gateway

package
v0.27.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 19, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package gateway provides services for managing Cloudflare Gateway configurations.

Index

Constants

View Source 
const (
	// ResourceTypeGatewayRule is the SyncState resource type for GatewayRule
	ResourceTypeGatewayRule = v1alpha2.SyncResourceGatewayRule
	// ResourceTypeGatewayList is the SyncState resource type for GatewayList
	ResourceTypeGatewayList = v1alpha2.SyncResourceGatewayList
	// ResourceTypeGatewayConfiguration is the SyncState resource type for GatewayConfiguration
	ResourceTypeGatewayConfiguration = v1alpha2.SyncResourceGatewayConfiguration

	// Priority constants
	PriorityGatewayRule          = 100
	PriorityGatewayList          = 100
	PriorityGatewayConfiguration = 100
)

Resource Types for SyncState

Variables

This section is empty.

Functions

This section is empty.

Types

type ActivityLogSettings 

type ActivityLogSettings struct {
	Enabled bool `json:"enabled,omitempty"`
}

ActivityLogSettings contains activity logging settings.

type AntiVirusSettings 

type AntiVirusSettings struct {
	EnabledDownloadPhase bool                  `json:"enabledDownloadPhase,omitempty"`
	EnabledUploadPhase   bool                  `json:"enabledUploadPhase,omitempty"`
	FailClosed           bool                  `json:"failClosed,omitempty"`
	NotificationSettings *NotificationSettings `json:"notificationSettings,omitempty"`
}

AntiVirusSettings contains antivirus settings.

type AuditSSHSettings 

type AuditSSHSettings struct {
	CommandLogging bool `json:"commandLogging,omitempty"`
}

AuditSSHSettings contains SSH audit settings.

type BISOAdminControls 

type BISOAdminControls struct {
	DisablePrinting          *bool `json:"disablePrinting,omitempty"`
	DisableCopyPaste         *bool `json:"disableCopyPaste,omitempty"`
	DisableDownload          *bool `json:"disableDownload,omitempty"`
	DisableUpload            *bool `json:"disableUpload,omitempty"`
	DisableKeyboard          *bool `json:"disableKeyboard,omitempty"`
	DisableClipboardRedirect *bool `json:"disableClipboardRedirect,omitempty"`
}

BISOAdminControls contains browser isolation admin controls.

type BlockPageSettings 

type BlockPageSettings struct {
	Enabled         bool   `json:"enabled,omitempty"`
	Name            string `json:"name,omitempty"`
	FooterText      string `json:"footerText,omitempty"`
	HeaderText      string `json:"headerText,omitempty"`
	LogoPath        string `json:"logoPath,omitempty"`
	BackgroundColor string `json:"backgroundColor,omitempty"`
	MailtoAddress   string `json:"mailtoAddress,omitempty"`
	MailtoSubject   string `json:"mailtoSubject,omitempty"`
	SuppressFooter  *bool  `json:"suppressFooter,omitempty"`
}

BlockPageSettings contains block page settings.

type BodyScanningSettings 

type BodyScanningSettings struct {
	InspectionMode string `json:"inspectionMode,omitempty"`
}

BodyScanningSettings contains body scanning settings.

type BrowserIsolationSettings 

type BrowserIsolationSettings struct {
	URLBrowserIsolationEnabled bool `json:"urlBrowserIsolationEnabled,omitempty"`
	NonIdentityEnabled         bool `json:"nonIdentityEnabled,omitempty"`
}

BrowserIsolationSettings contains browser isolation settings.

type CheckSessionSettings 

type CheckSessionSettings struct {
	Enforce  bool   `json:"enforce,omitempty"`
	Duration string `json:"duration,omitempty"`
}

CheckSessionSettings contains session check settings.

type CustomCertificateSettings 

type CustomCertificateSettings struct {
	Enabled bool   `json:"enabled,omitempty"`
	ID      string `json:"id,omitempty"`
}

CustomCertificateSettings contains custom certificate settings.

type DNSResolverAddress 

type DNSResolverAddress struct {
	IP                         string `json:"ip,omitempty"`
	Port                       int    `json:"port,omitempty"`
	VNetID                     string `json:"vnetId,omitempty"`
	RouteThroughPrivateNetwork *bool  `json:"routeThroughPrivateNetwork,omitempty"`
}

DNSResolverAddress contains a DNS resolver address.

type DNSResolverSettings 

type DNSResolverSettings struct {
	Ipv4 []DNSResolverAddress `json:"ipv4,omitempty"`
	Ipv6 []DNSResolverAddress `json:"ipv6,omitempty"`
}

DNSResolverSettings contains DNS resolver settings.

type EgressSettings 

type EgressSettings struct {
	Ipv4         string `json:"ipv4,omitempty"`
	Ipv6         string `json:"ipv6,omitempty"`
	Ipv4Fallback string `json:"ipv4Fallback,omitempty"`
}

EgressSettings contains egress settings.

type FIPSSettings 

type FIPSSettings struct {
	TLS bool `json:"tls,omitempty"`
}

FIPSSettings contains FIPS settings.

type GatewayConfigurationConfig 

type GatewayConfigurationConfig struct {
	// TLSDecrypt contains TLS decryption settings
	TLSDecrypt *TLSDecryptSettings `json:"tlsDecrypt,omitempty"`
	// ActivityLog contains activity logging settings
	ActivityLog *ActivityLogSettings `json:"activityLog,omitempty"`
	// AntiVirus contains antivirus settings
	AntiVirus *AntiVirusSettings `json:"antiVirus,omitempty"`
	// BlockPage contains block page settings
	BlockPage *BlockPageSettings `json:"blockPage,omitempty"`
	// BodyScanning contains body scanning settings
	BodyScanning *BodyScanningSettings `json:"bodyScanning,omitempty"`
	// BrowserIsolation contains browser isolation settings
	BrowserIsolation *BrowserIsolationSettings `json:"browserIsolation,omitempty"`
	// FIPS contains FIPS settings
	FIPS *FIPSSettings `json:"fips,omitempty"`
	// ProtocolDetection contains protocol detection settings
	ProtocolDetection *ProtocolDetectionSettings `json:"protocolDetection,omitempty"`
	// CustomCertificate contains custom certificate settings
	CustomCertificate *CustomCertificateSettings `json:"customCertificate,omitempty"`
}

GatewayConfigurationConfig contains the configuration for Gateway settings.

type GatewayConfigurationRegisterOptions 

type GatewayConfigurationRegisterOptions struct {
	// AccountID is the Cloudflare account ID
	AccountID string
	// Source is the K8s resource source
	Source service.Source
	// Config is the gateway configuration
	Config GatewayConfigurationConfig
	// CredentialsRef references the CloudflareCredentials resource
	CredentialsRef v1alpha2.CredentialsReference
}

GatewayConfigurationRegisterOptions contains options for registering a GatewayConfiguration.

type GatewayConfigurationService 

type GatewayConfigurationService struct {
	*service.BaseService
}

GatewayConfigurationService manages GatewayConfiguration via CloudflareSyncState.

func NewGatewayConfigurationService 

func NewGatewayConfigurationService(c client.Client) *GatewayConfigurationService

NewGatewayConfigurationService creates a new GatewayConfiguration service.

func (*GatewayConfigurationService) Register 

func (s *GatewayConfigurationService) Register(ctx context.Context, opts GatewayConfigurationRegisterOptions) error

Register registers a GatewayConfiguration with the SyncState.

func (*GatewayConfigurationService) Unregister 

func (s *GatewayConfigurationService) Unregister(ctx context.Context, accountID string, source service.Source) error

Unregister removes a GatewayConfiguration from the SyncState.

func (*GatewayConfigurationService) UpdateStatus 

func (s *GatewayConfigurationService) UpdateStatus(
	ctx context.Context,
	config *v1alpha2.GatewayConfiguration,
	result *GatewayConfigurationSyncResult,
) error

UpdateStatus updates the K8s GatewayConfiguration resource status based on sync result.

type GatewayConfigurationSyncResult 

type GatewayConfigurationSyncResult struct {
	// AccountID is the Cloudflare account ID
	AccountID string
}

GatewayConfigurationSyncResult contains GatewayConfiguration-specific sync result.

type GatewayListConfig 

type GatewayListConfig struct {
	// Name is the list name
	Name string `json:"name"`
	// Description is an optional description
	Description string `json:"description,omitempty"`
	// Type is the list type (SERIAL, URL, DOMAIN, EMAIL, IP)
	Type string `json:"type"`
	// Items is the list of items with optional descriptions
	Items []GatewayListItem `json:"items,omitempty"`
}

GatewayListConfig contains the configuration for a Gateway list.

type GatewayListItem added in v0.25.0 

type GatewayListItem struct {
	// Value is the item value
	Value string `json:"value"`
	// Description is an optional description for this item
	Description string `json:"description,omitempty"`
}

GatewayListItem represents a single item in a Gateway list.

type GatewayListRegisterOptions 

type GatewayListRegisterOptions struct {
	// AccountID is the Cloudflare account ID
	AccountID string
	// ListID is the existing list ID (empty for new)
	ListID string
	// Source is the K8s resource source
	Source service.Source
	// Config is the gateway list configuration
	Config GatewayListConfig
	// CredentialsRef references the CloudflareCredentials resource
	CredentialsRef v1alpha2.CredentialsReference
}

GatewayListRegisterOptions contains options for registering a GatewayList.

type GatewayListService 

type GatewayListService struct {
	*service.BaseService
}

GatewayListService manages GatewayList configurations via CloudflareSyncState.

func NewGatewayListService 

func NewGatewayListService(c client.Client) *GatewayListService

NewGatewayListService creates a new GatewayList service.

func (*GatewayListService) Register 

func (s *GatewayListService) Register(ctx context.Context, opts GatewayListRegisterOptions) error

Register registers a GatewayList configuration with the SyncState.

func (*GatewayListService) Unregister 

func (s *GatewayListService) Unregister(ctx context.Context, listID string, source service.Source) error

Unregister removes a configuration from the SyncState.

func (*GatewayListService) UpdateListID 

func (s *GatewayListService) UpdateListID(ctx context.Context, source service.Source, listID, accountID string) error

UpdateListID updates the SyncState to use the actual list ID.

func (*GatewayListService) UpdateStatus 

func (s *GatewayListService) UpdateStatus(
	ctx context.Context,
	list *v1alpha2.GatewayList,
	result *GatewayListSyncResult,
) error

UpdateStatus updates the K8s GatewayList resource status based on sync result.

type GatewayListSyncResult 

type GatewayListSyncResult struct {
	// ListID is the Cloudflare list ID
	ListID string
	// AccountID is the Cloudflare account ID
	AccountID string
	// ItemCount is the number of items in the list
	ItemCount int
}

GatewayListSyncResult contains GatewayList-specific sync result.

type GatewayRuleConfig 

type GatewayRuleConfig struct {
	// Name is the rule name
	Name string `json:"name"`
	// Description is an optional description
	Description string `json:"description,omitempty"`
	// Filters is the list of filter configurations
	Filters []GatewayRuleFilter `json:"filters,omitempty"`
	// TrafficType determines the traffic type (http, l4, dns)
	TrafficType string `json:"trafficType,omitempty"`
	// Action is the rule action
	Action string `json:"action,omitempty"`
	// RuleSettings contains additional rule settings
	RuleSettings *GatewayRuleSettings `json:"ruleSettings,omitempty"`
	// Priority is the rule priority
	Priority int `json:"priority,omitempty"`
	// Enabled indicates if the rule is enabled
	Enabled bool `json:"enabled"`
	// Identity is the wirefilter expression for identity matching
	Identity string `json:"identity,omitempty"`
	// DevicePosture is the wirefilter expression for device posture matching
	DevicePosture string `json:"devicePosture,omitempty"`
	// Schedule defines when the rule is active
	Schedule *GatewayRuleSchedule `json:"schedule,omitempty"`
	// Expiration defines when the rule expires
	Expiration *GatewayRuleExpiration `json:"expiration,omitempty"`
}

GatewayRuleConfig contains the configuration for a Gateway rule.

type GatewayRuleExpiration added in v0.25.0 

type GatewayRuleExpiration struct {
	// ExpiresAt is when the rule expires (RFC3339 format)
	ExpiresAt string `json:"expiresAt,omitempty"`
	// Duration is the default expiration duration (e.g., "1h", "24h")
	Duration string `json:"duration,omitempty"`
}

GatewayRuleExpiration defines when a rule expires.

type GatewayRuleFilter 

type GatewayRuleFilter struct {
	// Type is the filter type (e.g., http, l4, dns)
	Type string `json:"type,omitempty"`
	// Expression is the filter expression
	Expression string `json:"expression,omitempty"`
}

GatewayRuleFilter contains filter configuration.

type GatewayRuleRegisterOptions 

type GatewayRuleRegisterOptions struct {
	// AccountID is the Cloudflare account ID
	AccountID string
	// RuleID is the existing rule ID (empty for new)
	RuleID string
	// Source is the K8s resource source
	Source service.Source
	// Config is the gateway rule configuration
	Config GatewayRuleConfig
	// CredentialsRef references the CloudflareCredentials resource
	CredentialsRef v1alpha2.CredentialsReference
}

GatewayRuleRegisterOptions contains options for registering a GatewayRule.

type GatewayRuleSchedule added in v0.25.0 

type GatewayRuleSchedule struct {
	// TimeZone is the time zone for the schedule (e.g., "America/New_York")
	TimeZone string `json:"timeZone,omitempty"`
	// Mon is the schedule for Monday (e.g., "09:00-17:00")
	Mon string `json:"mon,omitempty"`
	// Tue is the schedule for Tuesday
	Tue string `json:"tue,omitempty"`
	// Wed is the schedule for Wednesday
	Wed string `json:"wed,omitempty"`
	// Thu is the schedule for Thursday
	Thu string `json:"thu,omitempty"`
	// Fri is the schedule for Friday
	Fri string `json:"fri,omitempty"`
	// Sat is the schedule for Saturday
	Sat string `json:"sat,omitempty"`
	// Sun is the schedule for Sunday
	Sun string `json:"sun,omitempty"`
}

GatewayRuleSchedule defines when a rule is active.

type GatewayRuleService 

type GatewayRuleService struct {
	*service.BaseService
}

GatewayRuleService manages GatewayRule configurations via CloudflareSyncState.

func NewGatewayRuleService 

func NewGatewayRuleService(c client.Client) *GatewayRuleService

NewGatewayRuleService creates a new GatewayRule service.

func (*GatewayRuleService) Register 

func (s *GatewayRuleService) Register(ctx context.Context, opts GatewayRuleRegisterOptions) error

Register registers a GatewayRule configuration with the SyncState.

func (*GatewayRuleService) Unregister 

func (s *GatewayRuleService) Unregister(ctx context.Context, ruleID string, source service.Source) error

Unregister removes a configuration from the SyncState.

func (*GatewayRuleService) UpdateRuleID 

func (s *GatewayRuleService) UpdateRuleID(ctx context.Context, source service.Source, ruleID, accountID string) error

UpdateRuleID updates the SyncState to use the actual rule ID.

func (*GatewayRuleService) UpdateStatus 

func (s *GatewayRuleService) UpdateStatus(
	ctx context.Context,
	rule *v1alpha2.GatewayRule,
	result *GatewayRuleSyncResult,
) error

UpdateStatus updates the K8s GatewayRule resource status based on sync result.

type GatewayRuleSettings 

type GatewayRuleSettings struct {
	// BlockPageEnabled enables the block page
	BlockPageEnabled *bool `json:"blockPageEnabled,omitempty"`
	// BlockReason is the reason shown on the block page
	BlockReason string `json:"blockReason,omitempty"`
	// OverrideHost is the host to override
	OverrideHost string `json:"overrideHost,omitempty"`
	// OverrideIPs are the IPs to override
	OverrideIPs []string `json:"overrideIPs,omitempty"`
	// InsecureDisableDNSSECValidation disables DNSSEC validation
	InsecureDisableDNSSECValidation *bool `json:"insecureDisableDnssecValidation,omitempty"`
	// AddHeaders are headers to add
	AddHeaders map[string]string `json:"addHeaders,omitempty"`
	// BISOAdminControls contains browser isolation admin controls
	BISOAdminControls *BISOAdminControls `json:"bisoAdminControls,omitempty"`
	// CheckSession contains session check settings
	CheckSession *CheckSessionSettings `json:"checkSession,omitempty"`
	// L4Override contains L4 override settings
	L4Override *L4OverrideSettings `json:"l4Override,omitempty"`
	// NotificationSettings contains notification settings
	NotificationSettings *NotificationSettings `json:"notificationSettings,omitempty"`
	// PayloadLog contains payload log settings
	PayloadLog *PayloadLogSettings `json:"payloadLog,omitempty"`
	// AuditSSH contains SSH audit settings
	AuditSSH *AuditSSHSettings `json:"auditSsh,omitempty"`
	// UntrustedCertificateAction for TLS inspection (pass_through, block, error)
	UntrustedCertificateAction string `json:"untrustedCertificateAction,omitempty"`
	// Egress settings
	Egress *EgressSettings `json:"egress,omitempty"`
	// DNS resolvers
	DNSResolvers *DNSResolverSettings `json:"dnsResolvers,omitempty"`
	// ResolveDNSInternally enables internal DNS resolution with view_id
	ResolveDNSInternally *ResolveDNSInternallySettings `json:"resolveDnsInternally,omitempty"`
	// ResolveDNSThroughCloudflare sends DNS to 1.1.1.1
	ResolveDNSThroughCloudflare *bool `json:"resolveDnsThroughCloudflare,omitempty"`
	// AllowChildBypass allows child MSP accounts to bypass
	AllowChildBypass *bool `json:"allowChildBypass,omitempty"`
	// BypassParentRule allows bypassing parent MSP rules
	BypassParentRule *bool `json:"bypassParentRule,omitempty"`
	// IgnoreCNAMECategoryMatches ignores category at CNAME domains
	IgnoreCNAMECategoryMatches *bool `json:"ignoreCnameCategoryMatches,omitempty"`
	// IPCategories enables IPs in DNS resolver category blocks
	IPCategories *bool `json:"ipCategories,omitempty"`
	// IPIndicatorFeeds includes IPs in indicator feed blocks
	IPIndicatorFeeds *bool `json:"ipIndicatorFeeds,omitempty"`
	// Quarantine settings for quarantine action
	Quarantine *QuarantineSettings `json:"quarantine,omitempty"`
}

GatewayRuleSettings contains additional rule settings.

type GatewayRuleSyncResult 

type GatewayRuleSyncResult struct {
	// RuleID is the Cloudflare rule ID
	RuleID string
	// AccountID is the Cloudflare account ID
	AccountID string
}

GatewayRuleSyncResult contains GatewayRule-specific sync result.

type L4OverrideSettings 

type L4OverrideSettings struct {
	IP   string `json:"ip,omitempty"`
	Port int    `json:"port,omitempty"`
}

L4OverrideSettings contains L4 override settings.

type NotificationSettings 

type NotificationSettings struct {
	Enabled    bool   `json:"enabled,omitempty"`
	Message    string `json:"message,omitempty"`
	SupportURL string `json:"supportUrl,omitempty"`
}

NotificationSettings contains notification settings.

type PayloadLogSettings 

type PayloadLogSettings struct {
	Enabled bool `json:"enabled,omitempty"`
}

PayloadLogSettings contains payload log settings.

type ProtocolDetectionSettings 

type ProtocolDetectionSettings struct {
	Enabled bool `json:"enabled,omitempty"`
}

ProtocolDetectionSettings contains protocol detection settings.

type QuarantineSettings added in v0.25.0 

type QuarantineSettings struct {
	// FileTypes to quarantine
	FileTypes []string `json:"fileTypes,omitempty"`
}

QuarantineSettings for quarantine action.

type ResolveDNSInternallySettings added in v0.25.0 

type ResolveDNSInternallySettings struct {
	// ViewID is the DNS view ID for internal resolution
	ViewID string `json:"viewId,omitempty"`
	// Fallback determines behavior when internal resolution fails
	Fallback string `json:"fallback,omitempty"`
}

ResolveDNSInternallySettings for internal DNS resolution.

type TLSDecryptSettings 

type TLSDecryptSettings struct {
	Enabled bool `json:"enabled,omitempty"`
}

TLSDecryptSettings contains TLS decryption settings.

type UntrustedCertSettings 

type UntrustedCertSettings struct {
	Action string `json:"action,omitempty"`
}

UntrustedCertSettings contains untrusted certificate settings.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.