rules_tenant
Creates, updates, deletes, gets or lists a rules_tenant resource.
Overview
| Name | rules_tenant |
| Type | Resource |
| Id | cloudflare.zero_trust.rules_tenant |
Fields
The following fields are returned by SELECT queries:
- list
List Zero Trust Gateway rules response.
| Name | Datatype | Description |
|---|---|---|
id | string | Identify the API resource with a UUID. (example: f174e90a-fafe-4643-bbbc-4a0ed4fc8415) |
name | string | Specify the rule name. (example: block bad websites) |
action | string | Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to true. (on, off, allow, block, scan, noscan, safesearch, ytrestricted, isolate, noisolate, override, l4_override, egress, resolve, quarantine, redirect) (example: allow) |
created_at | string (date-time) | (example: 2014-01-01T05:20:00.12345Z) |
deleted_at | string (date-time) | Indicate the date of deletion, if any. (x-stainless-terraform-configurability: computed) |
description | string | Specify the rule description. (example: Block bad websites based on their host name.) |
device_posture | string | Specify the wirefilter expression used for device posture check. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response. (default: , example: any(device_posture.checks.passed[*] in {"1308749e-fcfb-4ebc-b051-fe022b632644"}), x-stainless-terraform-configurability: computed_optional) |
enabled | boolean | Specify whether the rule is enabled. |
expiration | object | Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any. This does not apply to HTTP or network policies. Settable only for dns rules. (x-stainless-terraform-configurability: computed_optional) |
filters | array | Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions. Can only contain a single value. |
identity | string | Specify the wirefilter expression used for identity matching. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response. (default: , example: any(identity.groups.name[*] in {"finance"}), x-stainless-terraform-configurability: computed_optional) |
precedence | integer | Set the order of your rules. Lower values indicate higher precedence. At each processing phase, evaluate applicable rules in ascending order of this value. Refer to Order of enforcement to manage precedence via Terraform. (x-stainless-terraform-configurability: computed_optional) |
read_only | boolean | Indicate that this rule is shared via the Orgs API and read only. (x-stainless-terraform-configurability: computed) |
rule_settings | object | Defines settings for this rule. Settings apply only to specific rule types and must use compatible selectors. If Terraform detects drift, confirm the setting supports your rule type and check whether the API modifies the value. Use API-returned values in your configuration to prevent drift. (x-stainless-terraform-configurability: computed_optional) |
schedule | object | Defines the schedule for activating DNS policies. Settable only for dns and dns_resolver rules. (x-stainless-terraform-configurability: computed_optional) |
sharable | boolean | Indicate that this rule is sharable via the Orgs API. (x-stainless-terraform-configurability: computed) |
source_account | string | Provide the account tag of the account that created the rule. (x-stainless-terraform-configurability: computed) |
traffic | string | Specify the wirefilter expression used for traffic matching. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response. (default: , example: http.request.uri matches ".a/partial/uri." and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10, x-stainless-terraform-configurability: computed_optional) |
updated_at | string (date-time) | (example: 2014-01-01T05:20:00.12345Z) |
version | integer | Indicate the version number of the rule(read-only). (x-stainless-terraform-configurability: computed) |
warning_status | string | Indicate a warning for a misconfigured rule, if any. (x-stainless-terraform-configurability: computed) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list | select | account_id | List Zero Trust Gateway rules for the parent account of an account in the MSP configuration. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | The Cloudflare account ID. |
SELECT examples
- list
List Zero Trust Gateway rules for the parent account of an account in the MSP configuration.
SELECT
id,
name,
action,
created_at,
deleted_at,
description,
device_posture,
enabled,
expiration,
filters,
identity,
precedence,
read_only,
rule_settings,
schedule,
sharable,
source_account,
traffic,
updated_at,
version,
warning_status
FROM cloudflare.zero_trust.rules_tenant
WHERE account_id = '{{ account_id }}' -- required
;