Ctrl K

Update an Access policy

Update a configured Access policy.

Script cloudflare Verified

by hugo697 · 11/16/2023

Use in Windmill

The script

Submitted by hugo697 Typescript (fetch-only)

Verified 383 days ago

All edits

Permalink

type Cloudflare = {
  token: string;
  email: string;
  key: string;
};
/**
 * Update an Access policy
 * Update a configured Access policy.
 */
export async function main(
  auth: Cloudflare,
  uuid: string,
  uuid1: string,
  identifier: string,
  body: {
    approval_groups?: {
      approvals_needed: number;
      email_addresses?: unknown[];
      email_list_uuid?: string;
      [k: string]: unknown;
    }[];
    approval_required?: boolean;
    decision: "allow" | "deny" | "non_identity" | "bypass";
    exclude?: (
      | { email: { email: string; [k: string]: unknown }; [k: string]: unknown }
      | {
          email_domain: { domain: string; [k: string]: unknown };
          [k: string]: unknown;
        }
      | { everyone: { [k: string]: unknown }; [k: string]: unknown }
      | { ip: { ip: string; [k: string]: unknown }; [k: string]: unknown }
      | { ip_list: { id: string; [k: string]: unknown }; [k: string]: unknown }
      | { certificate: { [k: string]: unknown }; [k: string]: unknown }
      | { group: { id: string; [k: string]: unknown }; [k: string]: unknown }
      | {
          azureAD: { connection_id: string; id: string; [k: string]: unknown };
          [k: string]: unknown;
        }
      | {
          "github-organization": {
            connection_id: string;
            name: string;
            [k: string]: unknown;
          };
          [k: string]: unknown;
        }
      | {
          gsuite: {
            connection_id: string;
            email: string;
            [k: string]: unknown;
          };
          [k: string]: unknown;
        }
      | {
          okta: { connection_id: string; email: string; [k: string]: unknown };
          [k: string]: unknown;
        }
      | {
          saml: {
            attribute_name: string;
            attribute_value: string;
            [k: string]: unknown;
          };
          [k: string]: unknown;
        }
    )[];
    include: (
      | { email: { email: string; [k: string]: unknown }; [k: string]: unknown }
      | {
          email_domain: { domain: string; [k: string]: unknown };
          [k: string]: unknown;
        }
      | { everyone: { [k: string]: unknown }; [k: string]: unknown }
      | { ip: { ip: string; [k: string]: unknown }; [k: string]: unknown }
      | { ip_list: { id: string; [k: string]: unknown }; [k: string]: unknown }
      | { certificate: { [k: string]: unknown }; [k: string]: unknown }
      | { group: { id: string; [k: string]: unknown }; [k: string]: unknown }
      | {
          azureAD: { connection_id: string; id: string; [k: string]: unknown };
          [k: string]: unknown;
        }
      | {
          "github-organization": {
            connection_id: string;
            name: string;
            [k: string]: unknown;
          };
          [k: string]: unknown;
        }
      | {
          gsuite: {
            connection_id: string;
            email: string;
            [k: string]: unknown;
          };
          [k: string]: unknown;
        }
      | {
          okta: { connection_id: string; email: string; [k: string]: unknown };
          [k: string]: unknown;
        }
      | {
          saml: {
            attribute_name: string;
            attribute_value: string;
            [k: string]: unknown;
          };
          [k: string]: unknown;
        }
    )[];
    isolation_required?: boolean;
    name: string;
    precedence?: number;
    purpose_justification_prompt?: string;
    purpose_justification_required?: boolean;
    require?: (
      | { email: { email: string; [k: string]: unknown }; [k: string]: unknown }
      | {
          email_domain: { domain: string; [k: string]: unknown };
          [k: string]: unknown;
        }
      | { everyone: { [k: string]: unknown }; [k: string]: unknown }
      | { ip: { ip: string; [k: string]: unknown }; [k: string]: unknown }
      | { ip_list: { id: string; [k: string]: unknown }; [k: string]: unknown }
      | { certificate: { [k: string]: unknown }; [k: string]: unknown }
      | { group: { id: string; [k: string]: unknown }; [k: string]: unknown }
      | {
          azureAD: { connection_id: string; id: string; [k: string]: unknown };
          [k: string]: unknown;
        }
      | {
          "github-organization": {
            connection_id: string;
            name: string;
            [k: string]: unknown;
          };
          [k: string]: unknown;
        }
      | {
          gsuite: {
            connection_id: string;
            email: string;
            [k: string]: unknown;
          };
          [k: string]: unknown;
        }
      | {
          okta: { connection_id: string; email: string; [k: string]: unknown };
          [k: string]: unknown;
        }
      | {
          saml: {
            attribute_name: string;
            attribute_value: string;
            [k: string]: unknown;
          };
          [k: string]: unknown;
        }
    )[];
    [k: string]: unknown;
  }
) {
  const url = new URL(
    `https://api.cloudflare.com/client/v4/zones/${identifier}/access/apps/${uuid1}/policies/${uuid}`
  );

  const response = await fetch(url, {
    method: "PUT",
    headers: {
      "X-AUTH-EMAIL": auth.email,
      "X-AUTH-KEY": auth.key,
      "Content-Type": "application/json",
      Authorization: "Bearer " + auth.token,
    },
    body: JSON.stringify(body),
  });
  if (!response.ok) {
    const text = await response.text();
    throw new Error(`${response.status} ${text}`);
  }
  return await response.json();
}


`1`	`type Cloudflare = {`
`2`	`token: string;`
`3`	`email: string;`
`4`	`key: string;`
`5`	`};`
`6`	`/**`
`7`	`* Update an Access policy`
`8`	`* Update a configured Access policy.`
`9`	`*/`
`10`	`export async function main(`
`11`	`auth: Cloudflare,`
`12`	`uuid: string,`
`13`	`uuid1: string,`
`14`	`identifier: string,`
`15`	`body: {`
`16`	`approval_groups?: {`
`17`	`approvals_needed: number;`
`18`	`email_addresses?: unknown[];`
`19`	`email_list_uuid?: string;`
`20`	`[k: string]: unknown;`
`21`	`}[];`
`22`	`approval_required?: boolean;`
`23`	`decision: "allow" \| "deny" \| "non_identity" \| "bypass";`
`24`	`exclude?: (`
`25`	`\| { email: { email: string; [k: string]: unknown }; [k: string]: unknown }`
`26`	`\| {`
`27`	`email_domain: { domain: string; [k: string]: unknown };`
`28`	`[k: string]: unknown;`
`29`	`}`
`30`	`\| { everyone: { [k: string]: unknown }; [k: string]: unknown }`
`31`	`\| { ip: { ip: string; [k: string]: unknown }; [k: string]: unknown }`
`32`	`\| { ip_list: { id: string; [k: string]: unknown }; [k: string]: unknown }`
`33`	`\| { certificate: { [k: string]: unknown }; [k: string]: unknown }`
`34`	`\| { group: { id: string; [k: string]: unknown }; [k: string]: unknown }`
`35`	`\| {`
`36`	`azureAD: { connection_id: string; id: string; [k: string]: unknown };`
`37`	`[k: string]: unknown;`
`38`	`}`
`39`	`\| {`
`40`	`"github-organization": {`
`41`	`connection_id: string;`
`42`	`name: string;`
`43`	`[k: string]: unknown;`
`44`	`};`
`45`	`[k: string]: unknown;`
`46`	`}`
`47`	`\| {`
`48`	`gsuite: {`
`49`	`connection_id: string;`
`50`	`email: string;`
`51`	`[k: string]: unknown;`
`52`	`};`
`53`	`[k: string]: unknown;`
`54`	`}`
`55`	`\| {`
`56`	`okta: { connection_id: string; email: string; [k: string]: unknown };`
`57`	`[k: string]: unknown;`
`58`	`}`
`59`	`\| {`
`60`	`saml: {`
`61`	`attribute_name: string;`
`62`	`attribute_value: string;`
`63`	`[k: string]: unknown;`
`64`	`};`
`65`	`[k: string]: unknown;`
`66`	`}`
`67`	`)[];`
`68`	`include: (`
`69`	`\| { email: { email: string; [k: string]: unknown }; [k: string]: unknown }`
`70`	`\| {`
`71`	`email_domain: { domain: string; [k: string]: unknown };`
`72`	`[k: string]: unknown;`
`73`	`}`
`74`	`\| { everyone: { [k: string]: unknown }; [k: string]: unknown }`
`75`	`\| { ip: { ip: string; [k: string]: unknown }; [k: string]: unknown }`
`76`	`\| { ip_list: { id: string; [k: string]: unknown }; [k: string]: unknown }`
`77`	`\| { certificate: { [k: string]: unknown }; [k: string]: unknown }`
`78`	`\| { group: { id: string; [k: string]: unknown }; [k: string]: unknown }`
`79`	`\| {`
`80`	`azureAD: { connection_id: string; id: string; [k: string]: unknown };`
`81`	`[k: string]: unknown;`
`82`	`}`
`83`	`\| {`
`84`	`"github-organization": {`
`85`	`connection_id: string;`
`86`	`name: string;`
`87`	`[k: string]: unknown;`
`88`	`};`
`89`	`[k: string]: unknown;`
`90`	`}`
`91`	`\| {`
`92`	`gsuite: {`
`93`	`connection_id: string;`
`94`	`email: string;`
`95`	`[k: string]: unknown;`
`96`	`};`
`97`	`[k: string]: unknown;`
`98`	`}`
`99`	`\| {`
`100`	`okta: { connection_id: string; email: string; [k: string]: unknown };`
`101`	`[k: string]: unknown;`
`102`	`}`
`103`	`\| {`
`104`	`saml: {`
`105`	`attribute_name: string;`
`106`	`attribute_value: string;`
`107`	`[k: string]: unknown;`
`108`	`};`
`109`	`[k: string]: unknown;`
`110`	`}`
`111`	`)[];`
`112`	`isolation_required?: boolean;`
`113`	`name: string;`
`114`	`precedence?: number;`
`115`	`purpose_justification_prompt?: string;`
`116`	`purpose_justification_required?: boolean;`
`117`	`require?: (`
`118`	`\| { email: { email: string; [k: string]: unknown }; [k: string]: unknown }`
`119`	`\| {`
`120`	`email_domain: { domain: string; [k: string]: unknown };`
`121`	`[k: string]: unknown;`
`122`	`}`
`123`	`\| { everyone: { [k: string]: unknown }; [k: string]: unknown }`
`124`	`\| { ip: { ip: string; [k: string]: unknown }; [k: string]: unknown }`
`125`	`\| { ip_list: { id: string; [k: string]: unknown }; [k: string]: unknown }`
`126`	`\| { certificate: { [k: string]: unknown }; [k: string]: unknown }`
`127`	`\| { group: { id: string; [k: string]: unknown }; [k: string]: unknown }`
`128`	`\| {`
`129`	`azureAD: { connection_id: string; id: string; [k: string]: unknown };`
`130`	`[k: string]: unknown;`
`131`	`}`
`132`	`\| {`
`133`	`"github-organization": {`
`134`	`connection_id: string;`
`135`	`name: string;`
`136`	`[k: string]: unknown;`
`137`	`};`
`138`	`[k: string]: unknown;`
`139`	`}`
`140`	`\| {`
`141`	`gsuite: {`
`142`	`connection_id: string;`
`143`	`email: string;`
`144`	`[k: string]: unknown;`
`145`	`};`
`146`	`[k: string]: unknown;`
`147`	`}`
`148`	`\| {`
`149`	`okta: { connection_id: string; email: string; [k: string]: unknown };`
`150`	`[k: string]: unknown;`
`151`	`}`
`152`	`\| {`
`153`	`saml: {`
`154`	`attribute_name: string;`
`155`	`attribute_value: string;`
`156`	`[k: string]: unknown;`
`157`	`};`
`158`	`[k: string]: unknown;`
`159`	`}`
`160`	`)[];`
`161`	`[k: string]: unknown;`
`162`	`}`
`163`	`) {`
`164`	`const url = new URL(`
`165`	`https://api.cloudflare.com/client/v4/zones/${identifier}/access/apps/${uuid1}/policies/${uuid}`
`166`	`);`
`167`
`168`	`const response = await fetch(url, {`
`169`	`method: "PUT",`
`170`	`headers: {`
`171`	`"X-AUTH-EMAIL": auth.email,`
`172`	`"X-AUTH-KEY": auth.key,`
`173`	`"Content-Type": "application/json",`
`174`	`Authorization: "Bearer " + auth.token,`
`175`	`},`
`176`	`body: JSON.stringify(body),`
`177`	`});`
`178`	`if (!response.ok) {`
`179`	`const text = await response.text();`
`180`	throw new Error(`${response.status} ${text}`);
`181`	`}`
`182`	`return await response.json();`
`183`	`}`
`184`