cloudflare

package
v1.27.12 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 15, 2026 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Overview

Package cloudflare provides the Cloudflare integration definition for integrations

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrAPITokenMissing indicates the Cloudflare API token is missing from the credential
	ErrAPITokenMissing = errors.New("cloudflare: api token missing")
	// ErrCredentialInvalid indicates credential metadata could not be decoded
	ErrCredentialInvalid = errors.New("cloudflare: credential invalid")
	// ErrCredentialMetadataRequired indicates no credential metadata was provided
	ErrCredentialMetadataRequired = errors.New("cloudflare: credential metadata required")
	// ErrTokenVerificationFailed indicates the Cloudflare token verification failed
	ErrTokenVerificationFailed = errors.New("cloudflare: token verification failed")
	// ErrTokenNotActive indicates the Cloudflare token is not in an active state
	ErrTokenNotActive = errors.New("cloudflare: token is not active")
	// ErrClientType indicates the provided client is not a Cloudflare client
	ErrClientType = errors.New("cloudflare: unexpected client type")
	// ErrResultEncode indicates an operation result could not be serialized
	ErrResultEncode = errors.New("cloudflare: result encode failed")
	// ErrMembersFetchFailed indicates the account members list request failed
	ErrMembersFetchFailed = errors.New("cloudflare: members fetch failed")
	// ErrMembersFetchFailed indicates the account members list request failed
	ErrGroupsFetchFailed = errors.New("cloudflare: groups fetch failed")
	// ErrPayloadEncode indicates a collected Cloudflare payload could not be serialized for ingest
	ErrPayloadEncode = errors.New("cloudflare: ingest payload encode failed")
	// ErrAccountIDMissing indicates the account ID is missing from user input
	ErrAccountIDMissing = errors.New("cloudflare: account id missing")
	// ErrOperationConfigInvalid indicates operation configuration could not be decoded
	ErrOperationConfigInvalid = errors.New("cloudflare: operation config invalid")
	// ErrFindingsFetchFailed indicates the Security Center insights list request failed
	ErrFindingsFetchFailed = errors.New("cloudflare: findings fetch failed")
	// ErrAssetsFetchFailed indicates the Registrar registrations list request failed
	ErrAssetsFetchFailed = errors.New("cloudflare: assets fetch failed")
	// ErrRuntimeConfigDecode indicates the runtime Cloudflare config could not be decoded
	ErrRuntimeConfigDecode = errors.New("cloudflare: runtime config decode failed")
	// ErrRuntimeConfigInvalid indicates the runtime Cloudflare config is missing required fields
	ErrRuntimeConfigInvalid = errors.New("cloudflare: runtime config invalid")
	// ErrDomainScanSubmitFailed indicates the URL Scanner bulk submission request failed
	ErrDomainScanSubmitFailed = errors.New("cloudflare: domain scan submit failed")
	// ErrDomainScanResultFailed indicates the URL Scanner result retrieval request failed
	ErrDomainScanResultFailed = errors.New("cloudflare: domain scan result fetch failed")
	// ErrDomainScanTaskFailed indicates Cloudflare reported the scan task itself failed
	ErrDomainScanTaskFailed = errors.New("cloudflare: domain scan task failed")
)
View Source
var (
	// DefinitionID is the stable identifier for the Cloudflare integration definition
	DefinitionID = types.NewDefinitionRef("def_01K0CFLARE00000000000000001")
	_,// domainScanSubmitSchema is the operation ref for submitting domains to the URL Scanner
	DomainScanSubmitOp = providerkit.OperationSchema[DomainScanSubmit]()
	_,//nolint:revive
	// domainScanPollSchema is the operation ref for polling a submitted URL Scanner result
	DomainScanPollOp = providerkit.OperationSchema[DomainScanPoll]()
	_,//nolint:revive
	// domainScanGatherEnrichmentSchema is the operation ref for gathering enrichment data for a domain
	DomainScanGatherEnrichmentOp = providerkit.OperationSchema[DomainScanGatherEnrichment]()
	_,//nolint:revive
	// domainScanBuildReportSchema is the operation ref for building the scan report from a completed URL Scanner result and gathered enrichment
	DomainScanBuildReportOp = providerkit.OperationSchema[DomainScanBuildReport]() //nolint:revive

)

Functions

func Builder

func Builder(runtime *RuntimeConfig) registry.Builder

Builder returns the Cloudflare definition builder with the supplied runtime config applied. runtime.DomainScan configures vendor/technology classification for onboarding domain scan reports. When devMode is true or runtime.Provisioned() is true, a RuntimeIntegration is included so system-initiated calls (e.g. onboarding domain scans) can use the operator-owned account

Types

type AssetCollect added in v1.23.0

type AssetCollect struct{}

AssetCollect collects Cloudflare domain registrations and stores them as assets

func (AssetCollect) IngestHandle added in v1.23.0

func (a AssetCollect) IngestHandle() types.IngestHandler

IngestHandle adapts asset collection to the ingest operation registration boundary

func (AssetCollect) Run added in v1.23.0

Run collects Cloudflare domain registrations and emits asset ingest payloads

type AssetSync added in v1.23.0

type AssetSync struct {
	// Disable is used to disable the asset sync operation from Cloudflare
	Disable bool `json:"disable,omitempty" jsonschema:"title=Disable,description=Disable the syncing of domains from Cloudflare Registrar"`
	// FilterExpr limits imported records to envelopes matching the CEL expression
	FilterExpr string `` /* 181-byte string literal not displayed */
}

AssetSync holds installation-specific configuration for Cloudflare domain assets

type Client

type Client struct{}

Client builds Cloudflare API clients for one installation

func (Client) Build

Build constructs the Cloudflare API client for one installation

type ClientConfig added in v1.27.12

type ClientConfig struct {
	// AccountID is the Cloudflare account this client is scoped to
	AccountID string
	// APIToken is the raw Cloudflare API token, needed by calls made outside the SDK client
	// (e.g. Browser Rendering requests issued directly by the domain scan enrichment operation)
	APIToken string
	// DomainScan configures vendor/technology classification for onboarding domain scan
	// reports; runtime client only
	DomainScan domainscan.ReportConfig
}

ClientConfig holds the account and domain scan settings a CloudflareClient is built from, sourced from either per-installation credentials or the operator-owned runtime config

type CloudflareClient added in v1.27.12

type CloudflareClient struct {
	*cf.Client
	// Config holds the account scope and domain scan settings this client was built with
	Config ClientConfig
}

CloudflareClient wraps the Cloudflare SDK client with the account it's scoped to: the customer's own account for installation-bound operations, or the operator-owned account for system-initiated operations run through the runtime path. Config.DomainScan is only populated for the runtime (system) client, used by the domain scan enrichment operation

type CredentialSchema

type CredentialSchema struct {
	// APIToken is the Cloudflare API token with permissions to read account and zone metadata
	APIToken string `json:"apiToken"          jsonschema:"required,title=API Token"`
	// AccountID is the Cloudflare account identifier used for account-scoped API calls
	AccountID string `` /* 137-byte string literal not displayed */
}

CredentialSchema holds the Cloudflare API credentials for one installation

type DirectorySync

type DirectorySync struct {
	// Disable is used to disable the directory sync operation from Cloudflare
	Disable bool `json:"disable,omitempty" jsonschema:"title=Disable,description=Disable the syncing of users and groups from Cloudflare"`
	// FilterExpr limits imported records to envelopes matching the CEL expression
	FilterExpr string `` /* 216-byte string literal not displayed */
}

DirectorySync holds installation-specific configuration collected from the user

func (DirectorySync) IngestHandle

func (d DirectorySync) IngestHandle() types.IngestHandler

IngestHandle adapts directory sync to the ingest operation registration boundary

func (DirectorySync) Run

Run collects Cloudflare account members and emits directory account ingest payloads

type DomainScanBuildReport added in v1.27.12

type DomainScanBuildReport struct {
	// InternalScanID is the openlane Scan record id the built report belongs to
	InternalScanID string `json:"internalScanId"`
	// Result is the completed URL Scanner task result to build the report from
	Result json.RawMessage `json:"result"`
	// Enrichment is the company profile, compliance, and DNS vendor data gathered via
	// DomainScanGatherEnrichment
	Enrichment domainscan.Enrichment `json:"enrichment"`
}

DomainScanBuildReport combines a completed URL Scanner result with previously-gathered enrichment data (company profile, compliance, and DNS vendor data) and builds the structured onboarding domain scan report

func (DomainScanBuildReport) Handle added in v1.27.12

Handle adapts domain scan report building to the generic operation registration boundary

func (DomainScanBuildReport) Run added in v1.27.12

Run builds the structured scan report from the submitted URL Scanner result plus the already-gathered enrichment data

type DomainScanBuildReportResult added in v1.27.12

type DomainScanBuildReportResult struct {
	// Data is the structured scan report, ready to persist on the Scan record
	Data map[string]any `json:"data"`
}

DomainScanBuildReportResult carries the structured report built from the scan result and enrichment

type DomainScanGatherEnrichment added in v1.27.12

type DomainScanGatherEnrichment struct {
	// Domain is the domain to gather enrichment for
	Domain string `json:"domain"`
	// ForceRefresh bypasses Cloudflare's Browser Rendering cache, forcing a fresh render
	ForceRefresh bool `json:"forceRefresh,omitempty"`
}

DomainScanGatherEnrichment gathers company profile, compliance, and DNS vendor data for a domain

func (DomainScanGatherEnrichment) Handle added in v1.27.12

Handle adapts domain scan enrichment gathering to the generic operation registration boundary

func (DomainScanGatherEnrichment) Run added in v1.27.12

Run gathers company profile, compliance, and DNS vendor data for the domain

type DomainScanGatherEnrichmentResult added in v1.27.12

type DomainScanGatherEnrichmentResult struct {
	// Enrichment is the gathered company profile, compliance, and DNS vendor data
	Enrichment domainscan.Enrichment `json:"enrichment"`
}

DomainScanGatherEnrichmentResult carries the gathered enrichment data

type DomainScanPoll added in v1.27.12

type DomainScanPoll struct {
	// ScanResultID is the scan ID returned by DomainScanSubmit
	ScanResultID string `json:"scanResultId"`
}

DomainScanPoll retrieves a previously submitted URL Scanner result by scan ID

func (DomainScanPoll) Handle added in v1.27.12

Handle adapts domain scan polling to the generic operation registration boundary

func (DomainScanPoll) Run added in v1.27.12

Run retrieves a URL Scanner result by scan ID through. A 400 or 404 shortly after submission usually just means Cloudflare hasn't indexed the scan yet, so those are retried with a flat delay before giving up

type DomainScanPollResult added in v1.27.12

type DomainScanPollResult struct {
	// Result is the raw URL Scanner result payload
	Result *url_scanner.ScanGetResponse `json:"result"`
	// TaskErrors lists task-level errors reported alongside the result, if any
	TaskErrors ScanTaskErrors `json:"taskErrors,omitempty"`
}

DomainScanPollResult carries the raw URL Scanner result plus any task-level errors

type DomainScanSubmit added in v1.27.12

type DomainScanSubmit struct {
	// Domains is the list of domains to submit for scanning
	Domains []string `json:"domains"`
}

DomainScanSubmit submits domains to Cloudflare's URL Scanner for scanning

func (DomainScanSubmit) Handle added in v1.27.12

Handle adapts domain scan submission to the generic operation registration boundary

func (DomainScanSubmit) Run added in v1.27.12

Run submits the domains to Cloudflare's URL Scanner, batching requests as needed

type DomainScanSubmitResult added in v1.27.12

type DomainScanSubmitResult struct {
	// Scans is the list of scan tasks created by Cloudflare's URL Scanner
	Scans []url_scanner.ScanBulkNewResponse `json:"scans"`
}

DomainScanSubmitResult is the set of scan tasks created by a submission

type FindingsCollect added in v1.21.7

type FindingsCollect struct{}

FindingsCollect collects Cloudflare Security Center insights for ingest as findings

func (FindingsCollect) IngestHandle added in v1.21.7

func (f FindingsCollect) IngestHandle() types.IngestHandler

IngestHandle adapts findings collection to the ingest operation registration boundary

func (FindingsCollect) Run added in v1.21.7

Run collects Cloudflare Security Center insights and emits finding ingest payloads

type FindingsSync added in v1.21.7

type FindingsSync struct {
	// Disable is used to disable the findings sync operation from Cloudflare
	Disable bool `` /* 136-byte string literal not displayed */
	// FilterExpr limits imported records to envelopes matching the CEL expression
	FilterExpr string `` /* 185-byte string literal not displayed */
}

FindingsSync holds installation-specific configuration for Cloudflare Security Center insights

type HealthCheck

type HealthCheck struct {
	// Status is the token verification status returned by Cloudflare
	Status string `json:"status,omitempty"`
	// ExpiresOn is the token expiry time if set
	ExpiresOn string `json:"expiresOn,omitempty"`
}

HealthCheck holds the result of a Cloudflare health check

func (HealthCheck) Handle

func (h HealthCheck) Handle() types.OperationHandler

Handle adapts the health check to the generic operation registration boundary

func (HealthCheck) Run

Run executes the Cloudflare token verification

type InstallationMetadata

type InstallationMetadata struct {
	// AccountID is the Cloudflare account identifier used for account-scoped collection
	AccountID string `json:"accountId,omitempty" jsonschema:"title=Account ID"`
}

InstallationMetadata holds the stable Cloudflare account identity for one installation

func (InstallationMetadata) InstallationIdentity

InstallationIdentity implements types.InstallationIdentifiable

type RuntimeConfig added in v1.27.12

type RuntimeConfig struct {
	// APIToken is the Cloudflare API token for the operator-owned account
	APIToken string `` /* 126-byte string literal not displayed */
	// AccountID is the Cloudflare account identifier for the operator-owned account
	AccountID string `json:"accountid" koanf:"accountid" jsonschema:"description=Cloudflare account ID for the operator-owned account"`
	// DomainScan configures vendor/technology classification and enrichment behavior for
	// onboarding domain scan reports
	DomainScan domainscan.ReportConfig `` /* 153-byte string literal not displayed */
}

RuntimeConfig is the runtime-provisioned configuration for the operator-owned Cloudflare account. Sourced from koanf/environment at startup; used for system-initiated Cloudflare calls (e.g. onboarding domain scans) that are not tied to a customer installation

func (RuntimeConfig) Provisioned added in v1.27.12

func (c RuntimeConfig) Provisioned() bool

Provisioned reports whether the runtime config has the minimum required fields to make Cloudflare API calls

type ScanTaskError added in v1.27.12

type ScanTaskError struct {
	Name    string `json:"name"`
	Message string `json:"message"`
	Detail  string `json:"detail"`
	Code    int    `json:"code"`
}

ScanTaskError is a single error reported in a URL Scanner task's error list

func (ScanTaskError) Error added in v1.27.12

func (e ScanTaskError) Error() string

Error returns a human-readable representation of the scan task error

type ScanTaskErrors added in v1.27.12

type ScanTaskErrors []ScanTaskError

ScanTaskErrors is a list of ScanTaskError, satisfying the error interface when non-empty

func (ScanTaskErrors) Error added in v1.27.12

func (e ScanTaskErrors) Error() string

Error joins every task error's message with "; "

type UserInput

type UserInput struct {
	// DirectorySync includes the configuration for identity accounts from Cloudflare members
	DirectorySync DirectorySync `json:"directorySync,omitempty" jsonschema:"title=Directory Account Sync"`
	// AssetSync includes the configuration for Cloudflare domains as assets
	AssetSync AssetSync `json:"assetSync,omitempty" jsonschema:"title=Cloudflare Asset Sync"`
	// FindingsSync includes the configuration for findings from Cloudflare Security Center insights
	FindingsSync FindingsSync `json:"findingSync,omitempty" jsonschema:"title=Security Insights Sync"`
}

UserInput holds installation-specific configuration collected from the user

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL