cf

package
v0.23.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 18, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DNSRecordTypeA     = "A"
	DNSRecordTypeAAAA  = "AAAA"
	DNSRecordTypeCNAME = "CNAME"
)

DNS record type constants.

View Source 
const CloudflareAPIBaseURLEnv = "CLOUDFLARE_API_BASE_URL"

CloudflareAPIBaseURLEnv is the environment variable name for custom Cloudflare API base URL. This is primarily used for E2E testing with a mock server.

View Source 
const TXT_PREFIX = "_managed."

TXT_PREFIX is the prefix added to TXT records for whom the corresponding DNS records are managed by the operator.

Variables

View Source 
var (
	// ErrResourceNotFound indicates the requested resource was not found
	ErrResourceNotFound = errors.New("resource not found")

	// ErrResourceConflict indicates the resource is already managed by another K8s object
	ErrResourceConflict = errors.New("resource already managed by another object")

	// ErrMultipleResourcesFound indicates multiple resources matched when only one was expected
	ErrMultipleResourcesFound = errors.New("multiple resources found")

	// ErrAPIRateLimited indicates the API rate limit was exceeded
	ErrAPIRateLimited = errors.New("API rate limit exceeded")

	// ErrTemporaryFailure indicates a temporary failure that should be retried
	ErrTemporaryFailure = errors.New("temporary failure")

	// ErrInvalidConfiguration indicates invalid configuration
	ErrInvalidConfiguration = errors.New("invalid configuration")

	// ErrAuthenticationFailed indicates authentication failed
	ErrAuthenticationFailed = errors.New("authentication failed")

	// ErrPermissionDenied indicates permission was denied
	ErrPermissionDenied = errors.New("permission denied")

	// ErrInvalidTunnelID indicates tunnel ID is missing or invalid
	ErrInvalidTunnelID = errors.New("invalid or missing tunnel ID")

	// ErrInvalidZoneID indicates zone ID is missing or invalid
	ErrInvalidZoneID = errors.New("invalid or missing zone ID")
)

Error types for Cloudflare API operations

View Source 
var ErrNoCredentials = errors.New("no API credentials provided: either APIToken or (APIKey + Email) required")

ErrNoCredentials is returned when no API credentials are provided.

Functions

func BoolToOnOff added in v0.20.0 

func BoolToOnOff(b *bool) string

BoolToOnOff converts a bool pointer to "on"/"off" string

func ConvertLocalRulesToSDK added in v0.21.7 

func ConvertLocalRulesToSDK(localRules []UnvalidatedIngressRule) []cloudflare.UnvalidatedIngressRule

ConvertLocalRulesToSDK converts local UnvalidatedIngressRule to cloudflare-go SDK types. This is necessary because: - Local types use time.Duration for timeouts - SDK types use cloudflare.TunnelDuration - Local OriginRequestConfig is a value, SDK uses a pointer

func ConvertRulesToSDK added in v0.21.1 

func ConvertRulesToSDK(rules []AccessGroupRuleParams) []interface{}

ConvertRulesToSDK converts typed rules to SDK-compatible format.

func GetAPIBaseURL added in v0.23.1 

func GetAPIBaseURL() string

GetAPIBaseURL returns the custom API base URL from environment variable, or empty string for default.

func GetRequeueDelay added in v0.17.3 

func GetRequeueDelay(err error, cfg RetryConfig) time.Duration

GetRequeueDelay calculates the appropriate requeue delay based on error type Uses exponential backoff for temporary errors

func IsAccessApplicationRecoverableError added in v0.22.1 

func IsAccessApplicationRecoverableError(err error) bool

IsAccessApplicationRecoverableError checks if an Access Application error is recoverable through retry. Domain not in destinations errors are recoverable because the Ingress controller may not have synced the tunnel configuration yet.

func IsAuthError added in v0.17.3 

func IsAuthError(err error) bool

IsAuthError checks if the error indicates an authentication/authorization failure

func IsConflictError added in v0.17.3 

func IsConflictError(err error) bool

IsConflictError checks if the error indicates a resource conflict

func IsDomainNotInDestinationsError added in v0.22.1 

func IsDomainNotInDestinationsError(err error) bool

IsDomainNotInDestinationsError checks if the error indicates the domain is not included in tunnel destinations. This error (code 12130) occurs when trying to create an AccessApplication for a domain that hasn't been synced to the tunnel yet. This is typically a temporary condition that resolves when the Ingress controller syncs the tunnel configuration.

func IsNotFoundError added in v0.17.3 

func IsNotFoundError(err error) bool

IsNotFoundError checks if the error indicates a resource was not found

func IsRateLimitError added in v0.17.3 

func IsRateLimitError(err error) bool

IsRateLimitError checks if the error indicates rate limiting

func IsTemporaryError added in v0.17.3 

func IsTemporaryError(err error) bool

IsTemporaryError checks if the error is temporary and should be retried

func IsUnknownApplicationError added in v0.22.1 

func IsUnknownApplicationError(err error) bool

IsUnknownApplicationError checks if the error indicates the application ID stored in status no longer exists in Cloudflare. This can happen if the application was deleted manually from Cloudflare dashboard.

func OnOffToBool added in v0.20.0 

func OnOffToBool(s string) bool

OnOffToBool converts "on"/"off" string to bool

func ResetDefaultFactory 

func ResetDefaultFactory()

ResetDefaultFactory resets the default ClientFactory to the real implementation.

func SanitizeErrorMessage added in v0.17.3 

func SanitizeErrorMessage(err error) string

SanitizeErrorMessage removes potentially sensitive information from error messages before storing them in Status conditions

func SetDefaultFactory 

func SetDefaultFactory(factory ClientFactory)

SetDefaultFactory sets the default ClientFactory (useful for testing).

func ShouldRetry added in v0.17.3 

func ShouldRetry(err error, retryCount int, maxRetries int) bool

ShouldRetry determines if an operation should be retried based on error type and retry count

func WrapConflict added in v0.17.3 

func WrapConflict(resource string, err error) error

WrapConflict wraps an error as a conflict error

func WrapNotFound added in v0.17.3 

func WrapNotFound(resource string, err error) error

WrapNotFound wraps an error as a not found error

Types

type API 

type API struct {
	Log              logr.Logger
	TunnelName       string
	TunnelId         string
	AccountName      string
	AccountId        string
	Domain           string
	ValidAccountId   string
	ValidTunnelId    string
	ValidTunnelName  string
	ValidZoneId      string
	ValidDomainName  string // Domain name corresponding to ValidZoneId
	CloudflareClient *cloudflare.API
}

API config object holding all relevant fields to use the API

func NewAPIClientFromCredentialsRef added in v0.17.0 

func NewAPIClientFromCredentialsRef(ctx context.Context, k8sClient client.Client, ref *networkingv1alpha2.CloudflareCredentialsRef) (*API, error)

NewAPIClientFromCredentialsRef creates a new API client from a CloudflareCredentials reference.

func NewAPIClientFromDefaultCredentials added in v0.17.0 

func NewAPIClientFromDefaultCredentials(ctx context.Context, k8sClient client.Client) (*API, error)

NewAPIClientFromDefaultCredentials creates a new API client using the default CloudflareCredentials.

func NewAPIClientFromDetails 

func NewAPIClientFromDetails(ctx context.Context, k8sClient client.Client, namespace string, details networkingv1alpha2.CloudflareDetails) (*API, error)

NewAPIClientFromDetails creates a new API client from CloudflareDetails. This function supports both the new CloudflareCredentials reference and legacy inline secrets. Priority order:

  1. credentialsRef (if specified) - references a CloudflareCredentials resource
  2. inline secret (if specified) - legacy mode for backwards compatibility
  3. default CloudflareCredentials (if no credentials specified)

func NewAPIClientFromSecret 

func NewAPIClientFromSecret(ctx context.Context, k8sClient client.Client, secretName, namespace string, log logr.Logger) (*API, error)

NewAPIClientFromSecret creates a new API client from a secret reference. This is a legacy function maintained for backwards compatibility. If CLOUDFLARE_API_BASE_URL environment variable is set, it uses that as the API base URL.

func (*API) AttachR2CustomDomain added in v0.20.0 

func (api *API) AttachR2CustomDomain(
	ctx context.Context, bucketName string, params R2CustomDomainParams,
) (*R2CustomDomain, error)

AttachR2CustomDomain attaches a custom domain to an R2 bucket

func (*API) CancelRegistrarTransfer added in v0.20.0 

func (api *API) CancelRegistrarTransfer(ctx context.Context, domainName string) error

CancelRegistrarTransfer cancels a pending domain transfer

func (*API) CreateAccessApplication 

func (c *API) CreateAccessApplication(params AccessApplicationParams) (*AccessApplicationResult, error)

CreateAccessApplication creates a new Access Application.

func (*API) CreateAccessGroup 

func (c *API) CreateAccessGroup(params AccessGroupParams) (*AccessGroupResult, error)

CreateAccessGroup creates a new Access Group.

func (*API) CreateAccessIdentityProvider 

func (c *API) CreateAccessIdentityProvider(params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)

CreateAccessIdentityProvider creates a new Access Identity Provider.

func (*API) CreateAccessPolicy added in v0.18.0 

func (c *API) CreateAccessPolicy(params AccessPolicyParams) (*AccessPolicyResult, error)

CreateAccessPolicy creates a new Access Policy for an application.

func (*API) CreateAccessServiceToken 

func (c *API) CreateAccessServiceToken(name string, duration string) (*AccessServiceTokenResult, error)

CreateAccessServiceToken creates a new Access Service Token.

func (*API) CreateDNSRecord 

func (c *API) CreateDNSRecord(params DNSRecordParams) (*DNSRecordResult, error)

CreateDNSRecord creates a new DNS record.

func (*API) CreateDNSRecordInZone added in v0.19.0 

func (c *API) CreateDNSRecordInZone(zoneID string, params DNSRecordParams) (*DNSRecordResult, error)

CreateDNSRecordInZone creates a new DNS record in the specified zone.

func (*API) CreateDevicePostureRule 

func (c *API) CreateDevicePostureRule(params DevicePostureRuleParams) (*DevicePostureRuleResult, error)

CreateDevicePostureRule creates a new Device Posture Rule.

func (*API) CreateGatewayList 

func (c *API) CreateGatewayList(params GatewayListParams) (*GatewayListResult, error)

CreateGatewayList creates a new Gateway List.

func (*API) CreateGatewayRule 

func (c *API) CreateGatewayRule(params GatewayRuleParams) (*GatewayRuleResult, error)

CreateGatewayRule creates a new Gateway Rule.

func (*API) CreateOriginCACertificate added in v0.20.0 

func (api *API) CreateOriginCACertificate(ctx context.Context, params OriginCACertificateParams) (*OriginCACertificateResult, error)

CreateOriginCACertificate creates a new Origin CA certificate

func (*API) CreateR2Bucket added in v0.20.0 

func (api *API) CreateR2Bucket(ctx context.Context, params R2BucketParams) (*R2BucketResult, error)

CreateR2Bucket creates a new R2 bucket

func (*API) CreateTunnel 

func (c *API) CreateTunnel() (string, string, error)

CreateTunnel creates a Cloudflare Tunnel and returns the tunnel Id and credentials file

func (*API) CreateTunnelRoute 

func (c *API) CreateTunnelRoute(params TunnelRouteParams) (*TunnelRouteResult, error)

CreateTunnelRoute creates a new Tunnel Route for private network access.

func (*API) CreateVirtualNetwork 

func (c *API) CreateVirtualNetwork(params VirtualNetworkParams) (*VirtualNetworkResult, error)

CreateVirtualNetwork creates a new Virtual Network in Cloudflare.

func (*API) CreateWARPConnector 

func (c *API) CreateWARPConnector(name string) (*WARPConnectorResult, error)

CreateWARPConnector creates a new WARP Connector.

func (*API) DeleteAccessApplication 

func (c *API) DeleteAccessApplication(applicationID string) error

DeleteAccessApplication deletes an Access Application. This method is idempotent - returns nil if the application is already deleted.

func (*API) DeleteAccessGroup 

func (c *API) DeleteAccessGroup(groupID string) error

DeleteAccessGroup deletes an Access Group. This method is idempotent - returns nil if the group is already deleted.

func (*API) DeleteAccessIdentityProvider 

func (c *API) DeleteAccessIdentityProvider(idpID string) error

DeleteAccessIdentityProvider deletes an Access Identity Provider. This method is idempotent - returns nil if the identity provider is already deleted.

func (*API) DeleteAccessPolicy added in v0.18.0 

func (c *API) DeleteAccessPolicy(applicationID, policyID string) error

DeleteAccessPolicy deletes an Access Policy. This method is idempotent - returns nil if the policy is already deleted.

func (*API) DeleteAccessServiceToken 

func (c *API) DeleteAccessServiceToken(tokenID string) error

DeleteAccessServiceToken deletes an Access Service Token. This method is idempotent - returns nil if the service token is already deleted.

func (*API) DeleteDNSId 

func (c *API) DeleteDNSId(fqdn, dnsId string, created bool) error

DeleteDNSId deletes DNS entry for the given dnsId. This method is idempotent - returns nil if the record is already deleted.

func (*API) DeleteDNSRecord 

func (c *API) DeleteDNSRecord(zoneID, recordID string) error

DeleteDNSRecord deletes a DNS record. This method is idempotent - returns nil if the record is already deleted.

func (*API) DeleteDNSRecordInZone added in v0.19.0 

func (c *API) DeleteDNSRecordInZone(zoneID, recordID string) error

DeleteDNSRecordInZone deletes a DNS record in the specified zone. This method is idempotent - returns nil if the record is already deleted.

func (*API) DeleteDevicePostureRule 

func (c *API) DeleteDevicePostureRule(ruleID string) error

DeleteDevicePostureRule deletes a Device Posture Rule. This method is idempotent - returns nil if the rule is already deleted.

func (*API) DeleteGatewayList 

func (c *API) DeleteGatewayList(listID string) error

DeleteGatewayList deletes a Gateway List. This method is idempotent - returns nil if the list is already deleted.

func (*API) DeleteGatewayRule 

func (c *API) DeleteGatewayRule(ruleID string) error

DeleteGatewayRule deletes a Gateway Rule. This method is idempotent - returns nil if the rule is already deleted.

func (*API) DeleteR2Bucket added in v0.20.0 

func (api *API) DeleteR2Bucket(ctx context.Context, bucketName string) error

DeleteR2Bucket deletes an R2 bucket. This method is idempotent - returns nil if the bucket is already deleted.

func (*API) DeleteR2CORS added in v0.20.0 

func (api *API) DeleteR2CORS(ctx context.Context, bucketName string) error

DeleteR2CORS deletes the CORS configuration for an R2 bucket. This method is idempotent - returns nil if the CORS config is already deleted.

func (*API) DeleteR2CustomDomain added in v0.20.0 

func (api *API) DeleteR2CustomDomain(ctx context.Context, bucketName, domain string) error

DeleteR2CustomDomain removes a custom domain from an R2 bucket. This method is idempotent - returns nil if the custom domain is already deleted.

func (*API) DeleteR2Lifecycle added in v0.20.0 

func (api *API) DeleteR2Lifecycle(ctx context.Context, bucketName string) error

DeleteR2Lifecycle deletes the lifecycle rules for an R2 bucket. This method is idempotent - returns nil if the lifecycle rules are already deleted.

func (*API) DeleteR2Notification added in v0.20.0 

func (api *API) DeleteR2Notification(ctx context.Context, bucketName, queueID string) error

DeleteR2Notification deletes notification rules for an R2 bucket and queue. This method is idempotent - returns nil if the notification rules are already deleted.

func (*API) DeleteRuleset added in v0.20.0 

func (api *API) DeleteRuleset(ctx context.Context, zoneID, rulesetID string) error

DeleteRuleset deletes a ruleset. This method is idempotent - returns nil if the ruleset is already deleted.

func (*API) DeleteTunnel 

func (c *API) DeleteTunnel() error

DeleteTunnel deletes a Cloudflare Tunnel. This method is idempotent - returns nil if the tunnel is already deleted.

func (*API) DeleteTunnelRoute 

func (c *API) DeleteTunnelRoute(network, virtualNetworkID string) error

DeleteTunnelRoute deletes a Tunnel Route. This method is idempotent - returns nil if the route is already deleted.

func (*API) DeleteTunnelRoutesByTunnelID added in v0.17.10 

func (c *API) DeleteTunnelRoutesByTunnelID(tunnelID string) (int, error)

DeleteTunnelRoutesByTunnelID deletes all routes associated with a tunnel. Returns the number of routes deleted and any error encountered.

func (*API) DeleteTunnelRoutesByVirtualNetworkID added in v0.17.10 

func (c *API) DeleteTunnelRoutesByVirtualNetworkID(virtualNetworkID string) (int, error)

DeleteTunnelRoutesByVirtualNetworkID deletes all routes associated with a virtual network. Returns the number of routes deleted and any error encountered.

func (*API) DeleteVirtualNetwork 

func (c *API) DeleteVirtualNetwork(virtualNetworkID string) error

DeleteVirtualNetwork deletes a Virtual Network. This method is idempotent - returns nil if the virtual network is already deleted.

func (*API) DeleteWARPConnector 

func (c *API) DeleteWARPConnector(connectorID string) error

DeleteWARPConnector deletes a WARP Connector. This method is idempotent - returns nil if the connector is already deleted.

func (*API) EnableR2PublicAccess added in v0.20.0 

func (api *API) EnableR2PublicAccess(ctx context.Context, bucketName string, enabled bool) error

EnableR2PublicAccess enables public access for an R2 bucket via managed domain

func (*API) GetAccessApplication 

func (c *API) GetAccessApplication(applicationID string) (*AccessApplicationResult, error)

GetAccessApplication retrieves an Access Application by ID.

func (*API) GetAccessGroup 

func (c *API) GetAccessGroup(groupID string) (*AccessGroupResult, error)

GetAccessGroup retrieves an Access Group by ID.

func (*API) GetAccessIdentityProvider 

func (c *API) GetAccessIdentityProvider(idpID string) (*AccessIdentityProviderResult, error)

GetAccessIdentityProvider retrieves an Access Identity Provider by ID.

func (*API) GetAccessPolicy added in v0.18.0 

func (c *API) GetAccessPolicy(applicationID, policyID string) (*AccessPolicyResult, error)

GetAccessPolicy retrieves an Access Policy by ID.

func (*API) GetAccessServiceTokenByName added in v0.17.3 

func (c *API) GetAccessServiceTokenByName(name string) (*AccessServiceTokenResult, error)

GetAccessServiceTokenByName retrieves an Access Service Token by name. Returns nil if no token with the given name is found.

func (*API) GetAccountId 

func (c *API) GetAccountId() (string, error)

GetAccountId gets AccountId from Account Name

func (*API) GetDNSCNameIDInZone added in v0.23.1 

func (c *API) GetDNSCNameIDInZone(zoneID, fqdn string) (string, error)

GetDNSCNameIDInZone returns the ID of the CNAME record for the given fqdn in the specified zone. Returns empty string and nil error if the record does not exist (this is not an error condition). Returns empty string and error if there was an actual API error or multiple records found.

func (*API) GetDNSCNameId 

func (c *API) GetDNSCNameId(fqdn string) (string, error)

GetDNSCNameId returns the ID of the CNAME record requested. Returns empty string and nil error if the record does not exist (this is not an error condition). Returns empty string and error if there was an actual API error or multiple records found.

func (*API) GetDNSRecord 

func (c *API) GetDNSRecord(zoneID, recordID string) (*DNSRecordResult, error)

GetDNSRecord retrieves a DNS record by ID.

func (*API) GetDNSRecordIDInZone added in v0.23.1 

func (c *API) GetDNSRecordIDInZone(zoneID, fqdn, recordType string) (string, error)

GetDNSRecordIDInZone returns the ID of a DNS record of the given type for the fqdn in the specified zone. Returns empty string and nil error if the record does not exist.

func (*API) GetDevicePostureRule 

func (c *API) GetDevicePostureRule(ruleID string) (*DevicePostureRuleResult, error)

GetDevicePostureRule retrieves a Device Posture Rule by ID.

func (*API) GetEntrypointRuleset added in v0.20.0 

func (api *API) GetEntrypointRuleset(ctx context.Context, zoneID, phase string) (*RulesetResult, error)

GetEntrypointRuleset gets the entrypoint ruleset for a zone and phase

func (*API) GetFallbackDomains 

func (c *API) GetFallbackDomains() ([]FallbackDomainEntry, error)

GetFallbackDomains retrieves the current fallback domains list.

func (*API) GetGatewayList 

func (c *API) GetGatewayList(listID string) (*GatewayListResult, error)

GetGatewayList retrieves a Gateway List by ID.

func (*API) GetGatewayRule 

func (c *API) GetGatewayRule(ruleID string) (*GatewayRuleResult, error)

GetGatewayRule retrieves a Gateway Rule by ID.

func (*API) GetManagedDnsTxt 

func (c *API) GetManagedDnsTxt(fqdn string) (string, DnsManagedRecordTxt, bool, error)

GetManagedDnsTxt gets the TXT record corresponding to the fqdn

func (*API) GetOriginCACertificate added in v0.20.0 

func (api *API) GetOriginCACertificate(ctx context.Context, certificateID string) (*OriginCACertificateResult, error)

GetOriginCACertificate retrieves an Origin CA certificate by ID

func (*API) GetQueueID added in v0.20.0 

func (api *API) GetQueueID(ctx context.Context, queueName string) (string, error)

GetQueueID retrieves the queue ID for a given queue name

func (*API) GetR2Bucket added in v0.20.0 

func (api *API) GetR2Bucket(ctx context.Context, bucketName string) (*R2BucketResult, error)

GetR2Bucket retrieves an R2 bucket by name

func (*API) GetR2CORS added in v0.20.0 

func (api *API) GetR2CORS(ctx context.Context, bucketName string) ([]R2CORSRule, error)

GetR2CORS retrieves the CORS configuration for an R2 bucket

func (*API) GetR2CustomDomain added in v0.20.0 

func (api *API) GetR2CustomDomain(
	ctx context.Context, bucketName, domain string,
) (*R2CustomDomain, error)

GetR2CustomDomain retrieves a custom domain configuration for an R2 bucket

func (*API) GetR2Lifecycle added in v0.20.0 

func (api *API) GetR2Lifecycle(ctx context.Context, bucketName string) ([]R2LifecycleRule, error)

GetR2Lifecycle retrieves the lifecycle rules for an R2 bucket

func (*API) GetR2Notifications added in v0.20.0 

func (api *API) GetR2Notifications(
	ctx context.Context, bucketName string,
) ([]R2NotificationRule, error)

GetR2Notifications retrieves the notification rules for an R2 bucket

func (*API) GetRegistrarDomain added in v0.20.0 

func (api *API) GetRegistrarDomain(ctx context.Context, domainName string) (*RegistrarDomainInfo, error)

GetRegistrarDomain retrieves information about a registered domain

func (*API) GetRuleset added in v0.20.0 

func (api *API) GetRuleset(ctx context.Context, zoneID, rulesetID string) (*RulesetResult, error)

GetRuleset gets a ruleset by ID

func (*API) GetSplitTunnelExclude 

func (c *API) GetSplitTunnelExclude() ([]SplitTunnelEntry, error)

GetSplitTunnelExclude retrieves the current split tunnel exclude list.

func (*API) GetSplitTunnelInclude 

func (c *API) GetSplitTunnelInclude() ([]SplitTunnelEntry, error)

GetSplitTunnelInclude retrieves the current split tunnel include list.

func (*API) GetTunnelConfiguration added in v0.21.7 

func (c *API) GetTunnelConfiguration(tunnelID string) (*cloudflare.TunnelConfigurationResult, error)

GetTunnelConfiguration retrieves the Tunnel configuration from Cloudflare API. This returns the remotely-managed tunnel configuration including public hostnames.

func (*API) GetTunnelCreds 

func (c *API) GetTunnelCreds(tunnelSecret string) (string, error)

GetTunnelCreds gets Tunnel Credentials from Tunnel secret

func (*API) GetTunnelId 

func (c *API) GetTunnelId() (string, error)

GetTunnelId gets Tunnel Id from available information

func (*API) GetTunnelRoute 

func (c *API) GetTunnelRoute(network, virtualNetworkID string) (*TunnelRouteResult, error)

GetTunnelRoute retrieves a Tunnel Route by network CIDR and virtual network ID.

func (*API) GetTunnelToken added in v0.22.0 

func (c *API) GetTunnelToken(tunnelID string) (string, error)

GetTunnelToken retrieves the token for a tunnel from Cloudflare API. The token is used to start cloudflared in remotely-managed mode with --token flag. This allows cloudflared to automatically pull configuration from Cloudflare cloud.

func (*API) GetVirtualNetwork 

func (c *API) GetVirtualNetwork(virtualNetworkID string) (*VirtualNetworkResult, error)

GetVirtualNetwork retrieves a Virtual Network by ID.

func (*API) GetVirtualNetworkByName 

func (c *API) GetVirtualNetworkByName(name string) (*VirtualNetworkResult, error)

GetVirtualNetworkByName retrieves a Virtual Network by name.

func (*API) GetWARPConnectorToken 

func (c *API) GetWARPConnectorToken(connectorID string) (*WARPConnectorTokenResult, error)

GetWARPConnectorToken retrieves the tunnel token for a WARP connector.

func (*API) GetZoneId 

func (c *API) GetZoneId() (string, error)

GetZoneId gets Zone Id from DNS domain

func (*API) GetZoneSettings added in v0.20.0 

func (api *API) GetZoneSettings(ctx context.Context, zoneID string) (*ZoneSettings, error)

GetZoneSettings retrieves all zone settings

func (*API) InitiateRegistrarTransfer added in v0.20.0 

func (api *API) InitiateRegistrarTransfer(ctx context.Context, domainName string) error

InitiateRegistrarTransfer initiates a domain transfer to Cloudflare

func (*API) InsertOrUpdateCName 

func (c *API) InsertOrUpdateCName(fqdn, dnsId string) (string, error)

InsertOrUpdateCName upsert DNS CNAME record for the given FQDN to point to the tunnel

func (*API) InsertOrUpdateCNameInZone added in v0.19.0 

func (c *API) InsertOrUpdateCNameInZone(zoneID, fqdn, dnsID, tunnelID string, proxied bool) (string, error)

InsertOrUpdateCNameInZone upserts DNS CNAME record for the given FQDN to point to the tunnel in the specified zone. If tunnelID is empty, it uses c.ValidTunnelId.

func (*API) InsertOrUpdateTXT 

func (c *API) InsertOrUpdateTXT(fqdn, txtId, dnsId string) error

InsertOrUpdateTXT upsert DNS TXT record for the given FQDN to point to the tunnel

func (*API) ListAccessApplicationsByName 

func (c *API) ListAccessApplicationsByName(name string) (*AccessApplicationResult, error)

ListAccessApplicationsByName finds an Access Application by name.

func (*API) ListAccessGroupsByName added in v0.17.3 

func (c *API) ListAccessGroupsByName(name string) (*AccessGroupResult, error)

ListAccessGroupsByName finds an Access Group by name. Returns nil if no group with the given name is found.

func (*API) ListAccessIdentityProvidersByName added in v0.17.3 

func (c *API) ListAccessIdentityProvidersByName(name string) (*AccessIdentityProviderResult, error)

ListAccessIdentityProvidersByName finds an Access Identity Provider by name. Returns nil if no provider with the given name is found.

func (*API) ListAccessPolicies added in v0.18.0 

func (c *API) ListAccessPolicies(applicationID string) ([]AccessPolicyResult, error)

ListAccessPolicies lists all Access Policies for an application.

func (*API) ListDevicePostureRulesByName added in v0.17.3 

func (c *API) ListDevicePostureRulesByName(name string) (*DevicePostureRuleResult, error)

ListDevicePostureRulesByName finds a Device Posture Rule by name. Returns nil if no rule with the given name is found.

func (*API) ListGatewayListsByName 

func (c *API) ListGatewayListsByName(name string) (*GatewayListResult, error)

ListGatewayListsByName finds a Gateway List by name. Returns nil if no list with the given name is found.

func (*API) ListGatewayRulesByName 

func (c *API) ListGatewayRulesByName(name string) (*GatewayRuleResult, error)

ListGatewayRulesByName finds a Gateway Rule by name. Returns nil if no rule with the given name is found.

func (*API) ListOriginCACertificates added in v0.20.0 

func (api *API) ListOriginCACertificates(ctx context.Context, zoneID string) ([]OriginCACertificateResult, error)

ListOriginCACertificates lists Origin CA certificates for a zone

func (*API) ListQueues added in v0.20.0 

func (api *API) ListQueues(ctx context.Context) ([]Queue, error)

ListQueues lists all Cloudflare Queues

func (*API) ListR2Buckets added in v0.20.0 

func (api *API) ListR2Buckets(ctx context.Context) ([]R2BucketResult, error)

ListR2Buckets lists all R2 buckets

func (*API) ListR2CustomDomains added in v0.20.0 

func (api *API) ListR2CustomDomains(
	ctx context.Context, bucketName string,
) ([]R2CustomDomain, error)

ListR2CustomDomains lists all custom domains for an R2 bucket

func (*API) ListRegistrarDomains added in v0.20.0 

func (api *API) ListRegistrarDomains(ctx context.Context) ([]RegistrarDomainInfo, error)

ListRegistrarDomains lists all domains registered with Cloudflare Registrar

func (*API) ListRulesets added in v0.20.0 

func (api *API) ListRulesets(ctx context.Context, zoneID string) ([]RulesetResult, error)

ListRulesets lists all rulesets for a zone

func (*API) ListTunnelRoutesByTunnelID added in v0.17.10 

func (c *API) ListTunnelRoutesByTunnelID(tunnelID string) ([]TunnelRouteResult, error)

ListTunnelRoutesByTunnelID lists all Tunnel Routes associated with a specific Tunnel. This is used to clean up routes before deleting a tunnel.

func (*API) ListTunnelRoutesByVirtualNetworkID added in v0.17.10 

func (c *API) ListTunnelRoutesByVirtualNetworkID(virtualNetworkID string) ([]TunnelRouteResult, error)

ListTunnelRoutesByVirtualNetworkID lists all Tunnel Routes associated with a specific Virtual Network. This is used to clean up routes before deleting a virtual network.

func (*API) MergeAndSync added in v0.23.0 

func (c *API) MergeAndSync(tunnelID string, opts MergeOptions) (*MergeSyncResult, error)

MergeAndSync performs read-merge-write operation to safely update tunnel configuration. This method: 1. Reads the current configuration from Cloudflare API 2. Removes rules owned by this source (based on PreviousHostnames) 3. Adds the new rules from CurrentRules 4. Preserves rules from other sources 5. Writes the merged configuration back to Cloudflare API

This approach prevents race conditions where multiple controllers overwrite each other's configurations.

func (*API) RefreshAccessServiceToken 

func (c *API) RefreshAccessServiceToken(tokenID string) (*AccessServiceTokenResult, error)

RefreshAccessServiceToken refreshes an Access Service Token, generating a new client secret.

func (*API) RevokeOriginCACertificate added in v0.20.0 

func (api *API) RevokeOriginCACertificate(ctx context.Context, certificateID string) error

RevokeOriginCACertificate revokes an Origin CA certificate

func (*API) SetR2CORS added in v0.20.0 

func (api *API) SetR2CORS(ctx context.Context, bucketName string, rules []R2CORSRule) error

SetR2CORS sets the CORS configuration for an R2 bucket

func (*API) SetR2Lifecycle added in v0.20.0 

func (api *API) SetR2Lifecycle(ctx context.Context, bucketName string, rules []R2LifecycleRule) error

SetR2Lifecycle sets the lifecycle rules for an R2 bucket

func (*API) SetR2Notification added in v0.20.0 

func (api *API) SetR2Notification(
	ctx context.Context, bucketName, queueID string, rules []R2NotificationRule,
) error

SetR2Notification creates or updates a notification rule for an R2 bucket

func (*API) SyncTunnelConfigurationToAPI deprecated added in v0.21.7 

func (c *API) SyncTunnelConfigurationToAPI(tunnelID string, localRules []UnvalidatedIngressRule, warpRouting *WarpRoutingConfig) error

SyncTunnelConfigurationToAPI syncs the local ingress rules to Cloudflare API. This is a convenience method that combines type conversion and API call.

Deprecated: Use MergeAndSync instead to avoid race conditions between controllers.

IMPORTANT: The warpRouting parameter controls WARP routing state: - nil: don't change existing warp-routing state (backward compatible) - &WarpRoutingConfig{Enabled: true}: explicitly enable warp-routing - &WarpRoutingConfig{Enabled: false}: explicitly disable warp-routing

func (*API) UpdateAccessApplication 

func (c *API) UpdateAccessApplication(applicationID string, params AccessApplicationParams) (*AccessApplicationResult, error)

UpdateAccessApplication updates an existing Access Application.

func (*API) UpdateAccessGroup 

func (c *API) UpdateAccessGroup(groupID string, params AccessGroupParams) (*AccessGroupResult, error)

UpdateAccessGroup updates an existing Access Group.

func (*API) UpdateAccessIdentityProvider 

func (c *API) UpdateAccessIdentityProvider(idpID string, params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)

UpdateAccessIdentityProvider updates an existing Access Identity Provider.

func (*API) UpdateAccessPolicy added in v0.18.0 

func (c *API) UpdateAccessPolicy(policyID string, params AccessPolicyParams) (*AccessPolicyResult, error)

UpdateAccessPolicy updates an existing Access Policy.

func (*API) UpdateAccessServiceToken 

func (c *API) UpdateAccessServiceToken(tokenID string, name string, duration string) (*AccessServiceTokenResult, error)

UpdateAccessServiceToken updates an existing Access Service Token.

func (*API) UpdateDNSRecord 

func (c *API) UpdateDNSRecord(zoneID, recordID string, params DNSRecordParams) (*DNSRecordResult, error)

UpdateDNSRecord updates an existing DNS record.

func (*API) UpdateDNSRecordInZone added in v0.19.0 

func (c *API) UpdateDNSRecordInZone(zoneID, recordID string, params DNSRecordParams) (*DNSRecordResult, error)

UpdateDNSRecordInZone updates an existing DNS record in the specified zone.

func (*API) UpdateDevicePostureRule 

func (c *API) UpdateDevicePostureRule(ruleID string, params DevicePostureRuleParams) (*DevicePostureRuleResult, error)

UpdateDevicePostureRule updates an existing Device Posture Rule.

func (*API) UpdateEntrypointRuleset added in v0.20.0 

func (api *API) UpdateEntrypointRuleset(
	ctx context.Context, zoneID, phase, description string, rules []cloudflare.RulesetRule,
) (*RulesetResult, error)

UpdateEntrypointRuleset updates the entrypoint ruleset for a zone and phase

func (*API) UpdateFallbackDomains 

func (c *API) UpdateFallbackDomains(entries []FallbackDomainEntry) error

UpdateFallbackDomains updates the fallback domains list.

func (*API) UpdateGatewayConfiguration 

func (c *API) UpdateGatewayConfiguration(params GatewayConfigurationParams) (*GatewayConfigurationResult, error)

UpdateGatewayConfiguration updates the Gateway configuration for an account.

func (*API) UpdateGatewayList 

func (c *API) UpdateGatewayList(listID string, params GatewayListParams) (*GatewayListResult, error)

UpdateGatewayList updates an existing Gateway List.

func (*API) UpdateGatewayRule 

func (c *API) UpdateGatewayRule(ruleID string, params GatewayRuleParams) (*GatewayRuleResult, error)

UpdateGatewayRule updates an existing Gateway Rule.

func (*API) UpdateR2CustomDomain added in v0.20.0 

func (api *API) UpdateR2CustomDomain(
	ctx context.Context, bucketName, domain string, params R2CustomDomainParams,
) (*R2CustomDomain, error)

UpdateR2CustomDomain updates the settings for a custom domain

func (*API) UpdateRegistrarDomain added in v0.20.0 

func (api *API) UpdateRegistrarDomain(
	ctx context.Context, domainName string, config RegistrarDomainConfig,
) (*RegistrarDomainInfo, error)

UpdateRegistrarDomain updates domain configuration

func (*API) UpdateSplitTunnelExclude 

func (c *API) UpdateSplitTunnelExclude(entries []SplitTunnelEntry) error

UpdateSplitTunnelExclude updates the split tunnel exclude list.

func (*API) UpdateSplitTunnelInclude 

func (c *API) UpdateSplitTunnelInclude(entries []SplitTunnelEntry) error

UpdateSplitTunnelInclude updates the split tunnel include list.

func (*API) UpdateTunnelConfiguration added in v0.21.7 

func (c *API) UpdateTunnelConfiguration(tunnelID string, config cloudflare.TunnelConfiguration) (*cloudflare.TunnelConfigurationResult, error)

UpdateTunnelConfiguration updates the Tunnel configuration in Cloudflare API. This syncs the local ingress rules to Cloudflare, making domains available for Access Applications validation.

func (*API) UpdateTunnelRoute 

func (c *API) UpdateTunnelRoute(network string, params TunnelRouteParams) (*TunnelRouteResult, error)

UpdateTunnelRoute updates an existing Tunnel Route.

func (*API) UpdateVirtualNetwork 

func (c *API) UpdateVirtualNetwork(virtualNetworkID string, params VirtualNetworkParams) (*VirtualNetworkResult, error)

UpdateVirtualNetwork updates an existing Virtual Network.

func (*API) UpdateZoneSetting added in v0.20.0 

func (api *API) UpdateZoneSetting(ctx context.Context, zoneID, settingName string, value any) error

UpdateZoneSetting updates a single zone setting

func (*API) UpdateZoneSettings added in v0.20.0 

func (api *API) UpdateZoneSettings(ctx context.Context, zoneID string, settings []cloudflare.ZoneSetting) error

UpdateZoneSettings updates multiple zone settings

func (*API) ValidateAll 

func (c *API) ValidateAll() error

ValidateAll validates the contents of the API struct

type APIError added in v0.17.3 

type APIError struct {
	Operation string
	Resource  string
	Err       error
}

APIError wraps a Cloudflare API error with additional context

func NewAPIError added in v0.17.3 

func NewAPIError(operation, resource string, err error) *APIError

NewAPIError creates a new APIError

func (*APIError) Error added in v0.17.3 

func (e *APIError) Error() string

func (*APIError) Unwrap added in v0.17.3 

func (e *APIError) Unwrap() error

type AccessAppLauncherCustomizationParams added in v0.21.1 

type AccessAppLauncherCustomizationParams struct {
	LandingPageDesign        *AccessLandingPageDesignParams
	AppLauncherLogoURL       string
	HeaderBackgroundColor    string
	BackgroundColor          string
	FooterLinks              []AccessFooterLinkParams
	SkipAppLauncherLoginPage *bool
}

AccessAppLauncherCustomizationParams represents app launcher customization.

type AccessApplicationCorsHeadersParams added in v0.21.1 

type AccessApplicationCorsHeadersParams struct {
	AllowedMethods   []string
	AllowedOrigins   []string
	AllowedHeaders   []string
	AllowAllMethods  bool
	AllowAllHeaders  bool
	AllowAllOrigins  bool
	AllowCredentials bool
	MaxAge           int
}

AccessApplicationCorsHeadersParams represents CORS settings.

type AccessApplicationParams 

type AccessApplicationParams struct {
	Name                     string
	Domain                   string
	SelfHostedDomains        []string
	Destinations             []AccessDestinationParams
	DomainType               string
	PrivateAddress           string
	Type                     string // self_hosted, saas, ssh, vnc, app_launcher, warp, biso, bookmark, dash_sso, infrastructure
	SessionDuration          string
	AllowedIdps              []string
	AutoRedirectToIdentity   *bool
	EnableBindingCookie      *bool
	HTTPOnlyCookieAttribute  *bool
	PathCookieAttribute      *bool
	SameSiteCookieAttribute  string
	LogoURL                  string
	SkipInterstitial         *bool
	OptionsPreflightBypass   *bool
	AppLauncherVisible       *bool
	ServiceAuth401Redirect   *bool
	CustomDenyMessage        string
	CustomDenyURL            string
	CustomNonIdentityDenyURL string
	AllowAuthenticateViaWarp *bool
	Tags                     []string
	CustomPages              []string
	GatewayRules             []string
	CorsHeaders              *AccessApplicationCorsHeadersParams
	SaasApp                  *SaasApplicationParams
	SCIMConfig               *AccessApplicationSCIMConfigParams
	AppLauncherCustomization *AccessAppLauncherCustomizationParams
	TargetContexts           []AccessInfrastructureTargetContextParams
}

AccessApplicationParams contains parameters for creating/updating an Access Application.

type AccessApplicationResult 

type AccessApplicationResult struct {
	ID                     string
	AUD                    string
	Name                   string
	Domain                 string
	SelfHostedDomains      []string
	Type                   string
	SessionDuration        string
	AllowedIdps            []string
	AutoRedirectToIdentity bool
	SaasAppClientID        string
}

AccessApplicationResult contains the result of an Access Application operation.

type AccessApplicationSCIMConfigParams added in v0.21.1 

type AccessApplicationSCIMConfigParams struct {
	Enabled            *bool
	RemoteURI          string
	Authentication     *SCIMAuthenticationParams
	IDPUID             string
	DeactivateOnDelete *bool
	Mappings           []SCIMMappingParams
}

AccessApplicationSCIMConfigParams represents SCIM configuration.

type AccessDestinationParams added in v0.21.1 

type AccessDestinationParams struct {
	Type       string // public, private
	URI        string
	Hostname   string
	CIDR       string
	PortRange  string
	L4Protocol string
	VnetID     string
}

AccessDestinationParams represents a destination configuration.

type AccessFooterLinkParams added in v0.21.1 

type AccessFooterLinkParams struct {
	Name string
	URL  string
}

AccessFooterLinkParams represents a footer link.

type AccessGroupAuthContextRuleParams added in v0.21.1 

type AccessGroupAuthContextRuleParams struct {
	ID                 string
	AcID               string
	IdentityProviderID string
}

type AccessGroupAuthMethodRuleParams added in v0.21.1 

type AccessGroupAuthMethodRuleParams struct{ AuthMethod string }

type AccessGroupAzureRuleParams added in v0.21.1 

type AccessGroupAzureRuleParams struct {
	ID                 string
	IdentityProviderID string
}

type AccessGroupCommonNameRuleParams added in v0.21.1 

type AccessGroupCommonNameRuleParams struct{ CommonName string }

type AccessGroupCountryRuleParams added in v0.21.1 

type AccessGroupCountryRuleParams struct{ Country []string }

type AccessGroupDevicePostureRuleParams added in v0.21.1 

type AccessGroupDevicePostureRuleParams struct{ IntegrationUID string }

type AccessGroupEmailDomainRuleParams added in v0.21.1 

type AccessGroupEmailDomainRuleParams struct{ Domain string }

type AccessGroupEmailListRuleParams added in v0.21.1 

type AccessGroupEmailListRuleParams struct{ ID string }

type AccessGroupEmailRuleParams added in v0.21.1 

type AccessGroupEmailRuleParams struct{ Email string }

Rule params types

type AccessGroupExternalEvaluationRuleParams added in v0.21.1 

type AccessGroupExternalEvaluationRuleParams struct {
	EvaluateURL string
	KeysURL     string
}

type AccessGroupGSuiteRuleParams added in v0.21.1 

type AccessGroupGSuiteRuleParams struct {
	Email              string
	IdentityProviderID string
}

type AccessGroupGitHubRuleParams added in v0.21.1 

type AccessGroupGitHubRuleParams struct {
	Name               string
	Teams              []string
	IdentityProviderID string
}

type AccessGroupGroupRuleParams added in v0.21.1 

type AccessGroupGroupRuleParams struct{ ID string }

type AccessGroupIPListRuleParams added in v0.21.1 

type AccessGroupIPListRuleParams struct{ ID string }

type AccessGroupIPRangesRuleParams added in v0.21.1 

type AccessGroupIPRangesRuleParams struct{ IP []string }

type AccessGroupLoginMethodRuleParams added in v0.21.1 

type AccessGroupLoginMethodRuleParams struct{ ID string }

type AccessGroupOIDCRuleParams added in v0.21.1 

type AccessGroupOIDCRuleParams struct {
	ClaimName          string
	ClaimValue         string
	IdentityProviderID string
}

type AccessGroupOktaRuleParams added in v0.21.1 

type AccessGroupOktaRuleParams struct {
	Name               string
	IdentityProviderID string
}

type AccessGroupParams 

type AccessGroupParams struct {
	Name      string
	Include   []AccessGroupRuleParams
	Exclude   []AccessGroupRuleParams
	Require   []AccessGroupRuleParams
	IsDefault *bool
}

AccessGroupParams contains parameters for creating/updating an Access Group.

type AccessGroupResult 

type AccessGroupResult struct {
	ID   string
	Name string
}

AccessGroupResult contains the result of an Access Group operation.

type AccessGroupRuleParams added in v0.21.1 

type AccessGroupRuleParams struct {
	Email                *AccessGroupEmailRuleParams
	EmailDomain          *AccessGroupEmailDomainRuleParams
	EmailList            *AccessGroupEmailListRuleParams
	Everyone             bool
	IPRanges             *AccessGroupIPRangesRuleParams
	IPList               *AccessGroupIPListRuleParams
	Country              *AccessGroupCountryRuleParams
	Group                *AccessGroupGroupRuleParams
	ServiceToken         *AccessGroupServiceTokenRuleParams
	AnyValidServiceToken bool
	Certificate          bool
	CommonName           *AccessGroupCommonNameRuleParams
	DevicePosture        *AccessGroupDevicePostureRuleParams
	GSuite               *AccessGroupGSuiteRuleParams
	GitHub               *AccessGroupGitHubRuleParams
	Azure                *AccessGroupAzureRuleParams
	Okta                 *AccessGroupOktaRuleParams
	OIDC                 *AccessGroupOIDCRuleParams
	SAML                 *AccessGroupSAMLRuleParams
	AuthMethod           *AccessGroupAuthMethodRuleParams
	AuthContext          *AccessGroupAuthContextRuleParams
	LoginMethod          *AccessGroupLoginMethodRuleParams
	ExternalEvaluation   *AccessGroupExternalEvaluationRuleParams
}

AccessGroupRuleParams represents a typed Access Group rule for SDK conversion. Each rule should have exactly one field set.

func BuildGroupIncludeRule added in v0.18.0 

func BuildGroupIncludeRule(groupID string) AccessGroupRuleParams

BuildGroupIncludeRule constructs an include rule that references an Access Group. This uses the "group" rule type with the group's UUID.

type AccessGroupSAMLRuleParams added in v0.21.1 

type AccessGroupSAMLRuleParams struct {
	AttributeName      string
	AttributeValue     string
	IdentityProviderID string
}

type AccessGroupServiceTokenRuleParams added in v0.21.1 

type AccessGroupServiceTokenRuleParams struct{ TokenID string }

type AccessIdentityProviderParams 

type AccessIdentityProviderParams struct {
	Name       string
	Type       string
	Config     cloudflare.AccessIdentityProviderConfiguration
	ScimConfig cloudflare.AccessIdentityProviderScimConfiguration
}

AccessIdentityProviderParams contains parameters for an Access Identity Provider.

type AccessIdentityProviderResult 

type AccessIdentityProviderResult struct {
	ID   string
	Name string
	Type string
}

AccessIdentityProviderResult contains the result of an Access Identity Provider operation.

type AccessInfrastructureTargetContextParams added in v0.21.1 

type AccessInfrastructureTargetContextParams struct {
	TargetAttributes map[string][]string
	Port             int
	Protocol         string
}

AccessInfrastructureTargetContextParams represents target context for infrastructure apps.

type AccessLandingPageDesignParams added in v0.21.1 

type AccessLandingPageDesignParams struct {
	Title           string
	Message         string
	ImageURL        string
	ButtonColor     string
	ButtonTextColor string
}

AccessLandingPageDesignParams represents landing page design.

type AccessPolicyParams added in v0.18.0 

type AccessPolicyParams struct {
	ApplicationID   string                  // Required: The Application ID this policy belongs to
	Name            string                  // Policy name
	Decision        string                  // allow, deny, bypass, non_identity
	Precedence      int                     // Order of evaluation (lower = higher priority)
	Include         []AccessGroupRuleParams // Include rules (e.g., group references)
	Exclude         []AccessGroupRuleParams // Exclude rules
	Require         []AccessGroupRuleParams // Require rules
	SessionDuration *string                 // Optional session duration override
}

AccessPolicyParams contains parameters for creating/updating an Access Policy.

type AccessPolicyResult added in v0.18.0 

type AccessPolicyResult struct {
	ID         string
	Name       string
	Decision   string
	Precedence int
}

AccessPolicyResult contains the result of an Access Policy operation.

type AccessServiceTokenResult 

type AccessServiceTokenResult struct {
	ID                  string
	TokenID             string
	Name                string
	ClientID            string
	ClientSecret        string
	AccountID           string
	ExpiresAt           string
	CreatedAt           string
	UpdatedAt           string
	LastSeenAt          string
	ClientSecretVersion int64
}

AccessServiceTokenResult contains the result of an Access Service Token operation.

type ActivityLogSettings added in v0.17.5 

type ActivityLogSettings struct {
	Enabled bool
}

ActivityLogSettings for activity logging.

type AntiVirusSettings added in v0.17.5 

type AntiVirusSettings struct {
	EnabledDownloadPhase bool
	EnabledUploadPhase   bool
	FailClosed           bool
	NotificationSettings *NotificationSettings
}

AntiVirusSettings for AV scanning.

type BlockPageSettings added in v0.17.5 

type BlockPageSettings struct {
	Enabled         bool
	FooterText      string
	HeaderText      string
	LogoPath        string
	BackgroundColor string
}

BlockPageSettings for block page customization.

type BodyScanningSettings added in v0.17.5 

type BodyScanningSettings struct {
	InspectionMode string
}

BodyScanningSettings for body scanning.

type BrowserIsolationSettings added in v0.17.5 

type BrowserIsolationSettings struct {
	URLBrowserIsolationEnabled bool
	NonIdentityEnabled         bool
}

BrowserIsolationSettings for browser isolation.

type ClientConfig 

type ClientConfig struct {
	Log         logr.Logger
	APIToken    string
	APIKey      string
	Email       string
	AccountID   string
	AccountName string
	Domain      string
	TunnelID    string
	TunnelName  string
}

ClientConfig contains configuration for creating a CloudflareClient.

type ClientFactory 

type ClientFactory interface {
	// NewClient creates a new CloudflareClient with the given configuration.
	NewClient(config ClientConfig) (CloudflareClient, error)
}

ClientFactory creates CloudflareClient instances. This interface enables dependency injection for testing.

func GetDefaultFactory 

func GetDefaultFactory() ClientFactory

GetDefaultFactory returns the default ClientFactory.

func NewDefaultClientFactory 

func NewDefaultClientFactory() ClientFactory

NewDefaultClientFactory creates a new DefaultClientFactory.

type CloudflareClient 

type CloudflareClient interface {
	// Tunnel operations
	CreateTunnel() (string, string, error)
	DeleteTunnel() error
	ValidateAll() error
	GetAccountId() (string, error)
	GetTunnelId() (string, error)
	GetTunnelCreds(tunnelSecret string) (string, error)
	GetZoneId() (string, error)

	// DNS operations (api.go - CNAME/TXT for tunnels)
	InsertOrUpdateCName(fqdn, dnsID string) (string, error)
	DeleteDNSId(fqdn, dnsID string, created bool) error
	GetDNSCNameId(fqdn string) (string, error)
	GetManagedDnsTxt(fqdn string) (string, DnsManagedRecordTxt, bool, error)
	InsertOrUpdateTXT(fqdn, txtID, dnsID string) error

	// DNS operations (dns.go - Generic DNS records)
	CreateDNSRecord(params DNSRecordParams) (*DNSRecordResult, error)
	GetDNSRecord(zoneID, recordID string) (*DNSRecordResult, error)
	UpdateDNSRecord(zoneID, recordID string, params DNSRecordParams) (*DNSRecordResult, error)
	DeleteDNSRecord(zoneID, recordID string) error

	// Virtual Network operations
	CreateVirtualNetwork(params VirtualNetworkParams) (*VirtualNetworkResult, error)
	GetVirtualNetwork(virtualNetworkID string) (*VirtualNetworkResult, error)
	GetVirtualNetworkByName(name string) (*VirtualNetworkResult, error)
	UpdateVirtualNetwork(virtualNetworkID string, params VirtualNetworkParams) (*VirtualNetworkResult, error)
	DeleteVirtualNetwork(virtualNetworkID string) error

	// Tunnel Route operations
	CreateTunnelRoute(params TunnelRouteParams) (*TunnelRouteResult, error)
	GetTunnelRoute(network, virtualNetworkID string) (*TunnelRouteResult, error)
	UpdateTunnelRoute(network string, params TunnelRouteParams) (*TunnelRouteResult, error)
	DeleteTunnelRoute(network, virtualNetworkID string) error

	// Access Application operations
	CreateAccessApplication(params AccessApplicationParams) (*AccessApplicationResult, error)
	GetAccessApplication(applicationID string) (*AccessApplicationResult, error)
	UpdateAccessApplication(applicationID string, params AccessApplicationParams) (*AccessApplicationResult, error)
	DeleteAccessApplication(applicationID string) error
	ListAccessApplicationsByName(name string) (*AccessApplicationResult, error)

	// Access Policy operations
	CreateAccessPolicy(params AccessPolicyParams) (*AccessPolicyResult, error)
	GetAccessPolicy(applicationID, policyID string) (*AccessPolicyResult, error)
	UpdateAccessPolicy(policyID string, params AccessPolicyParams) (*AccessPolicyResult, error)
	DeleteAccessPolicy(applicationID, policyID string) error
	ListAccessPolicies(applicationID string) ([]AccessPolicyResult, error)

	// Access Group operations
	CreateAccessGroup(params AccessGroupParams) (*AccessGroupResult, error)
	GetAccessGroup(groupID string) (*AccessGroupResult, error)
	UpdateAccessGroup(groupID string, params AccessGroupParams) (*AccessGroupResult, error)
	DeleteAccessGroup(groupID string) error
	ListAccessGroupsByName(name string) (*AccessGroupResult, error)

	// Access Identity Provider operations
	CreateAccessIdentityProvider(params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)
	GetAccessIdentityProvider(idpID string) (*AccessIdentityProviderResult, error)
	UpdateAccessIdentityProvider(idpID string, params AccessIdentityProviderParams) (*AccessIdentityProviderResult, error)
	DeleteAccessIdentityProvider(idpID string) error
	ListAccessIdentityProvidersByName(name string) (*AccessIdentityProviderResult, error)

	// Access Service Token operations
	GetAccessServiceTokenByName(name string) (*AccessServiceTokenResult, error)
	CreateAccessServiceToken(name string, duration string) (*AccessServiceTokenResult, error)
	UpdateAccessServiceToken(tokenID string, name string, duration string) (*AccessServiceTokenResult, error)
	RefreshAccessServiceToken(tokenID string) (*AccessServiceTokenResult, error)
	DeleteAccessServiceToken(tokenID string) error

	// Device Posture Rule operations
	CreateDevicePostureRule(params DevicePostureRuleParams) (*DevicePostureRuleResult, error)
	GetDevicePostureRule(ruleID string) (*DevicePostureRuleResult, error)
	UpdateDevicePostureRule(ruleID string, params DevicePostureRuleParams) (*DevicePostureRuleResult, error)
	DeleteDevicePostureRule(ruleID string) error
	ListDevicePostureRulesByName(name string) (*DevicePostureRuleResult, error)

	// Gateway Rule operations
	CreateGatewayRule(params GatewayRuleParams) (*GatewayRuleResult, error)
	GetGatewayRule(ruleID string) (*GatewayRuleResult, error)
	UpdateGatewayRule(ruleID string, params GatewayRuleParams) (*GatewayRuleResult, error)
	DeleteGatewayRule(ruleID string) error
	ListGatewayRulesByName(name string) (*GatewayRuleResult, error)

	// Gateway List operations
	CreateGatewayList(params GatewayListParams) (*GatewayListResult, error)
	GetGatewayList(listID string) (*GatewayListResult, error)
	UpdateGatewayList(listID string, params GatewayListParams) (*GatewayListResult, error)
	DeleteGatewayList(listID string) error
	ListGatewayListsByName(name string) (*GatewayListResult, error)

	// Split Tunnel operations
	GetSplitTunnelExclude() ([]SplitTunnelEntry, error)
	UpdateSplitTunnelExclude(entries []SplitTunnelEntry) error
	GetSplitTunnelInclude() ([]SplitTunnelEntry, error)
	UpdateSplitTunnelInclude(entries []SplitTunnelEntry) error

	// Fallback Domain operations
	GetFallbackDomains() ([]FallbackDomainEntry, error)
	UpdateFallbackDomains(entries []FallbackDomainEntry) error

	// WARP Connector operations
	CreateWARPConnector(name string) (*WARPConnectorResult, error)
	GetWARPConnectorToken(connectorID string) (*WARPConnectorTokenResult, error)
	DeleteWARPConnector(connectorID string) error

	// Gateway Configuration operations
	UpdateGatewayConfiguration(params GatewayConfigurationParams) (*GatewayConfigurationResult, error)
}

CloudflareClient defines the interface for interacting with the Cloudflare API. This interface enables dependency injection and mocking for unit tests. The interface is intentionally large to cover all Cloudflare API operations.

type Configuration 

type Configuration struct {
	TunnelID      string                   `yaml:"tunnel" json:"tunnel"`
	Ingress       []UnvalidatedIngressRule `yaml:"ingress,omitempty" json:"ingress,omitempty"`
	WarpRouting   WarpRoutingConfig        `yaml:"warp-routing,omitempty" json:"warp-routing,omitempty"`
	OriginRequest OriginRequestConfig      `yaml:"originRequest,omitempty" json:"originRequest,omitempty"`
	SourceFile    string                   `yaml:"credentials-file" json:"credentials-file"`
	Metrics       string                   `yaml:"metrics,omitempty" json:"metrics,omitempty"`
	NoAutoUpdate  bool                     `yaml:"no-autoupdate,omitempty" json:"no-autoupdate,omitempty"`
}

Configuration is a cloudflared configuration yaml model https://github.com/cloudflare/cloudflared/blob/master/config/configuration.go Note: Both yaml and json tags are required because sigs.k8s.io/yaml uses json.Marshal internally, which only recognizes json tags.

type CustomCertificateSettings added in v0.17.5 

type CustomCertificateSettings struct {
	Enabled bool
	ID      string
}

CustomCertificateSettings for custom CA.

type DNSRecordDataParams added in v0.21.1 

type DNSRecordDataParams struct {
	// For SRV records
	Service string
	Proto   string
	Weight  int
	Port    int
	Target  string

	// For CAA records
	Flags int
	Tag   string
	Value string

	// For CERT/SSHFP/TLSA records
	Algorithm    int
	Certificate  string
	KeyTag       int
	Usage        int
	Selector     int
	MatchingType int

	// For LOC records
	LatDegrees    int
	LatMinutes    int
	LatSeconds    string
	LatDirection  string
	LongDegrees   int
	LongMinutes   int
	LongSeconds   string
	LongDirection string
	Altitude      string
	Size          string
	PrecisionHorz string
	PrecisionVert string

	// For URI records
	ContentURI string
}

DNSRecordDataParams contains structured data for special DNS record types.

type DNSRecordParams 

type DNSRecordParams struct {
	Name     string
	Type     string
	Content  string
	TTL      int
	Proxied  bool
	Priority *int
	Comment  string
	Tags     []string
	Data     *DNSRecordDataParams
}

DNSRecordParams contains parameters for creating/updating a DNS record.

type DNSRecordResult 

type DNSRecordResult struct {
	ID      string
	ZoneID  string
	Name    string
	Type    string
	Content string
	TTL     int
	Proxied bool
}

DNSRecordResult contains the result of a DNS record operation.

type DefaultClientFactory 

type DefaultClientFactory struct{}

DefaultClientFactory creates real CloudflareClient instances.

func (*DefaultClientFactory) NewClient 

func (*DefaultClientFactory) NewClient(config ClientConfig) (CloudflareClient, error)

NewClient creates a new CloudflareClient using the real Cloudflare API. If CLOUDFLARE_API_BASE_URL environment variable is set, it uses that as the API base URL.

type DevicePostureInputParams added in v0.21.1 

type DevicePostureInputParams struct {
	ID               string
	Path             string
	Exists           *bool
	Sha256           string
	Thumbprint       string
	Running          *bool
	RequireAll       *bool
	Enabled          *bool
	Version          string
	Operator         string
	Domain           string
	ComplianceStatus string
	ConnectionID     string
	LastSeen         string
	EidLastSeen      string
	ActiveThreats    *int
	Infected         *bool
	IsActive         *bool
	NetworkStatus    string
	SensorConfig     string
	VersionOperator  string
	CountOperator    string
	ScoreOperator    string
	IssueCount       *int
	Score            *int
	TotalScore       *int
	RiskLevel        string
	Overall          string
	State            string
	OperationalState string
	OSDistroName     string
	OSDistroRevision string
	OSVersionExtra   string
	OS               string
	OperatingSystem  string
	CertificateID    string
	CommonName       string
	Cn               string
	CheckPrivateKey  *bool
	ExtendedKeyUsage []string
	CheckDisks       []string
}

DevicePostureInputParams contains rule-specific input for Device Posture Rule.

type DevicePostureMatchParams added in v0.21.1 

type DevicePostureMatchParams struct {
	Platform string
}

DevicePostureMatchParams contains platform matching for Device Posture Rule.

type DevicePostureRuleParams 

type DevicePostureRuleParams struct {
	Name        string
	Type        string
	Description string
	Schedule    string
	Expiration  string
	Match       []DevicePostureMatchParams
	Input       *DevicePostureInputParams
}

DevicePostureRuleParams contains parameters for a Device Posture Rule.

type DevicePostureRuleResult 

type DevicePostureRuleResult struct {
	ID          string
	Name        string
	Type        string
	Description string
	AccountID   string
}

DevicePostureRuleResult contains the result of a Device Posture Rule operation.

type DnsManagedRecordTxt 

type DnsManagedRecordTxt struct {
	DnsId      string // DnsId of the managed record
	TunnelName string // TunnelName of the managed record
	TunnelId   string // TunnelId of the managed record
}

DnsManagedRecordTxt object that represents each managed DNS record in a separate TXT record

type FIPSSettings added in v0.17.5 

type FIPSSettings struct {
	TLS bool
}

FIPSSettings for FIPS compliance.

type FallbackDomainEntry 

type FallbackDomainEntry struct {
	Suffix      string   `json:"suffix"`
	Description string   `json:"description,omitempty"`
	DNSServer   []string `json:"dns_server,omitempty"`
}

FallbackDomainEntry represents a fallback domain configuration entry.

type GatewayAuditSSHParams added in v0.21.1 

type GatewayAuditSSHParams struct {
	CommandLogging bool
}

GatewayAuditSSHParams for SSH audit settings.

type GatewayBISOAdminControlsParams added in v0.21.1 

type GatewayBISOAdminControlsParams struct {
	DisablePrinting             *bool
	DisableCopyPaste            *bool
	DisableDownload             *bool
	DisableUpload               *bool
	DisableKeyboard             *bool
	DisableClipboardRedirection *bool
}

GatewayBISOAdminControlsParams for browser isolation controls.

type GatewayCheckSessionParams added in v0.21.1 

type GatewayCheckSessionParams struct {
	Enforce  bool
	Duration string
}

GatewayCheckSessionParams for session check settings.

type GatewayConfigurationParams 

type GatewayConfigurationParams struct {
	TLSDecrypt        *TLSDecryptSettings
	ActivityLog       *ActivityLogSettings
	AntiVirus         *AntiVirusSettings
	BlockPage         *BlockPageSettings
	BodyScanning      *BodyScanningSettings
	BrowserIsolation  *BrowserIsolationSettings
	FIPS              *FIPSSettings
	ProtocolDetection *ProtocolDetectionSettings
	CustomCertificate *CustomCertificateSettings
}

GatewayConfigurationParams contains parameters for Gateway Configuration.

type GatewayConfigurationResult 

type GatewayConfigurationResult struct {
	AccountID string
}

GatewayConfigurationResult contains the result of a Gateway Configuration operation.

type GatewayDNSResolverEntryParams added in v0.21.1 

type GatewayDNSResolverEntryParams struct {
	IP                         string
	Port                       int
	VNetID                     string
	RouteThroughPrivateNetwork *bool
}

GatewayDNSResolverEntryParams for a single DNS resolver.

type GatewayDNSResolversParams added in v0.21.1 

type GatewayDNSResolversParams struct {
	IPv4 []GatewayDNSResolverEntryParams
	IPv6 []GatewayDNSResolverEntryParams
}

GatewayDNSResolversParams for custom DNS resolvers.

type GatewayEgressParams added in v0.21.1 

type GatewayEgressParams struct {
	IPv4         string
	IPv6         string
	IPv4Fallback string
}

GatewayEgressParams for egress settings.

type GatewayL4OverrideParams added in v0.21.1 

type GatewayL4OverrideParams struct {
	IP   string
	Port int
}

GatewayL4OverrideParams for L4 override settings.

type GatewayListItem 

type GatewayListItem struct {
	Value       string
	Description string
}

GatewayListItem represents an item in a Gateway List.

type GatewayListParams 

type GatewayListParams struct {
	Name        string
	Description string
	Type        string // SERIAL, URL, DOMAIN, EMAIL, IP
	Items       []string
}

GatewayListParams contains parameters for a Gateway List.

type GatewayListResult 

type GatewayListResult struct {
	ID          string
	Name        string
	Description string
	Type        string
	Count       int
	AccountID   string
}

GatewayListResult contains the result of a Gateway List operation.

type GatewayNotificationSettingsParams added in v0.21.1 

type GatewayNotificationSettingsParams struct {
	Enabled    bool
	Message    string
	SupportURL string
}

GatewayNotificationSettingsParams for notification settings.

type GatewayPayloadLogParams added in v0.21.1 

type GatewayPayloadLogParams struct {
	Enabled bool
}

GatewayPayloadLogParams for payload logging.

type GatewayQuarantineParams added in v0.21.1 

type GatewayQuarantineParams struct {
	FileTypes []string
}

GatewayQuarantineParams for quarantine settings.

type GatewayResolveDNSInternallyParams added in v0.21.1 

type GatewayResolveDNSInternallyParams struct {
	ViewID   string
	Fallback string // "none", "public_dns", etc.
}

GatewayResolveDNSInternallyParams for internal DNS resolution.

type GatewayRuleExpirationParams added in v0.21.1 

type GatewayRuleExpirationParams struct {
	ExpiresAt string
	Duration  string
}

GatewayRuleExpirationParams for rule expiration.

type GatewayRuleParams 

type GatewayRuleParams struct {
	Name          string
	Description   string
	Precedence    int
	Enabled       bool
	Action        string
	Filters       []cloudflare.TeamsFilterType
	Traffic       string
	Identity      string
	DevicePosture string
	RuleSettings  *GatewayRuleSettingsParams
	Schedule      *GatewayRuleScheduleParams
	Expiration    *GatewayRuleExpirationParams
}

GatewayRuleParams contains parameters for a Gateway Rule.

type GatewayRuleResult 

type GatewayRuleResult struct {
	ID          string
	Name        string
	Description string
	Precedence  int
	Enabled     bool
	Action      string
}

GatewayRuleResult contains the result of a Gateway Rule operation.

type GatewayRuleScheduleParams added in v0.21.1 

type GatewayRuleScheduleParams struct {
	TimeZone string
	Mon      string
	Tue      string
	Wed      string
	Thu      string
	Fri      string
	Sat      string
	Sun      string
}

GatewayRuleScheduleParams for rule scheduling.

type GatewayRuleSettingsParams added in v0.21.1 

type GatewayRuleSettingsParams struct {
	BlockPageEnabled                *bool
	BlockReason                     string
	OverrideIPs                     []string
	OverrideHost                    string
	L4Override                      *GatewayL4OverrideParams
	BISOAdminControls               *GatewayBISOAdminControlsParams
	CheckSession                    *GatewayCheckSessionParams
	AddHeaders                      map[string]string
	InsecureDisableDNSSECValidation *bool
	Egress                          *GatewayEgressParams
	PayloadLog                      *GatewayPayloadLogParams
	UntrustedCertAction             string
	AuditSSH                        *GatewayAuditSSHParams
	ResolveDNSInternally            *GatewayResolveDNSInternallyParams
	ResolveDNSThroughCloudflare     *bool
	DNSResolvers                    *GatewayDNSResolversParams
	NotificationSettings            *GatewayNotificationSettingsParams
	AllowChildBypass                *bool
	BypassParentRule                *bool
	IgnoreCNAMECategoryMatches      *bool
	IPCategories                    *bool
	IPIndicatorFeeds                *bool
	Quarantine                      *GatewayQuarantineParams
}

GatewayRuleSettingsParams contains settings for a Gateway Rule.

type HybridAndImplicitOptionsParams added in v0.21.1 

type HybridAndImplicitOptionsParams struct {
	ReturnIDTokenFromAuthorizationEndpoint     *bool
	ReturnAccessTokenFromAuthorizationEndpoint *bool
}

HybridAndImplicitOptionsParams represents hybrid and implicit flow options.

type IngressIPRule 

type IngressIPRule struct {
	Prefix *string `yaml:"prefix,omitempty" json:"prefix,omitempty"`
	Ports  []int   `yaml:"ports,omitempty" json:"ports,omitempty"`
	Allow  bool    `yaml:"allow,omitempty" json:"allow,omitempty"`
}

IngressIPRule is a cloudflared origin ingress IP rule config model

type MergeOptions added in v0.23.0 

type MergeOptions struct {
	// Source identifies the controller/source of this configuration fragment.
	// Used for logging and debugging. Examples: "TunnelBinding/default/my-binding",
	// "Ingress/default/my-ingress", "Gateway/default/my-gateway", "Tunnel/my-tunnel"
	Source string

	// PreviousHostnames contains the hostnames that were previously synced by this source.
	// These will be removed from the remote configuration before adding CurrentRules.
	// This allows proper cleanup when a source's rules change.
	PreviousHostnames []string

	// CurrentRules contains the ingress rules to add to the configuration.
	// These rules will be merged with existing rules from other sources.
	// The last rule should be the catch-all rule (empty hostname with service).
	CurrentRules []UnvalidatedIngressRule

	// WarpRouting controls WARP routing state.
	// - nil: preserve existing warp-routing state (default)
	// - &WarpRoutingConfig{Enabled: true}: explicitly enable warp-routing
	// - &WarpRoutingConfig{Enabled: false}: explicitly disable warp-routing
	WarpRouting *WarpRoutingConfig

	// FallbackTarget is the service URL for the catch-all rule (e.g., "http_status:404").
	// - "": preserve existing fallback target
	// - non-empty: set/override the fallback target
	FallbackTarget string

	// GlobalOriginRequest is the global origin request configuration.
	// - nil: preserve existing global origin request config
	// - non-nil: set/override the global origin request config
	GlobalOriginRequest *OriginRequestConfig
}

MergeOptions defines the options for merging tunnel configuration. Each controller provides its own configuration fragment, and MergeAndSync merges it with the existing remote configuration to avoid race conditions.

type MergeSyncResult added in v0.23.0 

type MergeSyncResult struct {
	// Version is the new configuration version after update.
	Version int `json:"version"`

	// SyncedHostnames contains all hostnames that were synced by this operation.
	// Controllers should store this in their Status for tracking.
	SyncedHostnames []string `json:"syncedHostnames"`
}

MergeSyncResult contains the result of a MergeAndSync operation.

type MinifySettings added in v0.20.0 

type MinifySettings struct {
	HTML bool `json:"html"`
	CSS  bool `json:"css"`
	JS   bool `json:"js"`
}

MinifySettings represents minification settings

type NotificationSettings added in v0.17.5 

type NotificationSettings struct {
	Enabled    bool
	Message    string
	SupportURL string
}

NotificationSettings for antivirus notifications.

type OIDCClaimConfigParams added in v0.21.1 

type OIDCClaimConfigParams struct {
	Name     string
	Source   OIDCClaimSourceParams
	Required bool
	Scope    string
}

OIDCClaimConfigParams represents an OIDC claim configuration.

type OIDCClaimSourceParams added in v0.21.1 

type OIDCClaimSourceParams struct {
	Name      string
	NameByIDP map[string]string
}

OIDCClaimSourceParams represents the source of an OIDC claim.

type OriginCACertificateParams added in v0.20.0 

type OriginCACertificateParams struct {
	Hostnames       []string
	RequestType     string // "origin-rsa" or "origin-ecc"
	RequestValidity int    // days: 7, 30, 90, 365, 730, 1095, 5475
	CSR             string
}

OriginCACertificateParams contains parameters for creating an Origin CA certificate

type OriginCACertificateResult added in v0.20.0 

type OriginCACertificateResult struct {
	ID          string
	Certificate string
	Hostnames   []string
	ExpiresOn   time.Time
	RequestType string
	CSR         string
}

OriginCACertificateResult contains the result of an Origin CA certificate operation

type OriginRequestConfig 

type OriginRequestConfig struct {
	// HTTP proxy timeout for establishing a new connection
	ConnectTimeout *time.Duration `yaml:"connectTimeout,omitempty" json:"connectTimeout,omitempty"`
	// HTTP proxy timeout for completing a TLS handshake
	TLSTimeout *time.Duration `yaml:"tlsTimeout,omitempty" json:"tlsTimeout,omitempty"`
	// HTTP proxy TCP keepalive duration
	TCPKeepAlive *time.Duration `yaml:"tcpKeepAlive,omitempty" json:"tcpKeepAlive,omitempty"`
	// HTTP proxy should disable "happy eyeballs" for IPv4/v6 fallback
	NoHappyEyeballs *bool `yaml:"noHappyEyeballs,omitempty" json:"noHappyEyeballs,omitempty"`
	// HTTP proxy maximum keepalive connection pool size
	KeepAliveConnections *int `yaml:"keepAliveConnections,omitempty" json:"keepAliveConnections,omitempty"`
	// HTTP proxy timeout for closing an idle connection
	KeepAliveTimeout *time.Duration `yaml:"keepAliveTimeout,omitempty" json:"keepAliveTimeout,omitempty"`
	// Sets the HTTP Host header for the local webserver.
	HTTPHostHeader *string `yaml:"httpHostHeader,omitempty" json:"httpHostHeader,omitempty"`
	// Hostname on the origin server certificate.
	OriginServerName *string `yaml:"originServerName,omitempty" json:"originServerName,omitempty"`
	// Path to the CA for the certificate of your origin.
	// This option should be used only if your certificate is not signed by Cloudflare.
	CAPool *string `yaml:"caPool,omitempty" json:"caPool,omitempty"`
	// Disables TLS verification of the certificate presented by your origin.
	// Will allow any certificate from the origin to be accepted.
	// Note: The connection from your machine to Cloudflare's Edge is still encrypted.
	NoTLSVerify *bool `yaml:"noTLSVerify,omitempty" json:"noTLSVerify,omitempty"`
	// Attempt to connect to origin using HTTP2. Origin must be configured as https.
	HTTP2Origin *bool `yaml:"http2Origin,omitempty" json:"http2Origin,omitempty"`
	// Disables chunked transfer encoding.
	// Useful if you are running a WSGI server.
	DisableChunkedEncoding *bool `yaml:"disableChunkedEncoding,omitempty" json:"disableChunkedEncoding,omitempty"`
	// Runs as jump host
	BastionMode *bool `yaml:"bastionMode,omitempty" json:"bastionMode,omitempty"`
	// Listen address for the proxy.
	ProxyAddress *string `yaml:"proxyAddress,omitempty" json:"proxyAddress,omitempty"`
	// Listen port for the proxy.
	ProxyPort *uint `yaml:"proxyPort,omitempty" json:"proxyPort,omitempty"`
	// Valid options are 'socks' or empty.
	ProxyType *string `yaml:"proxyType,omitempty" json:"proxyType,omitempty"`
	// IP rules for the proxy service
	IPRules []IngressIPRule `yaml:"ipRules,omitempty" json:"ipRules,omitempty"`
}

OriginRequestConfig is a cloudflared origin request configuration model

type ProtocolDetectionSettings added in v0.17.5 

type ProtocolDetectionSettings struct {
	Enabled bool
}

ProtocolDetectionSettings for protocol detection.

type Queue added in v0.20.0 

type Queue struct {
	ID         string `json:"queue_id"`
	Name       string `json:"queue_name"`
	CreatedOn  string `json:"created_on,omitempty"`
	ModifiedOn string `json:"modified_on,omitempty"`
}

Queue represents a Cloudflare Queue

type R2BucketParams added in v0.20.0 

type R2BucketParams struct {
	Name         string
	LocationHint string
}

R2BucketParams contains parameters for creating an R2 bucket

type R2BucketResult added in v0.20.0 

type R2BucketResult struct {
	Name         string
	Location     string
	CreationDate time.Time
}

R2BucketResult contains the result of an R2 bucket operation

type R2CORSRule added in v0.20.0 

type R2CORSRule struct {
	ID             string   `json:"id,omitempty"`
	AllowedOrigins []string `json:"allowedOrigins"`
	AllowedMethods []string `json:"allowedMethods"`
	AllowedHeaders []string `json:"allowedHeaders,omitempty"`
	ExposeHeaders  []string `json:"exposeHeaders,omitempty"`
	MaxAgeSeconds  *int     `json:"maxAgeSeconds,omitempty"`
}

R2CORSRule represents a CORS rule for an R2 bucket

type R2CustomDomain added in v0.20.0 

type R2CustomDomain struct {
	Domain   string         `json:"domain"`
	Enabled  bool           `json:"enabled"`
	Status   R2DomainStatus `json:"status"`
	MinTLS   string         `json:"minTLS,omitempty"`
	ZoneID   string         `json:"zoneId,omitempty"`
	ZoneName string         `json:"zoneName,omitempty"`
}

R2CustomDomain represents a custom domain attached to an R2 bucket

type R2CustomDomainParams added in v0.20.0 

type R2CustomDomainParams struct {
	Domain  string `json:"domain"`
	ZoneID  string `json:"zoneId,omitempty"`
	MinTLS  string `json:"minTLS,omitempty"`
	Enabled bool   `json:"enabled"`
}

R2CustomDomainParams contains parameters for attaching a custom domain

type R2DomainStatus added in v0.20.0 

type R2DomainStatus struct {
	Ownership string `json:"ownership,omitempty"`
	SSL       string `json:"ssl,omitempty"`
}

R2DomainStatus represents the status of an R2 custom domain

type R2LifecycleAbortUpload added in v0.20.0 

type R2LifecycleAbortUpload struct {
	DaysAfterInitiation int `json:"daysAfterInitiation"`
}

R2LifecycleAbortUpload represents abort incomplete upload settings

type R2LifecycleExpiration added in v0.20.0 

type R2LifecycleExpiration struct {
	Days *int   `json:"days,omitempty"`
	Date string `json:"date,omitempty"`
}

R2LifecycleExpiration represents expiration settings

type R2LifecycleRule added in v0.20.0 

type R2LifecycleRule struct {
	ID                             string                  `json:"id"`
	Enabled                        bool                    `json:"enabled"`
	Prefix                         string                  `json:"prefix,omitempty"`
	Expiration                     *R2LifecycleExpiration  `json:"expiration,omitempty"`
	AbortIncompleteMultipartUpload *R2LifecycleAbortUpload `json:"abortIncompleteMultipartUpload,omitempty"`
}

R2LifecycleRule represents a lifecycle rule for an R2 bucket

type R2NotificationRule added in v0.20.0 

type R2NotificationRule struct {
	RuleID      string   `json:"ruleId,omitempty"`
	Prefix      string   `json:"prefix,omitempty"`
	Suffix      string   `json:"suffix,omitempty"`
	EventTypes  []string `json:"eventType"`
	Description string   `json:"description,omitempty"`
}

R2NotificationRule represents a notification rule

type RefreshTokenOptionsParams added in v0.21.1 

type RefreshTokenOptionsParams struct {
	Lifetime string
}

RefreshTokenOptionsParams represents refresh token options.

type RegistrantContactInfo added in v0.20.0 

type RegistrantContactInfo struct {
	ID           string
	FirstName    string
	LastName     string
	Organization string
	Address      string
	Address2     string
	City         string
	State        string
	Zip          string
	Country      string
	Phone        string
	Email        string
	Fax          string
}

RegistrantContactInfo contains registrant contact information

type RegistrarDomainConfig added in v0.20.0 

type RegistrarDomainConfig struct {
	NameServers []string
	Privacy     bool
	Locked      bool
	AutoRenew   bool
}

RegistrarDomainConfig contains domain configuration

type RegistrarDomainInfo added in v0.20.0 

type RegistrarDomainInfo struct {
	ID                string
	Available         bool
	SupportedTLD      bool
	CanRegister       bool
	CurrentRegistrar  string
	ExpiresAt         time.Time
	CreatedAt         time.Time
	UpdatedAt         time.Time
	RegistryStatuses  string
	Locked            bool
	TransferInStatus  string // Combined transfer status
	CanCancelTransfer bool
	RegistrantContact *RegistrantContactInfo
}

RegistrarDomainInfo contains information about a registered domain

type RetryConfig added in v0.17.3 

type RetryConfig struct {
	// BaseDelay is the initial delay before retry
	BaseDelay time.Duration
	// MaxDelay is the maximum delay between retries
	MaxDelay time.Duration
	// MaxRetries is the maximum number of retries (0 = no limit)
	MaxRetries int
	// RetryCount tracks the current retry count (for exponential backoff)
	RetryCount int
}

RetryConfig holds configuration for retry behavior

func DefaultRetryConfig added in v0.17.3 

func DefaultRetryConfig() RetryConfig

DefaultRetryConfig returns a default retry configuration

type RulesetResult added in v0.20.0 

type RulesetResult struct {
	ID          string
	Name        string
	Description string
	Kind        string
	Phase       string
	Version     string
	LastUpdated time.Time
	Rules       []cloudflare.RulesetRule
}

RulesetResult contains the result of a ruleset operation

type SAMLAttributeConfigParams added in v0.21.1 

type SAMLAttributeConfigParams struct {
	Name         string
	NameFormat   string
	Source       SAMLAttributeSourceParams
	FriendlyName string
	Required     bool
}

SAMLAttributeConfigParams represents a SAML attribute configuration.

type SAMLAttributeSourceParams added in v0.21.1 

type SAMLAttributeSourceParams struct {
	Name      string
	NameByIDP map[string]string
}

SAMLAttributeSourceParams represents the source of a SAML attribute.

type SCIMAuthenticationParams added in v0.21.1 

type SCIMAuthenticationParams struct {
	Scheme           string // httpbasic, oauthbearertoken, oauth2
	User             string
	Password         string
	Token            string
	ClientID         string
	ClientSecret     string
	AuthorizationURL string
	TokenURL         string
	Scopes           []string
}

SCIMAuthenticationParams represents SCIM authentication.

type SCIMMappingOperationsParams added in v0.21.1 

type SCIMMappingOperationsParams struct {
	Create *bool
	Update *bool
	Delete *bool
}

SCIMMappingOperationsParams represents SCIM mapping operations.

type SCIMMappingParams added in v0.21.1 

type SCIMMappingParams struct {
	Schema           string
	Enabled          *bool
	Filter           string
	TransformJsonata string
	Operations       *SCIMMappingOperationsParams
	Strictness       string
}

SCIMMappingParams represents a SCIM mapping.

type SaasApplicationParams added in v0.21.1 

type SaasApplicationParams struct {
	AuthType                      string // saml, oidc
	ConsumerServiceURL            string
	SPEntityID                    string
	NameIDFormat                  string
	DefaultRelayState             string
	CustomAttributes              []SAMLAttributeConfigParams
	NameIDTransformJsonata        string
	SamlAttributeTransformJsonata string
	RedirectURIs                  []string
	GrantTypes                    []string
	Scopes                        []string
	AppLauncherURL                string
	GroupFilterRegex              string
	CustomClaims                  []OIDCClaimConfigParams
	AllowPKCEWithoutClientSecret  *bool
	AccessTokenLifetime           string
	RefreshTokenOptions           *RefreshTokenOptionsParams
	HybridAndImplicitOptions      *HybridAndImplicitOptionsParams
}

SaasApplicationParams represents SaaS application configuration.

type SplitTunnelEntry 

type SplitTunnelEntry struct {
	Address     string `json:"address,omitempty"`
	Host        string `json:"host,omitempty"`
	Description string `json:"description,omitempty"`
}

SplitTunnelEntry represents a split tunnel configuration entry.

type TLSDecryptSettings added in v0.17.5 

type TLSDecryptSettings struct {
	Enabled bool
}

TLSDecryptSettings for TLS decryption.

type TunnelConfigurationResult added in v0.22.3 

type TunnelConfigurationResult = cloudflare.TunnelConfigurationResult

TunnelConfigurationResult is an alias for cloudflare.TunnelConfigurationResult for use in the controller package without direct cloudflare-go imports.

type TunnelCredentialsFile 

type TunnelCredentialsFile struct {
	AccountTag   string `json:"AccountTag"`
	TunnelID     string `json:"TunnelID"`
	TunnelName   string `json:"TunnelName"`
	TunnelSecret string `json:"TunnelSecret"`
}

TunnelCredentialsFile object containing the fields that make up a Cloudflare Tunnel's credentials

type TunnelRouteParams 

type TunnelRouteParams struct {
	Network          string // CIDR notation
	TunnelID         string
	VirtualNetworkID string
	Comment          string
}

TunnelRouteParams contains parameters for creating a Tunnel Route.

type TunnelRouteResult 

type TunnelRouteResult struct {
	Network          string
	TunnelID         string
	TunnelName       string
	VirtualNetworkID string
	Comment          string
}

TunnelRouteResult contains the result of a Tunnel Route operation.

type UnvalidatedIngressRule 

type UnvalidatedIngressRule struct {
	Hostname      string              `yaml:"hostname,omitempty" json:"hostname,omitempty"`
	Path          string              `yaml:"path,omitempty" json:"path,omitempty"`
	Service       string              `yaml:"service" json:"service"`
	OriginRequest OriginRequestConfig `yaml:"originRequest,omitempty" json:"originRequest,omitempty"`
}

UnvalidatedIngressRule is a cloudflared ingress entry model

type VirtualNetworkParams 

type VirtualNetworkParams struct {
	Name             string
	Comment          string
	IsDefaultNetwork bool
}

VirtualNetworkParams contains parameters for creating or updating a Virtual Network.

type VirtualNetworkResult 

type VirtualNetworkResult struct {
	ID               string
	Name             string
	Comment          string
	IsDefaultNetwork bool
	DeletedAt        *string
}

VirtualNetworkResult contains the result of a Virtual Network operation.

type WARPConnectorResult 

type WARPConnectorResult struct {
	ID          string
	TunnelID    string
	TunnelToken string
	Name        string
}

WARPConnectorResult contains the result of a WARP Connector operation.

type WARPConnectorTokenResult 

type WARPConnectorTokenResult struct {
	Token string
}

WARPConnectorTokenResult contains the tunnel token for a WARP connector.

type WarpRoutingConfig 

type WarpRoutingConfig struct {
	Enabled bool `yaml:"enabled,omitempty" json:"enabled,omitempty"`
}

WarpRoutingConfig is a cloudflared warp routing model

type ZoneSettings added in v0.20.0 

type ZoneSettings struct {
	// SSL/TLS settings
	SSLMode                 string `json:"ssl,omitempty"`
	MinTLSVersion           string `json:"min_tls_version,omitempty"`
	TLS13                   string `json:"tls_1_3,omitempty"`
	AlwaysUseHTTPS          string `json:"always_use_https,omitempty"`
	AutomaticHTTPSRewrites  string `json:"automatic_https_rewrites,omitempty"`
	OpportunisticEncryption string `json:"opportunistic_encryption,omitempty"`
	TLSClientAuth           string `json:"tls_client_auth,omitempty"`

	// Cache settings
	BrowserCacheTTL int    `json:"browser_cache_ttl,omitempty"`
	DevelopmentMode string `json:"development_mode,omitempty"`
	CacheLevel      string `json:"cache_level,omitempty"`
	AlwaysOnline    string `json:"always_online,omitempty"`
	SortQueryString string `json:"sort_query_string_for_cache,omitempty"`

	// Security settings
	SecurityLevel     string `json:"security_level,omitempty"`
	BrowserCheck      string `json:"browser_check,omitempty"`
	EmailObfuscation  string `json:"email_obfuscation,omitempty"`
	ServerSideExclude string `json:"server_side_exclude,omitempty"`
	HotlinkProtection string `json:"hotlink_protection,omitempty"`
	ChallengePassage  int    `json:"challenge_ttl,omitempty"`
	WAF               string `json:"waf,omitempty"`

	// Performance settings
	Brotli          string          `json:"brotli,omitempty"`
	HTTP2           string          `json:"http2,omitempty"`
	HTTP3           string          `json:"http3,omitempty"`
	ZeroRTT         string          `json:"0rtt,omitempty"`
	Minify          *MinifySettings `json:"minify,omitempty"`
	Polish          string          `json:"polish,omitempty"`
	WebP            string          `json:"webp,omitempty"`
	Mirage          string          `json:"mirage,omitempty"`
	EarlyHints      string          `json:"early_hints,omitempty"`
	RocketLoader    string          `json:"rocket_loader,omitempty"`
	PrefetchPreload string          `json:"prefetch_preload,omitempty"`
	IPGeolocation   string          `json:"ip_geolocation,omitempty"`
	Websockets      string          `json:"websockets,omitempty"`
}

ZoneSettings represents a collection of zone settings

Source Files

View all Source files

Directories

Path Synopsis
Package mock is a generated GoMock package.
 Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.