Ctrl K

Create a Zero Trust Gateway rule

Creates a new Zero Trust Gateway rule.

Script cloudflare Verified

by hugo697 · 11/16/2023

Use in Windmill

The script

Submitted by hugo697 Typescript (fetch-only)

Verified 383 days ago

All edits

Permalink

type Cloudflare = {
  token: string;
  email: string;
  key: string;
};
/**
 * Create a Zero Trust Gateway rule
 * Creates a new Zero Trust Gateway rule.
 */
export async function main(
  auth: Cloudflare,
  identifier: string,
  body: {
    action:
      | "on"
      | "off"
      | "allow"
      | "block"
      | "scan"
      | "noscan"
      | "safesearch"
      | "ytrestricted"
      | "isolate"
      | "noisolate"
      | "override"
      | "l4_override"
      | "egress"
      | "audit_ssh";
    description?: string;
    device_posture?: string;
    enabled?: boolean;
    filters?: ("http" | "dns" | "l4" | "egress")[];
    identity?: string;
    name: string;
    precedence?: number;
    rule_settings?: {
      add_headers?: { [k: string]: unknown };
      allow_child_bypass?: boolean;
      audit_ssh?: { command_logging?: boolean; [k: string]: unknown };
      biso_admin_controls?: {
        dcp?: boolean;
        dd?: boolean;
        dk?: boolean;
        dp?: boolean;
        du?: boolean;
        [k: string]: unknown;
      };
      block_page_enabled?: boolean;
      block_reason?: string;
      bypass_parent_rule?: boolean;
      check_session?: {
        duration?: string;
        enforce?: boolean;
        [k: string]: unknown;
      };
      dns_resolvers?: {
        ipv4?: {
          ip: string;
          port?: number;
          route_through_private_network?: boolean;
          vnet_id?: string;
          [k: string]: unknown;
        }[];
        ipv6?: {
          ip: string;
          port?: number;
          route_through_private_network?: boolean;
          vnet_id?: string;
          [k: string]: unknown;
        }[];
        [k: string]: unknown;
      };
      egress?: {
        ipv4?: string;
        ipv4_fallback?: string;
        ipv6?: string;
        [k: string]: unknown;
      };
      insecure_disable_dnssec_validation?: boolean;
      ip_categories?: boolean;
      ip_indicator_feeds?: boolean;
      l4override?: { ip?: string; port?: number; [k: string]: unknown };
      override_host?: string;
      override_ips?: string[];
      payload_log?: { enabled?: boolean; [k: string]: unknown };
      resolve_dns_through_cloudflare?: boolean;
      untrusted_cert?: {
        action?: "pass_through" | "block" | "error";
        [k: string]: unknown;
      };
      [k: string]: unknown;
    };
    schedule?: {
      fri?: string;
      mon?: string;
      sat?: string;
      sun?: string;
      thu?: string;
      time_zone?: string;
      tue?: string;
      wed?: string;
      [k: string]: unknown;
    };
    traffic?: string;
    [k: string]: unknown;
  }
) {
  const url = new URL(
    `https://api.cloudflare.com/client/v4/accounts/${identifier}/gateway/rules`
  );

  const response = await fetch(url, {
    method: "POST",
    headers: {
      "X-AUTH-EMAIL": auth.email,
      "X-AUTH-KEY": auth.key,
      "Content-Type": "application/json",
      Authorization: "Bearer " + auth.token,
    },
    body: JSON.stringify(body),
  });
  if (!response.ok) {
    const text = await response.text();
    throw new Error(`${response.status} ${text}`);
  }
  return await response.json();
}


`1`	`type Cloudflare = {`
`2`	`token: string;`
`3`	`email: string;`
`4`	`key: string;`
`5`	`};`
`6`	`/**`
`7`	`* Create a Zero Trust Gateway rule`
`8`	`* Creates a new Zero Trust Gateway rule.`
`9`	`*/`
`10`	`export async function main(`
`11`	`auth: Cloudflare,`
`12`	`identifier: string,`
`13`	`body: {`
`14`	`action:`
`15`	`\| "on"`
`16`	`\| "off"`
`17`	`\| "allow"`
`18`	`\| "block"`
`19`	`\| "scan"`
`20`	`\| "noscan"`
`21`	`\| "safesearch"`
`22`	`\| "ytrestricted"`
`23`	`\| "isolate"`
`24`	`\| "noisolate"`
`25`	`\| "override"`
`26`	`\| "l4_override"`
`27`	`\| "egress"`
`28`	`\| "audit_ssh";`
`29`	`description?: string;`
`30`	`device_posture?: string;`
`31`	`enabled?: boolean;`
`32`	`filters?: ("http" \| "dns" \| "l4" \| "egress")[];`
`33`	`identity?: string;`
`34`	`name: string;`
`35`	`precedence?: number;`
`36`	`rule_settings?: {`
`37`	`add_headers?: { [k: string]: unknown };`
`38`	`allow_child_bypass?: boolean;`
`39`	`audit_ssh?: { command_logging?: boolean; [k: string]: unknown };`
`40`	`biso_admin_controls?: {`
`41`	`dcp?: boolean;`
`42`	`dd?: boolean;`
`43`	`dk?: boolean;`
`44`	`dp?: boolean;`
`45`	`du?: boolean;`
`46`	`[k: string]: unknown;`
`47`	`};`
`48`	`block_page_enabled?: boolean;`
`49`	`block_reason?: string;`
`50`	`bypass_parent_rule?: boolean;`
`51`	`check_session?: {`
`52`	`duration?: string;`
`53`	`enforce?: boolean;`
`54`	`[k: string]: unknown;`
`55`	`};`
`56`	`dns_resolvers?: {`
`57`	`ipv4?: {`
`58`	`ip: string;`
`59`	`port?: number;`
`60`	`route_through_private_network?: boolean;`
`61`	`vnet_id?: string;`
`62`	`[k: string]: unknown;`
`63`	`}[];`
`64`	`ipv6?: {`
`65`	`ip: string;`
`66`	`port?: number;`
`67`	`route_through_private_network?: boolean;`
`68`	`vnet_id?: string;`
`69`	`[k: string]: unknown;`
`70`	`}[];`
`71`	`[k: string]: unknown;`
`72`	`};`
`73`	`egress?: {`
`74`	`ipv4?: string;`
`75`	`ipv4_fallback?: string;`
`76`	`ipv6?: string;`
`77`	`[k: string]: unknown;`
`78`	`};`
`79`	`insecure_disable_dnssec_validation?: boolean;`
`80`	`ip_categories?: boolean;`
`81`	`ip_indicator_feeds?: boolean;`
`82`	`l4override?: { ip?: string; port?: number; [k: string]: unknown };`
`83`	`override_host?: string;`
`84`	`override_ips?: string[];`
`85`	`payload_log?: { enabled?: boolean; [k: string]: unknown };`
`86`	`resolve_dns_through_cloudflare?: boolean;`
`87`	`untrusted_cert?: {`
`88`	`action?: "pass_through" \| "block" \| "error";`
`89`	`[k: string]: unknown;`
`90`	`};`
`91`	`[k: string]: unknown;`
`92`	`};`
`93`	`schedule?: {`
`94`	`fri?: string;`
`95`	`mon?: string;`
`96`	`sat?: string;`
`97`	`sun?: string;`
`98`	`thu?: string;`
`99`	`time_zone?: string;`
`100`	`tue?: string;`
`101`	`wed?: string;`
`102`	`[k: string]: unknown;`
`103`	`};`
`104`	`traffic?: string;`
`105`	`[k: string]: unknown;`
`106`	`}`
`107`	`) {`
`108`	`const url = new URL(`
`109`	`https://api.cloudflare.com/client/v4/accounts/${identifier}/gateway/rules`
`110`	`);`
`111`
`112`	`const response = await fetch(url, {`
`113`	`method: "POST",`
`114`	`headers: {`
`115`	`"X-AUTH-EMAIL": auth.email,`
`116`	`"X-AUTH-KEY": auth.key,`
`117`	`"Content-Type": "application/json",`
`118`	`Authorization: "Bearer " + auth.token,`
`119`	`},`
`120`	`body: JSON.stringify(body),`
`121`	`});`
`122`	`if (!response.ok) {`
`123`	`const text = await response.text();`
`124`	throw new Error(`${response.status} ${text}`);
`125`	`}`
`126`	`return await response.json();`
`127`	`}`
`128`