rules
Creates, updates, deletes, gets or lists a rules resource.
Overview
| Name | rules |
| Type | Resource |
| Id | cloudflare.token_validation.rules |
Fields
The following fields are returned by SELECT queries:
- get
- list
| Name | Datatype | Description |
|---|---|---|
id | string | UUID. (example: f174e90a-fafe-4643-bbbc-4a0ed4fc8415) |
action | string | Action to take on requests that match operations included in selector and fail expression. (log, block) (example: log) |
created_at | string (date-time) | (example: 2014-01-01T05:20:00.12345Z) |
description | string | A human-readable description that gives more details than title. (example: Long description for Token Validation Rule) |
enabled | boolean | Toggle rule on or off. |
expression | string | Rule expression. Requests that fail to match this expression will be subject to action. For details on expressions, see the Cloudflare Docs. (example: is_jwt_valid("52973293-cb04-4a97-8f55-e7d2ad1107dd") or is_jwt_valid("46eab8d1-6376-45e3-968f-2c649d77d423")) |
last_updated | string (date-time) | (example: 2014-01-01T05:20:00.12345Z) |
selector | object | Select operations covered by this rule. For details on selectors, see the Cloudflare Docs. |
title | string | A human-readable name for the rule. (example: Example Token Validation Rule) |
| Name | Datatype | Description |
|---|---|---|
id | string | UUID. (example: f174e90a-fafe-4643-bbbc-4a0ed4fc8415) |
action | string | Action to take on requests that match operations included in selector and fail expression. (log, block) (example: log) |
created_at | string (date-time) | (example: 2014-01-01T05:20:00.12345Z) |
description | string | A human-readable description that gives more details than title. (example: Long description for Token Validation Rule) |
enabled | boolean | Toggle rule on or off. |
expression | string | Rule expression. Requests that fail to match this expression will be subject to action. For details on expressions, see the Cloudflare Docs. (example: is_jwt_valid("52973293-cb04-4a97-8f55-e7d2ad1107dd") or is_jwt_valid("46eab8d1-6376-45e3-968f-2c649d77d423")) |
last_updated | string (date-time) | (example: 2014-01-01T05:20:00.12345Z) |
selector | object | Select operations covered by this rule. For details on selectors, see the Cloudflare Docs. |
title | string | A human-readable name for the rule. (example: Example Token Validation Rule) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | zone_id, rule_id | Get a zone token validation rule. | |
list | select | zone_id | per_page, page, token_configuration, action, enabled, id, rule_id, host, hostname | List token validation rules |
create | insert | zone_id | Create a token validation rule. | |
edit | update | zone_id, rule_id | Edit a zone token validation rule. | |
delete | delete | zone_id, rule_id | Delete a zone token validation rule. | |
preview | exec | zone_id | per_page, page, state, host, hostname, method, endpoint | Preview operations covered by a Token Validation rule. The API will return all operations on a zone annotated with an additional state field. Operations with an included state will be covered by a Token Validation Rule. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
rule_id | string | The rule ID. |
zone_id | string | The Cloudflare zone ID. |
action | string | |
enabled | boolean | |
endpoint | array | Filter operations by endpoint. Allows substring matching. |
host | array | Filter operations by host. |
hostname | array | Filter operations by host. |
id | string | Select rules with these IDs. |
method | array | Filter operations by method. |
page | integer | Page number of paginated results. |
per_page | integer | Maximum number of results per page. |
rule_id | string | Select rules with these IDs. |
state | array | |
token_configuration | array | Select rules using any of these token configurations. |
SELECT examples
- get
- list
Get a zone token validation rule.
SELECT
id,
action,
created_at,
description,
enabled,
expression,
last_updated,
selector,
title
FROM cloudflare.token_validation.rules
WHERE zone_id = '{{ zone_id }}' -- required
AND rule_id = '{{ rule_id }}' -- required
;
List token validation rules
SELECT
id,
action,
created_at,
description,
enabled,
expression,
last_updated,
selector,
title
FROM cloudflare.token_validation.rules
WHERE zone_id = '{{ zone_id }}' -- required
AND per_page = '{{ per_page }}'
AND page = '{{ page }}'
AND token_configuration = '{{ token_configuration }}'
AND action = '{{ action }}'
AND enabled = '{{ enabled }}'
AND id = '{{ id }}'
AND rule_id = '{{ rule_id }}'
AND host = '{{ host }}'
AND hostname = '{{ hostname }}'
;
INSERT examples
- create
- Manifest
Create a token validation rule.
INSERT INTO cloudflare.token_validation.rules (
action,
description,
enabled,
expression,
selector,
title,
zone_id
)
SELECT
'{{ action }}',
'{{ description }}',
{{ enabled }},
'{{ expression }}',
'{{ selector }}',
'{{ title }}',
'{{ zone_id }}'
RETURNING
errors,
messages,
result,
success
;
# Description fields are for documentation purposes
- name: rules
props:
- name: zone_id
value: "{{ zone_id }}"
description: Required parameter for the rules resource.
- name: action
value: "{{ action }}"
description: |
Action to take on requests that match operations included in `selector` and fail `expression`.
valid_values: ['log', 'block']
- name: description
value: "{{ description }}"
description: |
A human-readable description that gives more details than `title`.
- name: enabled
value: {{ enabled }}
description: |
Toggle rule on or off.
- name: expression
value: "{{ expression }}"
description: |
Rule expression. Requests that fail to match this expression will be subject to `action`. For details on expressions, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/).
- name: selector
description: |
Select operations covered by this rule. For details on selectors, see the [Cloudflare Docs](https://developers.cloudflare.com/api-shield/security/jwt-validation/).
value:
exclude:
- operation_ids: "{{ operation_ids }}"
include:
- host: "{{ host }}"
- name: title
value: "{{ title }}"
description: |
A human-readable name for the rule.
UPDATE examples
- edit
Edit a zone token validation rule.
UPDATE cloudflare.token_validation.rules
SET
action = '{{ action }}',
description = '{{ description }}',
enabled = {{ enabled }},
expression = '{{ expression }}',
selector = '{{ selector }}',
title = '{{ title }}',
position = '{{ position }}'
WHERE
zone_id = '{{ zone_id }}' --required
AND rule_id = '{{ rule_id }}' --required
RETURNING
errors,
messages,
result,
success;
DELETE examples
- delete
Delete a zone token validation rule.
DELETE FROM cloudflare.token_validation.rules
WHERE zone_id = '{{ zone_id }}' --required
AND rule_id = '{{ rule_id }}' --required
;
Lifecycle Methods
- preview
Preview operations covered by a Token Validation rule. The API will return all operations on a zone annotated with an additional state field. Operations with an included state will be covered by a Token Validation Rule.
EXEC cloudflare.token_validation.rules.preview
@zone_id='{{ zone_id }}' --required,
@per_page='{{ per_page }}',
@page='{{ page }}',
@state='{{ state }}',
@host='{{ host }}',
@hostname='{{ hostname }}',
@method='{{ method }}',
@endpoint='{{ endpoint }}'
@@json=
'{
"exclude": "{{ exclude }}",
"include": "{{ include }}"
}'
;