Ctrl K

Create an Access policy

Create a new Access policy for an application.

Script cloudflare Verified

by hugo697 · 11/16/2023

Use in Windmill

The script

Submitted by hugo697 Typescript (fetch-only)

Verified 383 days ago

All edits

Permalink

type Cloudflare = {
  token: string;
  email: string;
  key: string;
};
/**
 * Create an Access policy
 * Create a new Access policy for an application.
 */
export async function main(
  auth: Cloudflare,
  uuid: string,
  identifier: string,
  body: {
    approval_groups?: {
      approvals_needed: number;
      email_addresses?: unknown[];
      email_list_uuid?: string;
      [k: string]: unknown;
    }[];
    approval_required?: boolean;
    decision: "allow" | "deny" | "non_identity" | "bypass";
    exclude?: (
      | { email: { email: string; [k: string]: unknown }; [k: string]: unknown }
      | {
          email_domain: { domain: string; [k: string]: unknown };
          [k: string]: unknown;
        }
      | { everyone: { [k: string]: unknown }; [k: string]: unknown }
      | { ip: { ip: string; [k: string]: unknown }; [k: string]: unknown }
      | { ip_list: { id: string; [k: string]: unknown }; [k: string]: unknown }
      | { certificate: { [k: string]: unknown }; [k: string]: unknown }
      | { group: { id: string; [k: string]: unknown }; [k: string]: unknown }
      | {
          azureAD: { connection_id: string; id: string; [k: string]: unknown };
          [k: string]: unknown;
        }
      | {
          "github-organization": {
            connection_id: string;
            name: string;
            [k: string]: unknown;
          };
          [k: string]: unknown;
        }
      | {
          gsuite: {
            connection_id: string;
            email: string;
            [k: string]: unknown;
          };
          [k: string]: unknown;
        }
      | {
          okta: { connection_id: string; email: string; [k: string]: unknown };
          [k: string]: unknown;
        }
      | {
          saml: {
            attribute_name: string;
            attribute_value: string;
            [k: string]: unknown;
          };
          [k: string]: unknown;
        }
    )[];
    include: (
      | { email: { email: string; [k: string]: unknown }; [k: string]: unknown }
      | {
          email_domain: { domain: string; [k: string]: unknown };
          [k: string]: unknown;
        }
      | { everyone: { [k: string]: unknown }; [k: string]: unknown }
      | { ip: { ip: string; [k: string]: unknown }; [k: string]: unknown }
      | { ip_list: { id: string; [k: string]: unknown }; [k: string]: unknown }
      | { certificate: { [k: string]: unknown }; [k: string]: unknown }
      | { group: { id: string; [k: string]: unknown }; [k: string]: unknown }
      | {
          azureAD: { connection_id: string; id: string; [k: string]: unknown };
          [k: string]: unknown;
        }
      | {
          "github-organization": {
            connection_id: string;
            name: string;
            [k: string]: unknown;
          };
          [k: string]: unknown;
        }
      | {
          gsuite: {
            connection_id: string;
            email: string;
            [k: string]: unknown;
          };
          [k: string]: unknown;
        }
      | {
          okta: { connection_id: string; email: string; [k: string]: unknown };
          [k: string]: unknown;
        }
      | {
          saml: {
            attribute_name: string;
            attribute_value: string;
            [k: string]: unknown;
          };
          [k: string]: unknown;
        }
    )[];
    isolation_required?: boolean;
    name: string;
    precedence?: number;
    purpose_justification_prompt?: string;
    purpose_justification_required?: boolean;
    require?: (
      | { email: { email: string; [k: string]: unknown }; [k: string]: unknown }
      | {
          email_domain: { domain: string; [k: string]: unknown };
          [k: string]: unknown;
        }
      | { everyone: { [k: string]: unknown }; [k: string]: unknown }
      | { ip: { ip: string; [k: string]: unknown }; [k: string]: unknown }
      | { ip_list: { id: string; [k: string]: unknown }; [k: string]: unknown }
      | { certificate: { [k: string]: unknown }; [k: string]: unknown }
      | { group: { id: string; [k: string]: unknown }; [k: string]: unknown }
      | {
          azureAD: { connection_id: string; id: string; [k: string]: unknown };
          [k: string]: unknown;
        }
      | {
          "github-organization": {
            connection_id: string;
            name: string;
            [k: string]: unknown;
          };
          [k: string]: unknown;
        }
      | {
          gsuite: {
            connection_id: string;
            email: string;
            [k: string]: unknown;
          };
          [k: string]: unknown;
        }
      | {
          okta: { connection_id: string; email: string; [k: string]: unknown };
          [k: string]: unknown;
        }
      | {
          saml: {
            attribute_name: string;
            attribute_value: string;
            [k: string]: unknown;
          };
          [k: string]: unknown;
        }
    )[];
    [k: string]: unknown;
  }
) {
  const url = new URL(
    `https://api.cloudflare.com/client/v4/zones/${identifier}/access/apps/${uuid}/policies`
  );

  const response = await fetch(url, {
    method: "POST",
    headers: {
      "X-AUTH-EMAIL": auth.email,
      "X-AUTH-KEY": auth.key,
      "Content-Type": "application/json",
      Authorization: "Bearer " + auth.token,
    },
    body: JSON.stringify(body),
  });
  if (!response.ok) {
    const text = await response.text();
    throw new Error(`${response.status} ${text}`);
  }
  return await response.json();
}


`1`	`type Cloudflare = {`
`2`	`token: string;`
`3`	`email: string;`
`4`	`key: string;`
`5`	`};`
`6`	`/**`
`7`	`* Create an Access policy`
`8`	`* Create a new Access policy for an application.`
`9`	`*/`
`10`	`export async function main(`
`11`	`auth: Cloudflare,`
`12`	`uuid: string,`
`13`	`identifier: string,`
`14`	`body: {`
`15`	`approval_groups?: {`
`16`	`approvals_needed: number;`
`17`	`email_addresses?: unknown[];`
`18`	`email_list_uuid?: string;`
`19`	`[k: string]: unknown;`
`20`	`}[];`
`21`	`approval_required?: boolean;`
`22`	`decision: "allow" \| "deny" \| "non_identity" \| "bypass";`
`23`	`exclude?: (`
`24`	`\| { email: { email: string; [k: string]: unknown }; [k: string]: unknown }`
`25`	`\| {`
`26`	`email_domain: { domain: string; [k: string]: unknown };`
`27`	`[k: string]: unknown;`
`28`	`}`
`29`	`\| { everyone: { [k: string]: unknown }; [k: string]: unknown }`
`30`	`\| { ip: { ip: string; [k: string]: unknown }; [k: string]: unknown }`
`31`	`\| { ip_list: { id: string; [k: string]: unknown }; [k: string]: unknown }`
`32`	`\| { certificate: { [k: string]: unknown }; [k: string]: unknown }`
`33`	`\| { group: { id: string; [k: string]: unknown }; [k: string]: unknown }`
`34`	`\| {`
`35`	`azureAD: { connection_id: string; id: string; [k: string]: unknown };`
`36`	`[k: string]: unknown;`
`37`	`}`
`38`	`\| {`
`39`	`"github-organization": {`
`40`	`connection_id: string;`
`41`	`name: string;`
`42`	`[k: string]: unknown;`
`43`	`};`
`44`	`[k: string]: unknown;`
`45`	`}`
`46`	`\| {`
`47`	`gsuite: {`
`48`	`connection_id: string;`
`49`	`email: string;`
`50`	`[k: string]: unknown;`
`51`	`};`
`52`	`[k: string]: unknown;`
`53`	`}`
`54`	`\| {`
`55`	`okta: { connection_id: string; email: string; [k: string]: unknown };`
`56`	`[k: string]: unknown;`
`57`	`}`
`58`	`\| {`
`59`	`saml: {`
`60`	`attribute_name: string;`
`61`	`attribute_value: string;`
`62`	`[k: string]: unknown;`
`63`	`};`
`64`	`[k: string]: unknown;`
`65`	`}`
`66`	`)[];`
`67`	`include: (`
`68`	`\| { email: { email: string; [k: string]: unknown }; [k: string]: unknown }`
`69`	`\| {`
`70`	`email_domain: { domain: string; [k: string]: unknown };`
`71`	`[k: string]: unknown;`
`72`	`}`
`73`	`\| { everyone: { [k: string]: unknown }; [k: string]: unknown }`
`74`	`\| { ip: { ip: string; [k: string]: unknown }; [k: string]: unknown }`
`75`	`\| { ip_list: { id: string; [k: string]: unknown }; [k: string]: unknown }`
`76`	`\| { certificate: { [k: string]: unknown }; [k: string]: unknown }`
`77`	`\| { group: { id: string; [k: string]: unknown }; [k: string]: unknown }`
`78`	`\| {`
`79`	`azureAD: { connection_id: string; id: string; [k: string]: unknown };`
`80`	`[k: string]: unknown;`
`81`	`}`
`82`	`\| {`
`83`	`"github-organization": {`
`84`	`connection_id: string;`
`85`	`name: string;`
`86`	`[k: string]: unknown;`
`87`	`};`
`88`	`[k: string]: unknown;`
`89`	`}`
`90`	`\| {`
`91`	`gsuite: {`
`92`	`connection_id: string;`
`93`	`email: string;`
`94`	`[k: string]: unknown;`
`95`	`};`
`96`	`[k: string]: unknown;`
`97`	`}`
`98`	`\| {`
`99`	`okta: { connection_id: string; email: string; [k: string]: unknown };`
`100`	`[k: string]: unknown;`
`101`	`}`
`102`	`\| {`
`103`	`saml: {`
`104`	`attribute_name: string;`
`105`	`attribute_value: string;`
`106`	`[k: string]: unknown;`
`107`	`};`
`108`	`[k: string]: unknown;`
`109`	`}`
`110`	`)[];`
`111`	`isolation_required?: boolean;`
`112`	`name: string;`
`113`	`precedence?: number;`
`114`	`purpose_justification_prompt?: string;`
`115`	`purpose_justification_required?: boolean;`
`116`	`require?: (`
`117`	`\| { email: { email: string; [k: string]: unknown }; [k: string]: unknown }`
`118`	`\| {`
`119`	`email_domain: { domain: string; [k: string]: unknown };`
`120`	`[k: string]: unknown;`
`121`	`}`
`122`	`\| { everyone: { [k: string]: unknown }; [k: string]: unknown }`
`123`	`\| { ip: { ip: string; [k: string]: unknown }; [k: string]: unknown }`
`124`	`\| { ip_list: { id: string; [k: string]: unknown }; [k: string]: unknown }`
`125`	`\| { certificate: { [k: string]: unknown }; [k: string]: unknown }`
`126`	`\| { group: { id: string; [k: string]: unknown }; [k: string]: unknown }`
`127`	`\| {`
`128`	`azureAD: { connection_id: string; id: string; [k: string]: unknown };`
`129`	`[k: string]: unknown;`
`130`	`}`
`131`	`\| {`
`132`	`"github-organization": {`
`133`	`connection_id: string;`
`134`	`name: string;`
`135`	`[k: string]: unknown;`
`136`	`};`
`137`	`[k: string]: unknown;`
`138`	`}`
`139`	`\| {`
`140`	`gsuite: {`
`141`	`connection_id: string;`
`142`	`email: string;`
`143`	`[k: string]: unknown;`
`144`	`};`
`145`	`[k: string]: unknown;`
`146`	`}`
`147`	`\| {`
`148`	`okta: { connection_id: string; email: string; [k: string]: unknown };`
`149`	`[k: string]: unknown;`
`150`	`}`
`151`	`\| {`
`152`	`saml: {`
`153`	`attribute_name: string;`
`154`	`attribute_value: string;`
`155`	`[k: string]: unknown;`
`156`	`};`
`157`	`[k: string]: unknown;`
`158`	`}`
`159`	`)[];`
`160`	`[k: string]: unknown;`
`161`	`}`
`162`	`) {`
`163`	`const url = new URL(`
`164`	`https://api.cloudflare.com/client/v4/zones/${identifier}/access/apps/${uuid}/policies`
`165`	`);`
`166`
`167`	`const response = await fetch(url, {`
`168`	`method: "POST",`
`169`	`headers: {`
`170`	`"X-AUTH-EMAIL": auth.email,`
`171`	`"X-AUTH-KEY": auth.key,`
`172`	`"Content-Type": "application/json",`
`173`	`Authorization: "Bearer " + auth.token,`
`174`	`},`
`175`	`body: JSON.stringify(body),`
`176`	`});`
`177`	`if (!response.ok) {`
`178`	`const text = await response.text();`
`179`	throw new Error(`${response.status} ${text}`);
`180`	`}`
`181`	`return await response.json();`
`182`	`}`
`183`