Skip to content

feat(cloudflare): adding parent scope to cloudflare constructs #946

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
despock merged 1 commit into from
Jan 29, 2026
Merged

feat(cloudflare): adding parent scope to cloudflare constructs #946

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
172 changes: 114 additions & 58 deletions src/lib/cloudflare/services/access/main.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,16 @@
import * as cloudflare from '@pulumi/cloudflare'
import {
AccessRule,
ZeroTrustAccessApplication,
ZeroTrustAccessCustomPage,
ZeroTrustAccessGroup,
ZeroTrustAccessIdentityProvider,
ZeroTrustAccessMtlsCertificate,
ZeroTrustAccessPolicy,
ZeroTrustAccessServiceToken,
ZeroTrustAccessShortLivedCertificate,
ZeroTrustAccessTag,
ZeroTrustOrganization,
} from '@pulumi/cloudflare'
import { CommonCloudflareConstruct } from '../../common/construct.js'
import {
AccessRuleProps,
Expand Down Expand Up @@ -47,12 +59,16 @@ export class CloudflareAccessManager {
filter: { name: scope.props.domainName },
})?.id

return new cloudflare.ZeroTrustAccessApplication(`${id}`, {
...props,
domain: `${props.domain}-${scope.props.domainName}`,
name: `${props.name}-${scope.props.stage}`,
zoneId,
})
return new ZeroTrustAccessApplication(
`${id}`,
{
...props,
domain: `${props.domain}-${scope.props.domainName}`,
name: `${props.name}-${scope.props.stage}`,
zoneId,
},
{ parent: scope }
)
}

/**
Expand All @@ -75,10 +91,14 @@ export class CloudflareAccessManager {
filter: { name: scope.props.domainName },
})?.id

return new cloudflare.ZeroTrustAccessShortLivedCertificate(`${id}`, {
...props,
zoneId,
})
return new ZeroTrustAccessShortLivedCertificate(
`${id}`,
{
...props,
zoneId,
},
{ parent: scope }
)
}

/**
Expand All @@ -91,11 +111,15 @@ export class CloudflareAccessManager {
public createAccessCustomPage(id: string, scope: CommonCloudflareConstruct, props: ZeroTrustAccessCustomPageProps) {
if (!props) throw `Props undefined for ${id}`

return new cloudflare.ZeroTrustAccessCustomPage(`${id}`, {
...props,
accountId: props.accountId ?? scope.props.accountId,
name: `${props.name}-${scope.props.stage}`,
})
return new ZeroTrustAccessCustomPage(
`${id}`,
{
...props,
accountId: props.accountId ?? scope.props.accountId,
name: `${props.name}-${scope.props.stage}`,
},
{ parent: scope }
)
}

/**
Expand All @@ -114,11 +138,15 @@ export class CloudflareAccessManager {
filter: { name: scope.props.domainName },
})?.id

return new cloudflare.ZeroTrustAccessGroup(`${id}`, {
...props,
name: `${props.name} - ${scope.props.stage.toUpperCase()}`,
zoneId,
})
return new ZeroTrustAccessGroup(
`${id}`,
{
...props,
name: `${props.name} - ${scope.props.stage.toUpperCase()}`,
zoneId,
},
{ parent: scope }
)
}

/**
Expand All @@ -141,12 +169,16 @@ export class CloudflareAccessManager {
filter: { name: scope.props.domainName },
})?.id

return new cloudflare.ZeroTrustAccessIdentityProvider(`${id}`, {
...props,
config: props.config ?? {},
name: `${props.name}-${scope.props.stage}`,
zoneId,
})
return new ZeroTrustAccessIdentityProvider(
`${id}`,
{
...props,
config: props.config ?? {},
name: `${props.name}-${scope.props.stage}`,
zoneId,
},
{ parent: scope }
)
}

/**
Expand All @@ -169,11 +201,15 @@ export class CloudflareAccessManager {
filter: { name: scope.props.domainName },
})?.id

return new cloudflare.ZeroTrustAccessMtlsCertificate(`${id}`, {
...props,
name: `${props.name}-${scope.props.stage}`,
zoneId,
})
return new ZeroTrustAccessMtlsCertificate(
`${id}`,
{
...props,
name: `${props.name}-${scope.props.stage}`,
zoneId,
},
{ parent: scope }
)
}

/**
Expand All @@ -192,11 +228,15 @@ export class CloudflareAccessManager {
filter: { name: scope.props.domainName },
})?.id

return new cloudflare.ZeroTrustOrganization(`${id}`, {
...props,
name: `${props.name}-${scope.props.stage}`,
zoneId,
})
return new ZeroTrustOrganization(
`${id}`,
{
...props,
name: `${props.name}-${scope.props.stage}`,
zoneId,
},
{ parent: scope }
)
}

/**
Expand All @@ -209,11 +249,15 @@ export class CloudflareAccessManager {
public createAccessPolicy(id: string, scope: CommonCloudflareConstruct, props: ZeroTrustAccessPolicyProps) {
if (!props) throw `Props undefined for ${id}`

return new cloudflare.ZeroTrustAccessPolicy(`${id}`, {
...props,
name: `${props.name}-${scope.props.stage}`,
accountId: props.accountId ?? scope.props.accountId,
})
return new ZeroTrustAccessPolicy(
`${id}`,
{
...props,
name: `${props.name}-${scope.props.stage}`,
accountId: props.accountId ?? scope.props.accountId,
},
{ parent: scope }
)
}

/**
Expand All @@ -232,11 +276,15 @@ export class CloudflareAccessManager {
filter: { name: scope.props.domainName },
})?.id

return new cloudflare.AccessRule(`${id}`, {
...props,
zoneId,
accountId: props.accountId ?? scope.props.accountId,
})
return new AccessRule(
`${id}`,
{
...props,
zoneId,
accountId: props.accountId ?? scope.props.accountId,
},
{ parent: scope }
)
}

/**
Expand All @@ -259,12 +307,16 @@ export class CloudflareAccessManager {
filter: { name: scope.props.domainName },
})?.id

return new cloudflare.ZeroTrustAccessServiceToken(`${id}`, {
...props,
name: `${props.name}-${scope.props.stage}`,
accountId: props.accountId ?? scope.props.accountId,
zoneId,
})
return new ZeroTrustAccessServiceToken(
`${id}`,
{
...props,
name: `${props.name}-${scope.props.stage}`,
accountId: props.accountId ?? scope.props.accountId,
zoneId,
},
{ parent: scope }
)
}

/**
Expand All @@ -277,10 +329,14 @@ export class CloudflareAccessManager {
public createAccessTag(id: string, scope: CommonCloudflareConstruct, props: ZeroTrustAccessTagProps) {
if (!props) throw `Props undefined for ${id}`

return new cloudflare.ZeroTrustAccessTag(`${id}`, {
...props,
name: `${props.name}-${scope.props.stage}`,
accountId: props.accountId ?? scope.props.accountId,
})
return new ZeroTrustAccessTag(
`${id}`,
{
...props,
name: `${props.name}-${scope.props.stage}`,
accountId: props.accountId ?? scope.props.accountId,
},
{ parent: scope }
)
}
}
70 changes: 48 additions & 22 deletions src/lib/cloudflare/services/api-shield/main.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,10 @@
import * as cloudflare from '@pulumi/cloudflare'
import {
ApiShield,
ApiShieldOperation,
ApiShieldOperationSchemaValidationSettings,
ApiShieldSchema,
ApiShieldSchemaValidationSettings,
} from '@pulumi/cloudflare'
import { CommonCloudflareConstruct } from '../../common/index.js'
import {
ApiShieldOperationProps,
Expand Down Expand Up @@ -39,10 +45,14 @@ export class CloudflareApiShieldManager {
const zoneId = props.zoneId
? props.zoneId
: scope.zoneManager.resolveZone(`${id}-data-zone`, scope, { filter: { name: scope.props.domainName } })?.id
return new cloudflare.ApiShield(`${id}`, {
...props,
zoneId,
})
return new ApiShield(
`${id}`,
{
...props,
zoneId,
},
{ parent: scope }
)
}

/**
Expand All @@ -58,11 +68,15 @@ export class CloudflareApiShieldManager {
const zoneId = props.zoneId
? props.zoneId
: scope.zoneManager.resolveZone(`${id}-data-zone`, scope, { filter: { name: scope.props.domainName } })?.id
return new cloudflare.ApiShieldSchema(`${id}`, {
...props,
name: `${props.name}-${scope.props.stage}`,
zoneId,
})
return new ApiShieldSchema(
`${id}`,
{
...props,
name: `${props.name}-${scope.props.stage}`,
zoneId,
},
{ parent: scope }
)
}

/**
Expand All @@ -82,10 +96,14 @@ export class CloudflareApiShieldManager {
const zoneId = props.zoneId
? props.zoneId
: scope.zoneManager.resolveZone(`${id}-data-zone`, scope, { filter: { name: scope.props.domainName } })?.id
return new cloudflare.ApiShieldSchemaValidationSettings(`${id}`, {
...props,
zoneId,
})
return new ApiShieldSchemaValidationSettings(
`${id}`,
{
...props,
zoneId,
},
{ parent: scope }
)
}

/**
Expand All @@ -101,10 +119,14 @@ export class CloudflareApiShieldManager {
const zoneId = props.zoneId
? props.zoneId
: scope.zoneManager.resolveZone(`${id}-data-zone`, scope, { filter: { name: scope.props.domainName } })?.id
return new cloudflare.ApiShieldOperation(`${id}`, {
...props,
zoneId,
})
return new ApiShieldOperation(
`${id}`,
{
...props,
zoneId,
},
{ parent: scope }
)
}

/**
Expand All @@ -124,9 +146,13 @@ export class CloudflareApiShieldManager {
const zoneId = props.zoneId
? props.zoneId
: scope.zoneManager.resolveZone(`${id}-data-zone`, scope, { filter: { name: scope.props.domainName } })?.id
return new cloudflare.ApiShieldOperationSchemaValidationSettings(`${id}`, {
...props,
zoneId,
})
return new ApiShieldOperationSchemaValidationSettings(
`${id}`,
{
...props,
zoneId,
},
{ parent: scope }
)
}
}
Loading