed record
	TunnelId   string // TunnelId of the managed record
}

DnsManagedRecordTxt object that represents each managed DNS record in a separate TXT record

type FIPSSettings added in v0.17.5 

type FIPSSettings struct {
	TLS bool
}

FIPSSettings for FIPS compliance.

type FallbackDomainEntry 

type FallbackDomainEntry struct {
	Suffix      string   `json:"suffix"`
	Description string   `json:"description,omitempty"`
	DNSServer   []string `json:"dns_server,omitempty"`
}

FallbackDomainEntry represents a fallback domain configuration entry.

type GatewayConfigurationParams 

type GatewayConfigurationParams struct {
	TLSDecrypt        *TLSDecryptSettings
	ActivityLog       *ActivityLogSettings
	AntiVirus         *AntiVirusSettings
	BlockPage         *BlockPageSettings
	BodyScanning      *BodyScanningSettings
	BrowserIsolation  *BrowserIsolationSettings
	FIPS              *FIPSSettings
	ProtocolDetection *ProtocolDetectionSettings
	CustomCertificate *CustomCertificateSettings
}

GatewayConfigurationParams contains parameters for Gateway Configuration.

type GatewayConfigurationResult 

type GatewayConfigurationResult struct {
	AccountID string
}

GatewayConfigurationResult contains the result of a Gateway Configuration operation.

type GatewayListItem 

type GatewayListItem struct {
	Value       string
	Description string
}

GatewayListItem represents an item in a Gateway List.

type GatewayListParams 

type GatewayListParams struct {
	Name        string
	Description string
	Type        string // SERIAL, URL, DOMAIN, EMAIL, IP
	Items       []string
}

GatewayListParams contains parameters for a Gateway List.

type GatewayListResult 

type GatewayListResult struct {
	ID          string
	Name        string
	Description string
	Type        string
	Count       int
	AccountID   string
}

GatewayListResult contains the result of a Gateway List operation.

type GatewayRuleParams 

type GatewayRuleParams struct {
	Name          string
	Description   string
	Precedence    int
	Enabled       bool
	Action        string
	Filters       []cloudflare.TeamsFilterType
	Traffic       string
	Identity      string
	DevicePosture string
	RuleSettings  map[string]interface{}
}

GatewayRuleParams contains parameters for a Gateway Rule.

type GatewayRuleResult 

type GatewayRuleResult struct {
	ID          string
	Name        string
	Description string
	Precedence  int
	Enabled     bool
	Action      string
}

GatewayRuleResult contains the result of a Gateway Rule operation.

type IngressIPRule 

type IngressIPRule struct {
	Prefix *string `yaml:"prefix,omitempty" json:"prefix,omitempty"`
	Ports  []int   `yaml:"ports,omitempty" json:"ports,omitempty"`
	Allow  bool    `yaml:"allow,omitempty" json:"allow,omitempty"`
}

IngressIPRule is a cloudflared origin ingress IP rule config model

type NotificationSettings added in v0.17.5 

type NotificationSettings struct {
	Enabled    bool
	Message    string
	SupportURL string
}

NotificationSettings for antivirus notifications.

type OriginRequestConfig 

type OriginRequestConfig struct {
	// HTTP proxy timeout for establishing a new connection
	ConnectTimeout *time.Duration `yaml:"connectTimeout,omitempty" json:"connectTimeout,omitempty"`
	// HTTP proxy timeout for completing a TLS handshake
	TLSTimeout *time.Duration `yaml:"tlsTimeout,omitempty" json:"tlsTimeout,omitempty"`
	// HTTP proxy TCP keepalive duration
	TCPKeepAlive *time.Duration `yaml:"tcpKeepAlive,omitempty" json:"tcpKeepAlive,omitempty"`
	// HTTP proxy should disable "happy eyeballs" for IPv4/v6 fallback
	NoHappyEyeballs *bool `yaml:"noHappyEyeballs,omitempty" json:"noHappyEyeballs,omitempty"`
	// HTTP proxy maximum keepalive connection pool size
	KeepAliveConnections *int `yaml:"keepAliveConnections,omitempty" json:"keepAliveConnections,omitempty"`
	// HTTP proxy timeout for closing an idle connection
	KeepAliveTimeout *time.Duration `yaml:"keepAliveTimeout,omitempty" json:"keepAliveTimeout,omitempty"`
	// Sets the HTTP Host header for the local webserver.
	HTTPHostHeader *string `yaml:"httpHostHeader,omitempty" json:"httpHostHeader,omitempty"`
	// Hostname on the origin server certificate.
	OriginServerName *string `yaml:"originServerName,omitempty" json:"originServerName,omitempty"`
	// Path to the CA for the certificate of your origin.
	// This option should be used only if your certificate is not signed by Cloudflare.
	CAPool *string `yaml:"caPool,omitempty" json:"caPool,omitempty"`
	// Disables TLS verification of the certificate presented by your origin.
	// Will allow any certificate from the origin to be accepted.
	// Note: The connection from your machine to Cloudflare's Edge is still encrypted.
	NoTLSVerify *bool `yaml:"noTLSVerify,omitempty" json:"noTLSVerify,omitempty"`
	// Attempt to connect to origin using HTTP2. Origin must be configured as https.
	Http2Origin *bool `yaml:"http2Origin,omitempty" json:"http2Origin,omitempty"`
	// Disables chunked transfer encoding.
	// Useful if you are running a WSGI server.
	DisableChunkedEncoding *bool `yaml:"disableChunkedEncoding,omitempty" json:"disableChunkedEncoding,omitempty"`
	// Runs as jump host
	BastionMode *bool `yaml:"bastionMode,omitempty" json:"bastionMode,omitempty"`
	// Listen address for the proxy.
	ProxyAddress *string `yaml:"proxyAddress,omitempty" json:"proxyAddress,omitempty"`
	// Listen port for the proxy.
	ProxyPort *uint `yaml:"proxyPort,omitempty" json:"proxyPort,omitempty"`
	// Valid options are 'socks' or empty.
	ProxyType *string `yaml:"proxyType,omitempty" json:"proxyType,omitempty"`
	// IP rules for the proxy service
	IPRules []IngressIPRule `yaml:"ipRules,omitempty" json:"ipRules,omitempty"`
}

OriginRequestConfig is a cloudflared origin request configuration model

type ProtocolDetectionSettings added in v0.17.5 

type ProtocolDetectionSettings struct {
	Enabled bool
}

ProtocolDetectionSettings for protocol detection.

type RetryConfig added in v0.17.3 

type RetryConfig struct {
	// BaseDelay is the initial delay before retry
	BaseDelay time.Duration
	// MaxDelay is the maximum delay between retries
	MaxDelay time.Duration
	// MaxRetries is the maximum number of retries (0 = no limit)
	MaxRetries int
	// RetryCount tracks the current retry count (for exponential backoff)
	RetryCount int
}

RetryConfig holds configuration for retry behavior

func DefaultRetryConfig added in v0.17.3 

func DefaultRetryConfig() RetryConfig

DefaultRetryConfig returns a default retry configuration

type SplitTunnelEntry 

type SplitTunnelEntry struct {
	Address     string `json:"address,omitempty"`
	Host        string `json:"host,omitempty"`
	Description string `json:"description,omitempty"`
}

SplitTunnelEntry represents a split tunnel configuration entry.

type TLSDecryptSettings added in v0.17.5 

type TLSDecryptSettings struct {
	Enabled bool
}

TLSDecryptSettings for TLS decryption.

type TunnelCredentialsFile 

type TunnelCredentialsFile struct {
	AccountTag   string `json:"AccountTag"`
	TunnelID     string `json:"TunnelID"`
	TunnelName   string `json:"TunnelName"`
	TunnelSecret string `json:"TunnelSecret"`
}

TunnelCredentialsFile object containing the fields that make up a Cloudflare Tunnel's credentials

type TunnelRouteParams 

type TunnelRouteParams struct {
	Network          string // CIDR notation
	TunnelID         string
	VirtualNetworkID string
	Comment          string
}

TunnelRouteParams contains parameters for creating a Tunnel Route.

type TunnelRouteResult 

type TunnelRouteResult struct {
	Network          string
	TunnelID         string
	TunnelName       string
	VirtualNetworkID string
	Comment          string
}

TunnelRouteResult contains the result of a Tunnel Route operation.

type UnvalidatedIngressRule 

type UnvalidatedIngressRule struct {
	Hostname      string              `yaml:"hostname,omitempty" json:"hostname,omitempty"`
	Path          string              `yaml:"path,omitempty" json:"path,omitempty"`
	Service       string              `yaml:"service" json:"service"`
	OriginRequest OriginRequestConfig `yaml:"originRequest,omitempty" json:"originRequest,omitempty"`
}

UnvalidatedIngressRule is a cloudflared ingress entry model

type VirtualNetworkParams 

type VirtualNetworkParams struct {
	Name             string
	Comment          string
	IsDefaultNetwork bool
}

VirtualNetworkParams contains parameters for creating or updating a Virtual Network.

type VirtualNetworkResult 

type VirtualNetworkResult struct {
	ID               string
	Name             string
	Comment          string
	IsDefaultNetwork bool
	DeletedAt        *string
}

VirtualNetworkResult contains the result of a Virtual Network operation.

type WARPConnectorResult 

type WARPConnectorResult struct {
	ID          string
	TunnelID    string
	TunnelToken string
	Name        string
}

WARPConnectorResult contains the result of a WARP Connector operation.

type WARPConnectorTokenResult 

type WARPConnectorTokenResult struct {
	Token string
}

WARPConnectorTokenResult contains the tunnel token for a WARP connector.

type WarpRoutingConfig 

type WarpRoutingConfig struct {
	Enabled bool `yaml:"enabled,omitempty" json:"enabled,omitempty"`
}

WarpRoutingConfig is a cloudflared warp routing model

Source Files

View all Source files

Directories

Path Synopsis
Package mock is a generated GoMock package.
 Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.