@distilled.cloud/cloudflare 0.22.3 → 0.22.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (101) hide show
  1. package/lib/services/abuse-reports.d.ts +39 -11
  2. package/lib/services/abuse-reports.d.ts.map +1 -1
  3. package/lib/services/abuse-reports.js +89 -11
  4. package/lib/services/abuse-reports.js.map +1 -1
  5. package/lib/services/accounts.d.ts +21 -1
  6. package/lib/services/accounts.d.ts.map +1 -1
  7. package/lib/services/accounts.js +33 -1
  8. package/lib/services/accounts.js.map +1 -1
  9. package/lib/services/ai.d.ts +97 -1
  10. package/lib/services/ai.d.ts.map +1 -1
  11. package/lib/services/ai.js +119 -2
  12. package/lib/services/ai.js.map +1 -1
  13. package/lib/services/bot-management.d.ts +16 -0
  14. package/lib/services/bot-management.d.ts.map +1 -1
  15. package/lib/services/bot-management.js +22 -0
  16. package/lib/services/bot-management.js.map +1 -1
  17. package/lib/services/browser-rendering.d.ts +25 -9
  18. package/lib/services/browser-rendering.d.ts.map +1 -1
  19. package/lib/services/browser-rendering.js +18 -9
  20. package/lib/services/browser-rendering.js.map +1 -1
  21. package/lib/services/cache.d.ts +11 -0
  22. package/lib/services/cache.d.ts.map +1 -1
  23. package/lib/services/cache.js +17 -1
  24. package/lib/services/cache.js.map +1 -1
  25. package/lib/services/connectivity.d.ts +18 -32
  26. package/lib/services/connectivity.d.ts.map +1 -1
  27. package/lib/services/connectivity.js +56 -66
  28. package/lib/services/connectivity.js.map +1 -1
  29. package/lib/services/d1.d.ts +18 -4
  30. package/lib/services/d1.d.ts.map +1 -1
  31. package/lib/services/d1.js +23 -5
  32. package/lib/services/d1.js.map +1 -1
  33. package/lib/services/dns.d.ts +129 -3
  34. package/lib/services/dns.d.ts.map +1 -1
  35. package/lib/services/dns.js +330 -6
  36. package/lib/services/dns.js.map +1 -1
  37. package/lib/services/magic-transit.d.ts +7 -1
  38. package/lib/services/magic-transit.d.ts.map +1 -1
  39. package/lib/services/magic-transit.js +7 -1
  40. package/lib/services/magic-transit.js.map +1 -1
  41. package/lib/services/network-interconnects.d.ts +5 -1
  42. package/lib/services/network-interconnects.d.ts.map +1 -1
  43. package/lib/services/network-interconnects.js +21 -1
  44. package/lib/services/network-interconnects.js.map +1 -1
  45. package/lib/services/queues.d.ts +6 -4
  46. package/lib/services/queues.d.ts.map +1 -1
  47. package/lib/services/queues.js +8 -4
  48. package/lib/services/queues.js.map +1 -1
  49. package/lib/services/r2.d.ts +11 -4
  50. package/lib/services/r2.d.ts.map +1 -1
  51. package/lib/services/r2.js +13 -4
  52. package/lib/services/r2.js.map +1 -1
  53. package/lib/services/resource-tagging.d.ts +4 -2
  54. package/lib/services/resource-tagging.d.ts.map +1 -1
  55. package/lib/services/resource-tagging.js +4 -1
  56. package/lib/services/resource-tagging.js.map +1 -1
  57. package/lib/services/rulesets.d.ts +510 -6
  58. package/lib/services/rulesets.d.ts.map +1 -1
  59. package/lib/services/rulesets.js +1298 -36
  60. package/lib/services/rulesets.js.map +1 -1
  61. package/lib/services/spectrum.d.ts +4 -8
  62. package/lib/services/spectrum.d.ts.map +1 -1
  63. package/lib/services/spectrum.js +12 -34
  64. package/lib/services/spectrum.js.map +1 -1
  65. package/lib/services/workers-for-platforms.d.ts +12 -2
  66. package/lib/services/workers-for-platforms.d.ts.map +1 -1
  67. package/lib/services/workers-for-platforms.js +35 -3
  68. package/lib/services/workers-for-platforms.js.map +1 -1
  69. package/lib/services/workers.d.ts +12 -2
  70. package/lib/services/workers.d.ts.map +1 -1
  71. package/lib/services/workers.js +35 -3
  72. package/lib/services/workers.js.map +1 -1
  73. package/lib/services/zero-trust.d.ts +1463 -557
  74. package/lib/services/zero-trust.d.ts.map +1 -1
  75. package/lib/services/zero-trust.js +1654 -93
  76. package/lib/services/zero-trust.js.map +1 -1
  77. package/lib/services/zones.d.ts +2 -0
  78. package/lib/services/zones.d.ts.map +1 -1
  79. package/lib/services/zones.js +1 -0
  80. package/lib/services/zones.js.map +1 -1
  81. package/package.json +2 -2
  82. package/src/services/abuse-reports.ts +173 -22
  83. package/src/services/accounts.ts +66 -2
  84. package/src/services/ai.ts +235 -2
  85. package/src/services/bot-management.ts +48 -0
  86. package/src/services/browser-rendering.ts +43 -18
  87. package/src/services/cache.ts +31 -0
  88. package/src/services/connectivity.ts +78 -70
  89. package/src/services/d1.ts +43 -8
  90. package/src/services/dns.ts +549 -12
  91. package/src/services/magic-transit.ts +14 -2
  92. package/src/services/network-interconnects.ts +41 -2
  93. package/src/services/queues.ts +16 -8
  94. package/src/services/r2.ts +30 -7
  95. package/src/services/resource-tagging.ts +8 -2
  96. package/src/services/rulesets.ts +3283 -963
  97. package/src/services/spectrum.ts +36 -52
  98. package/src/services/workers-for-platforms.ts +63 -4
  99. package/src/services/workers.ts +63 -4
  100. package/src/services/zero-trust.ts +3071 -478
  101. package/src/services/zones.ts +3 -0
package/src/services/zero-trust.ts CHANGED
@@ -30809,26 +30809,28 @@ export const listAccessApplicationsForZone: API.PaginatedOperationMethod<
30809
30809
  }));
30810
30810
 
30811
30811
  const CreateAccessApplicationBaseFields = {
30812
- domain: Schema.String,
30813
- type: Schema.Union([
30814
- Schema.Literals([
30815
- "self_hosted",
30816
- "saas",
30817
- "ssh",
30818
- "vnc",
30819
- "app_launcher",
30820
- "warp",
30821
- "biso",
30822
- "bookmark",
30823
- "dash_sso",
30824
- "infrastructure",
30825
- "rdp",
30826
- "mcp",
30827
- "mcp_portal",
30828
- "proxy_endpoint",
30812
+ domain: Schema.optional(Schema.String),
30813
+ type: Schema.optional(
30814
+ Schema.Union([
30815
+ Schema.Literals([
30816
+ "self_hosted",
30817
+ "saas",
30818
+ "ssh",
30819
+ "vnc",
30820
+ "app_launcher",
30821
+ "warp",
30822
+ "biso",
30823
+ "bookmark",
30824
+ "dash_sso",
30825
+ "infrastructure",
30826
+ "rdp",
30827
+ "mcp",
30828
+ "mcp_portal",
30829
+ "proxy_endpoint",
30830
+ ]),
30831
+ Schema.String,
30829
30832
  ]),
30830
- Schema.String,
30831
- ]),
30833
+ ),
30832
30834
  allowAuthenticateViaWarp: Schema.optional(Schema.Boolean),
30833
30835
  allowIframe: Schema.optional(Schema.Boolean),
30834
30836
  allowedIdps: Schema.optional(Schema.Array(Schema.String)),
@@ -30977,384 +30979,1500 @@ const CreateAccessApplicationBaseFields = {
30977
30979
  optionsPreflightBypass: Schema.optional(Schema.Boolean),
30978
30980
  pathCookieAttribute: Schema.optional(Schema.Boolean),
30979
30981
  policies: Schema.optional(
30980
- Schema.Array(
30981
- Schema.Union([
30982
- Schema.Struct({
30983
- id: Schema.optional(Schema.String),
30984
- precedence: Schema.optional(Schema.Number),
30985
- }),
30986
- Schema.String,
30987
- Schema.Struct({
30988
- id: Schema.optional(Schema.String),
30989
- approvalGroups: Schema.optional(
30990
- Schema.Array(
30991
- Schema.Struct({
30992
- approvalsNeeded: Schema.Number,
30993
- emailAddresses: Schema.optional(Schema.Array(Schema.String)),
30994
- emailListUuid: Schema.optional(Schema.String),
30995
- }).pipe(
30996
- Schema.encodeKeys({
30997
- approvalsNeeded: "approvals_needed",
30998
- emailAddresses: "email_addresses",
30999
- emailListUuid: "email_list_uuid",
31000
- }),
31001
- ),
31002
- ),
31003
- ),
31004
- approvalRequired: Schema.optional(Schema.Boolean),
31005
- connectionRules: Schema.optional(
31006
- Schema.Struct({
31007
- rdp: Schema.optional(
30982
+ Schema.Union([
30983
+ Schema.Array(
30984
+ Schema.Union([
30985
+ Schema.Struct({
30986
+ id: Schema.optional(Schema.String),
30987
+ precedence: Schema.optional(Schema.Number),
30988
+ }),
30989
+ Schema.String,
30990
+ Schema.Struct({
30991
+ id: Schema.optional(Schema.String),
30992
+ approvalGroups: Schema.optional(
30993
+ Schema.Array(
31008
30994
  Schema.Struct({
31009
- allowedClipboardLocalToRemoteFormats: Schema.optional(
31010
- Schema.Array(Schema.Literal("text")),
31011
- ),
31012
- allowedClipboardRemoteToLocalFormats: Schema.optional(
31013
- Schema.Array(Schema.Literal("text")),
31014
- ),
30995
+ approvalsNeeded: Schema.Number,
30996
+ emailAddresses: Schema.optional(Schema.Array(Schema.String)),
30997
+ emailListUuid: Schema.optional(Schema.String),
31015
30998
  }).pipe(
31016
30999
  Schema.encodeKeys({
31017
- allowedClipboardLocalToRemoteFormats:
31018
- "allowed_clipboard_local_to_remote_formats",
31019
- allowedClipboardRemoteToLocalFormats:
31020
- "allowed_clipboard_remote_to_local_formats",
31000
+ approvalsNeeded: "approvals_needed",
31001
+ emailAddresses: "email_addresses",
31002
+ emailListUuid: "email_list_uuid",
31021
31003
  }),
31022
31004
  ),
31023
31005
  ),
31024
- }),
31025
- ),
31026
- isolationRequired: Schema.optional(Schema.Boolean),
31027
- mfaConfig: Schema.optional(
31028
- Schema.Struct({
31029
- allowedAuthenticators: Schema.optional(
31030
- Schema.Array(
31031
- Schema.Union([
31032
- Schema.Literals(["totp", "biometrics", "security_key"]),
31033
- Schema.String,
31034
- ]),
31006
+ ),
31007
+ approvalRequired: Schema.optional(Schema.Boolean),
31008
+ connectionRules: Schema.optional(
31009
+ Schema.Struct({
31010
+ rdp: Schema.optional(
31011
+ Schema.Struct({
31012
+ allowedClipboardLocalToRemoteFormats: Schema.optional(
31013
+ Schema.Array(Schema.Literal("text")),
31014
+ ),
31015
+ allowedClipboardRemoteToLocalFormats: Schema.optional(
31016
+ Schema.Array(Schema.Literal("text")),
31017
+ ),
31018
+ }).pipe(
31019
+ Schema.encodeKeys({
31020
+ allowedClipboardLocalToRemoteFormats:
31021
+ "allowed_clipboard_local_to_remote_formats",
31022
+ allowedClipboardRemoteToLocalFormats:
31023
+ "allowed_clipboard_remote_to_local_formats",
31024
+ }),
31025
+ ),
31035
31026
  ),
31036
- ),
31037
- mfaDisabled: Schema.optional(Schema.Boolean),
31038
- sessionDuration: Schema.optional(Schema.String),
31039
- }).pipe(
31040
- Schema.encodeKeys({
31041
- allowedAuthenticators: "allowed_authenticators",
31042
- mfaDisabled: "mfa_disabled",
31043
- sessionDuration: "session_duration",
31044
31027
  }),
31045
31028
  ),
31046
- ),
31047
- precedence: Schema.optional(Schema.Number),
31048
- purposeJustificationPrompt: Schema.optional(Schema.String),
31049
- purposeJustificationRequired: Schema.optional(Schema.Boolean),
31050
- sessionDuration: Schema.optional(Schema.String),
31051
- }).pipe(
31052
- Schema.encodeKeys({
31053
- id: "id",
31054
- approvalGroups: "approval_groups",
31055
- approvalRequired: "approval_required",
31056
- connectionRules: "connection_rules",
31057
- isolationRequired: "isolation_required",
31058
- mfaConfig: "mfa_config",
31059
- precedence: "precedence",
31060
- purposeJustificationPrompt: "purpose_justification_prompt",
31061
- purposeJustificationRequired: "purpose_justification_required",
31062
- sessionDuration: "session_duration",
31063
- }),
31064
- ),
31065
- ]),
31066
- ),
31067
- ),
31068
- readServiceTokensFromHeader: Schema.optional(Schema.String),
31069
- sameSiteCookieAttribute: Schema.optional(Schema.String),
31070
- scimConfig: Schema.optional(
31071
- Schema.Struct({
31072
- idpUid: Schema.String,
31073
- remoteUri: Schema.String,
31074
- authentication: Schema.optional(
31075
- Schema.Union([
31076
- Schema.Struct({
31077
- authorizationUrl: Schema.String,
31078
- clientId: Schema.String,
31079
- clientSecret: SensitiveString,
31080
- scheme: Schema.Literal("oauth2"),
31081
- tokenUrl: Schema.String,
31082
- scopes: Schema.optional(Schema.Array(Schema.String)),
31083
- }).pipe(
31084
- Schema.encodeKeys({
31085
- authorizationUrl: "authorization_url",
31086
- clientId: "client_id",
31087
- clientSecret: "client_secret",
31088
- scheme: "scheme",
31089
- tokenUrl: "token_url",
31090
- scopes: "scopes",
31091
- }),
31092
- ),
31093
- Schema.Struct({
31094
- password: SensitiveString,
31095
- scheme: Schema.Literal("httpbasic"),
31096
- user: Schema.String,
31097
- }),
31098
- Schema.Struct({
31099
- clientId: Schema.String,
31100
- clientSecret: SensitiveString,
31101
- scheme: Schema.Literal("access_service_token"),
31029
+ isolationRequired: Schema.optional(Schema.Boolean),
31030
+ mfaConfig: Schema.optional(
31031
+ Schema.Struct({
31032
+ allowedAuthenticators: Schema.optional(
31033
+ Schema.Array(
31034
+ Schema.Union([
31035
+ Schema.Literals(["totp", "biometrics", "security_key"]),
31036
+ Schema.String,
31037
+ ]),
31038
+ ),
31039
+ ),
31040
+ mfaDisabled: Schema.optional(Schema.Boolean),
31041
+ sessionDuration: Schema.optional(Schema.String),
31042
+ }).pipe(
31043
+ Schema.encodeKeys({
31044
+ allowedAuthenticators: "allowed_authenticators",
31045
+ mfaDisabled: "mfa_disabled",
31046
+ sessionDuration: "session_duration",
31047
+ }),
31048
+ ),
31049
+ ),
31050
+ precedence: Schema.optional(Schema.Number),
31051
+ purposeJustificationPrompt: Schema.optional(Schema.String),
31052
+ purposeJustificationRequired: Schema.optional(Schema.Boolean),
31053
+ sessionDuration: Schema.optional(Schema.String),
31102
31054
  }).pipe(
31103
31055
  Schema.encodeKeys({
31104
- clientId: "client_id",
31105
- clientSecret: "client_secret",
31106
- scheme: "scheme",
31056
+ id: "id",
31057
+ approvalGroups: "approval_groups",
31058
+ approvalRequired: "approval_required",
31059
+ connectionRules: "connection_rules",
31060
+ isolationRequired: "isolation_required",
31061
+ mfaConfig: "mfa_config",
31062
+ precedence: "precedence",
31063
+ purposeJustificationPrompt: "purpose_justification_prompt",
31064
+ purposeJustificationRequired: "purpose_justification_required",
31065
+ sessionDuration: "session_duration",
31107
31066
  }),
31108
31067
  ),
31109
- Schema.Struct({
31110
- token: Schema.String,
31111
- scheme: Schema.Literal("oauthbearertoken"),
31112
- }),
31113
- Schema.Array(
31068
+ ]),
31069
+ ),
31070
+ Schema.Array(
31071
+ Schema.Struct({
31072
+ decision: Schema.Union([
31073
+ Schema.Literals(["allow", "deny", "non_identity", "bypass"]),
31074
+ Schema.String,
31075
+ ]),
31076
+ include: Schema.Array(
31114
31077
  Schema.Union([
31115
31078
  Schema.Struct({
31116
- authorizationUrl: Schema.String,
31117
- clientId: Schema.String,
31118
- clientSecret: SensitiveString,
31119
- scheme: Schema.Literal("oauth2"),
31120
- tokenUrl: Schema.String,
31121
- scopes: Schema.optional(Schema.Array(Schema.String)),
31079
+ group: Schema.Struct({
31080
+ id: Schema.String,
31081
+ }),
31082
+ }),
31083
+ Schema.Struct({
31084
+ anyValidServiceToken: Schema.Unknown,
31122
31085
  }).pipe(
31123
31086
  Schema.encodeKeys({
31124
- authorizationUrl: "authorization_url",
31125
- clientId: "client_id",
31126
- clientSecret: "client_secret",
31127
- scheme: "scheme",
31128
- tokenUrl: "token_url",
31129
- scopes: "scopes",
31087
+ anyValidServiceToken: "any_valid_service_token",
31130
31088
  }),
31131
31089
  ),
31132
31090
  Schema.Struct({
31133
- password: SensitiveString,
31134
- scheme: Schema.Literal("httpbasic"),
31135
- user: Schema.String,
31091
+ authContext: Schema.Struct({
31092
+ id: Schema.String,
31093
+ acId: Schema.String,
31094
+ identityProviderId: Schema.String,
31095
+ }).pipe(
31096
+ Schema.encodeKeys({
31097
+ id: "id",
31098
+ acId: "ac_id",
31099
+ identityProviderId: "identity_provider_id",
31100
+ }),
31101
+ ),
31102
+ }).pipe(Schema.encodeKeys({ authContext: "auth_context" })),
31103
+ Schema.Struct({
31104
+ authMethod: Schema.Struct({
31105
+ authMethod: Schema.String,
31106
+ }).pipe(Schema.encodeKeys({ authMethod: "auth_method" })),
31107
+ }).pipe(Schema.encodeKeys({ authMethod: "auth_method" })),
31108
+ Schema.Struct({
31109
+ azureAD: Schema.Struct({
31110
+ id: Schema.String,
31111
+ identityProviderId: Schema.String,
31112
+ }).pipe(
31113
+ Schema.encodeKeys({
31114
+ id: "id",
31115
+ identityProviderId: "identity_provider_id",
31116
+ }),
31117
+ ),
31136
31118
  }),
31137
31119
  Schema.Struct({
31138
- clientId: Schema.String,
31139
- clientSecret: SensitiveString,
31140
- scheme: Schema.Literal("access_service_token"),
31120
+ certificate: Schema.Unknown,
31121
+ }),
31122
+ Schema.Struct({
31123
+ commonName: Schema.Struct({
31124
+ commonName: Schema.String,
31125
+ }).pipe(Schema.encodeKeys({ commonName: "common_name" })),
31126
+ }).pipe(Schema.encodeKeys({ commonName: "common_name" })),
31127
+ Schema.Struct({
31128
+ geo: Schema.Struct({
31129
+ countryCode: Schema.String,
31130
+ }).pipe(Schema.encodeKeys({ countryCode: "country_code" })),
31131
+ }),
31132
+ Schema.Struct({
31133
+ devicePosture: Schema.Struct({
31134
+ integrationUid: Schema.String,
31135
+ }).pipe(
31136
+ Schema.encodeKeys({ integrationUid: "integration_uid" }),
31137
+ ),
31138
+ }).pipe(Schema.encodeKeys({ devicePosture: "device_posture" })),
31139
+ Schema.Struct({
31140
+ emailDomain: Schema.Struct({
31141
+ domain: Schema.String,
31142
+ }),
31143
+ }).pipe(Schema.encodeKeys({ emailDomain: "email_domain" })),
31144
+ Schema.Struct({
31145
+ emailList: Schema.Struct({
31146
+ id: Schema.String,
31147
+ }),
31148
+ }).pipe(Schema.encodeKeys({ emailList: "email_list" })),
31149
+ Schema.Struct({
31150
+ email: Schema.Struct({
31151
+ email: Schema.String,
31152
+ }),
31153
+ }),
31154
+ Schema.Struct({
31155
+ everyone: Schema.Unknown,
31156
+ }),
31157
+ Schema.Struct({
31158
+ externalEvaluation: Schema.Struct({
31159
+ evaluateUrl: Schema.String,
31160
+ keysUrl: Schema.String,
31161
+ }).pipe(
31162
+ Schema.encodeKeys({
31163
+ evaluateUrl: "evaluate_url",
31164
+ keysUrl: "keys_url",
31165
+ }),
31166
+ ),
31141
31167
  }).pipe(
31142
31168
  Schema.encodeKeys({
31143
- clientId: "client_id",
31144
- clientSecret: "client_secret",
31145
- scheme: "scheme",
31169
+ externalEvaluation: "external_evaluation",
31146
31170
  }),
31147
31171
  ),
31148
31172
  Schema.Struct({
31149
- token: Schema.String,
31150
- scheme: Schema.Literal("oauthbearertoken"),
31173
+ githubOrganization: Schema.Struct({
31174
+ identityProviderId: Schema.String,
31175
+ name: Schema.String,
31176
+ team: Schema.optional(Schema.String),
31177
+ }).pipe(
31178
+ Schema.encodeKeys({
31179
+ identityProviderId: "identity_provider_id",
31180
+ name: "name",
31181
+ team: "team",
31182
+ }),
31183
+ ),
31184
+ }).pipe(
31185
+ Schema.encodeKeys({
31186
+ githubOrganization: "github-organization",
31187
+ }),
31188
+ ),
31189
+ Schema.Struct({
31190
+ gsuite: Schema.Struct({
31191
+ email: Schema.String,
31192
+ identityProviderId: Schema.String,
31193
+ }).pipe(
31194
+ Schema.encodeKeys({
31195
+ email: "email",
31196
+ identityProviderId: "identity_provider_id",
31197
+ }),
31198
+ ),
31151
31199
  }),
31152
- ]),
31153
- ),
31154
- ]),
31155
- ),
31156
- deactivateOnDelete: Schema.optional(Schema.Boolean),
31157
- enabled: Schema.optional(Schema.Boolean),
31158
- mappings: Schema.optional(
31159
- Schema.Array(
31160
- Schema.Struct({
31161
- schema: Schema.String,
31162
- enabled: Schema.optional(Schema.Boolean),
31163
- filter: Schema.optional(Schema.String),
31164
- operations: Schema.optional(
31165
31200
  Schema.Struct({
31166
- create: Schema.optional(Schema.Boolean),
31167
- delete: Schema.optional(Schema.Boolean),
31168
- update: Schema.optional(Schema.Boolean),
31201
+ loginMethod: Schema.Struct({
31202
+ id: Schema.String,
31203
+ }),
31204
+ }).pipe(Schema.encodeKeys({ loginMethod: "login_method" })),
31205
+ Schema.Struct({
31206
+ ipList: Schema.Struct({
31207
+ id: Schema.String,
31208
+ }),
31209
+ }).pipe(Schema.encodeKeys({ ipList: "ip_list" })),
31210
+ Schema.Struct({
31211
+ ip: Schema.Struct({
31212
+ ip: Schema.String,
31213
+ }),
31169
31214
  }),
31170
- ),
31171
- strictness: Schema.optional(
31172
- Schema.Union([
31173
- Schema.Literals(["strict", "passthrough"]),
31174
- Schema.String,
31175
- ]),
31176
- ),
31177
- transformJsonata: Schema.optional(Schema.String),
31178
- }).pipe(
31179
- Schema.encodeKeys({
31180
- schema: "schema",
31181
- enabled: "enabled",
31182
- filter: "filter",
31183
- operations: "operations",
31184
- strictness: "strictness",
31185
- transformJsonata: "transform_jsonata",
31215
+ Schema.Struct({
31216
+ okta: Schema.Struct({
31217
+ identityProviderId: Schema.String,
31218
+ name: Schema.String,
31219
+ }).pipe(
31220
+ Schema.encodeKeys({
31221
+ identityProviderId: "identity_provider_id",
31222
+ name: "name",
31223
+ }),
31224
+ ),
31225
+ }),
31226
+ Schema.Struct({
31227
+ saml: Schema.Struct({
31228
+ attributeName: Schema.String,
31229
+ attributeValue: Schema.String,
31230
+ identityProviderId: Schema.String,
31231
+ }).pipe(
31232
+ Schema.encodeKeys({
31233
+ attributeName: "attribute_name",
31234
+ attributeValue: "attribute_value",
31235
+ identityProviderId: "identity_provider_id",
31236
+ }),
31237
+ ),
31238
+ }),
31239
+ Schema.Struct({
31240
+ oidc: Schema.Struct({
31241
+ claimName: Schema.String,
31242
+ claimValue: Schema.String,
31243
+ identityProviderId: Schema.String,
31244
+ }).pipe(
31245
+ Schema.encodeKeys({
31246
+ claimName: "claim_name",
31247
+ claimValue: "claim_value",
31248
+ identityProviderId: "identity_provider_id",
31249
+ }),
31250
+ ),
31251
+ }),
31252
+ Schema.Struct({
31253
+ serviceToken: Schema.Struct({
31254
+ tokenId: Schema.String,
31255
+ }).pipe(Schema.encodeKeys({ tokenId: "token_id" })),
31256
+ }).pipe(Schema.encodeKeys({ serviceToken: "service_token" })),
31257
+ Schema.Struct({
31258
+ linkedAppToken: Schema.Struct({
31259
+ appUid: Schema.String,
31260
+ }).pipe(Schema.encodeKeys({ appUid: "app_uid" })),
31261
+ }).pipe(
31262
+ Schema.encodeKeys({ linkedAppToken: "linked_app_token" }),
31263
+ ),
31264
+ Schema.Struct({
31265
+ userRiskScore: Schema.Struct({
31266
+ userRiskScore: Schema.Array(
31267
+ Schema.Union([
31268
+ Schema.Literals(["low", "medium", "high", "unscored"]),
31269
+ Schema.String,
31270
+ ]),
31271
+ ),
31272
+ }).pipe(
31273
+ Schema.encodeKeys({ userRiskScore: "user_risk_score" }),
31274
+ ),
31275
+ }).pipe(Schema.encodeKeys({ userRiskScore: "user_risk_score" })),
31276
+ Schema.Struct({
31277
+ cloudflareAccountMember: Schema.Struct({
31278
+ accountId: Schema.optional(Schema.String),
31279
+ }).pipe(Schema.encodeKeys({ accountId: "account_id" })),
31280
+ }).pipe(
31281
+ Schema.encodeKeys({
31282
+ cloudflareAccountMember: "cloudflare_account_member",
31283
+ }),
31284
+ ),
31285
+ ]),
31286
+ ),
31287
+ name: Schema.String,
31288
+ connectionRules: Schema.optional(
31289
+ Schema.Struct({
31290
+ ssh: Schema.optional(
31291
+ Schema.Struct({
31292
+ usernames: Schema.Array(Schema.String),
31293
+ allowEmailAlias: Schema.optional(Schema.Boolean),
31294
+ }).pipe(
31295
+ Schema.encodeKeys({
31296
+ usernames: "usernames",
31297
+ allowEmailAlias: "allow_email_alias",
31298
+ }),
31299
+ ),
31300
+ ),
31186
31301
  }),
31187
31302
  ),
31188
- ),
31189
- ),
31190
- }).pipe(
31191
- Schema.encodeKeys({
31192
- idpUid: "idp_uid",
31193
- remoteUri: "remote_uri",
31194
- authentication: "authentication",
31195
- deactivateOnDelete: "deactivate_on_delete",
31196
- enabled: "enabled",
31197
- mappings: "mappings",
31198
- }),
31199
- ),
31200
- ),
31201
- selfHostedDomains: Schema.optional(Schema.Array(Schema.String)),
31202
- serviceAuth_401Redirect: Schema.optional(Schema.Boolean),
31203
- sessionDuration: Schema.optional(Schema.String),
31204
- skipInterstitial: Schema.optional(Schema.Boolean),
31205
- tags: Schema.optional(Schema.Array(Schema.String)),
31206
- useClientlessIsolationAppLauncherUrl: Schema.optional(Schema.Boolean),
31207
- } as const;
31208
-
31209
- interface CreateAccessApplicationBaseRequest {
31210
- /** Body param: The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher. */
31211
- domain: string;
31212
- /** Body param: The application type. */
31213
- type:
31214
- | "self_hosted"
31215
- | "saas"
31216
- | "ssh"
31217
- | "vnc"
31218
- | "app_launcher"
31219
- | "warp"
31220
- | "biso"
31221
- | "bookmark"
31222
- | "dash_sso"
31223
- | "infrastructure"
31224
- | "rdp"
31225
- | "mcp"
31226
- | "mcp_portal"
31227
- | "proxy_endpoint"
31228
- | (string & {});
31229
- /** Body param: When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always */
31230
- allowAuthenticateViaWarp?: boolean;
31231
- /** Body param: Enables loading application content in an iFrame. */
31232
- allowIframe?: boolean;
31233
- /** Body param: The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account. */
31234
- allowedIdps?: string[];
31235
- /** Body param: Displays the application in the App Launcher. */
31236
- appLauncherVisible?: boolean;
31237
- /** Body param: When set to `true`, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. */
31238
- autoRedirectToIdentity?: boolean;
31239
- /** Body param */
31240
- corsHeaders?: {
31241
- allowAllHeaders?: boolean;
31242
- allowAllMethods?: boolean;
31243
- allowAllOrigins?: boolean;
31244
- allowCredentials?: boolean;
31245
- allowedHeaders?: string[];
31246
- allowedMethods?: (
31247
- | "GET"
31248
- | "POST"
31249
- | "HEAD"
31250
- | "PUT"
31251
- | "DELETE"
31252
- | "CONNECT"
31253
- | "OPTIONS"
31254
- | "TRACE"
31255
- | "PATCH"
31256
- | (string & {})
31257
- )[];
31258
- allowedOrigins?: string[];
31259
- maxAge?: number;
31260
- };
31261
- /** Body param: The custom error message shown to a user when they are denied access to the application. */
31262
- customDenyMessage?: string;
31263
- /** Body param: The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules. */
31264
- customDenyUrl?: string;
31265
- /** Body param: The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules. */
31266
- customNonIdentityDenyUrl?: string;
31267
- /** Body param: The custom pages that will be displayed when applicable for this application */
31268
- customPages?: string[];
31269
- /** Body param: List of destinations secured by Access. This supersedes `self_hosted_domains` to allow for more flexibility in defining different types of domains. If `destinations` are provided, then `se */
31270
- destinations?: (
31271
- | { type?: "public"; uri?: string }
31272
- | {
31273
- cidr?: string;
31274
- hostname?: string;
31275
- l4Protocol?: "tcp" | "udp" | (string & {});
31276
- portRange?: string;
31277
- type?: "private";
31278
- vnetId?: string;
31279
- }
31280
- | { mcpServerId?: string; type?: "via_mcp_server_portal" }
31281
- )[];
31282
- /** Body param: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. */
31283
- enableBindingCookie?: boolean;
31284
- /** Body param: Enables the HttpOnly cookie attribute, which increases security against XSS attacks. */
31285
- httpOnlyCookieAttribute?: boolean;
31286
- /** Body param: The image URL for the logo shown in the App Launcher dashboard. */
31287
- logoUrl?: string;
31288
- /** Body param: Configures multi-factor authentication (MFA) settings. */
31289
- mfaConfig?: {
31290
- allowedAuthenticators?: (
31291
- | "totp"
31292
- | "biometrics"
31293
- | "security_key"
31294
- | (string & {})
31295
- )[];
31296
- mfaDisabled?: boolean;
31297
- sessionDuration?: string;
31298
- };
31299
- /** Body param: The name of the application. */
31300
- name?: string;
31301
- /** Body param: Beta: Optional configuration for managing an OAuth authorization flow controlled by Access. When set, Access will act as the OAuth authorization server for this application. Only compati */
31302
- oauthConfiguration?: {
31303
- dynamicClientRegistration?: {
31304
- allowAnyOnLocalhost?: boolean;
31305
- allowAnyOnLoopback?: boolean;
31306
- allowedUris?: string[];
31307
- enabled?: boolean;
31308
- };
31309
- enabled?: boolean;
31310
- grant?: { accessTokenLifetime?: string; sessionDuration?: string };
31311
- };
31312
- /** Body param: Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. */
31313
- optionsPreflightBypass?: boolean;
31314
- /** Body param: Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default */
31315
- pathCookieAttribute?: boolean;
31316
- /** Body param: The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application. Reusable a */
31317
- policies?: (
31318
- | { id?: string; precedence?: number }
31319
- | string
31320
- | {
31321
- id?: string;
31322
- approvalGroups?: {
31323
- approvalsNeeded: number;
31324
- emailAddresses?: string[];
31325
- emailListUuid?: string;
31326
- }[];
31327
- approvalRequired?: boolean;
31328
- connectionRules?: {
31329
- rdp?: {
31330
- allowedClipboardLocalToRemoteFormats?: "text"[];
31331
- allowedClipboardRemoteToLocalFormats?: "text"[];
31332
- };
31333
- };
31334
- isolationRequired?: boolean;
31335
- mfaConfig?: {
31336
- allowedAuthenticators?: (
31337
- | "totp"
31338
- | "biometrics"
31339
- | "security_key"
31340
- | (string & {})
31341
- )[];
31342
- mfaDisabled?: boolean;
31343
- sessionDuration?: string;
31344
- };
31345
- precedence?: number;
31346
- purposeJustificationPrompt?: string;
31347
- purposeJustificationRequired?: boolean;
31348
- sessionDuration?: string;
31349
- }
31350
- )[];
31351
- /** Body param: Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The */
31352
- readServiceTokensFromHeader?: string;
31353
- /** Body param: Sets the SameSite cookie setting, which provides increased security against CSRF attacks. */
31354
- sameSiteCookieAttribute?: string;
31355
- /** Body param: Configuration for provisioning to this application via SCIM. This is currently in closed beta. */
31356
- scimConfig?: {
31357
- idpUid: string;
31303
+ exclude: Schema.optional(
31304
+ Schema.Array(
31305
+ Schema.Union([
31306
+ Schema.Struct({
31307
+ group: Schema.Struct({
31308
+ id: Schema.String,
31309
+ }),
31310
+ }),
31311
+ Schema.Struct({
31312
+ anyValidServiceToken: Schema.Unknown,
31313
+ }).pipe(
31314
+ Schema.encodeKeys({
31315
+ anyValidServiceToken: "any_valid_service_token",
31316
+ }),
31317
+ ),
31318
+ Schema.Struct({
31319
+ authContext: Schema.Struct({
31320
+ id: Schema.String,
31321
+ acId: Schema.String,
31322
+ identityProviderId: Schema.String,
31323
+ }).pipe(
31324
+ Schema.encodeKeys({
31325
+ id: "id",
31326
+ acId: "ac_id",
31327
+ identityProviderId: "identity_provider_id",
31328
+ }),
31329
+ ),
31330
+ }).pipe(Schema.encodeKeys({ authContext: "auth_context" })),
31331
+ Schema.Struct({
31332
+ authMethod: Schema.Struct({
31333
+ authMethod: Schema.String,
31334
+ }).pipe(Schema.encodeKeys({ authMethod: "auth_method" })),
31335
+ }).pipe(Schema.encodeKeys({ authMethod: "auth_method" })),
31336
+ Schema.Struct({
31337
+ azureAD: Schema.Struct({
31338
+ id: Schema.String,
31339
+ identityProviderId: Schema.String,
31340
+ }).pipe(
31341
+ Schema.encodeKeys({
31342
+ id: "id",
31343
+ identityProviderId: "identity_provider_id",
31344
+ }),
31345
+ ),
31346
+ }),
31347
+ Schema.Struct({
31348
+ certificate: Schema.Unknown,
31349
+ }),
31350
+ Schema.Struct({
31351
+ commonName: Schema.Struct({
31352
+ commonName: Schema.String,
31353
+ }).pipe(Schema.encodeKeys({ commonName: "common_name" })),
31354
+ }).pipe(Schema.encodeKeys({ commonName: "common_name" })),
31355
+ Schema.Struct({
31356
+ geo: Schema.Struct({
31357
+ countryCode: Schema.String,
31358
+ }).pipe(Schema.encodeKeys({ countryCode: "country_code" })),
31359
+ }),
31360
+ Schema.Struct({
31361
+ devicePosture: Schema.Struct({
31362
+ integrationUid: Schema.String,
31363
+ }).pipe(
31364
+ Schema.encodeKeys({ integrationUid: "integration_uid" }),
31365
+ ),
31366
+ }).pipe(Schema.encodeKeys({ devicePosture: "device_posture" })),
31367
+ Schema.Struct({
31368
+ emailDomain: Schema.Struct({
31369
+ domain: Schema.String,
31370
+ }),
31371
+ }).pipe(Schema.encodeKeys({ emailDomain: "email_domain" })),
31372
+ Schema.Struct({
31373
+ emailList: Schema.Struct({
31374
+ id: Schema.String,
31375
+ }),
31376
+ }).pipe(Schema.encodeKeys({ emailList: "email_list" })),
31377
+ Schema.Struct({
31378
+ email: Schema.Struct({
31379
+ email: Schema.String,
31380
+ }),
31381
+ }),
31382
+ Schema.Struct({
31383
+ everyone: Schema.Unknown,
31384
+ }),
31385
+ Schema.Struct({
31386
+ externalEvaluation: Schema.Struct({
31387
+ evaluateUrl: Schema.String,
31388
+ keysUrl: Schema.String,
31389
+ }).pipe(
31390
+ Schema.encodeKeys({
31391
+ evaluateUrl: "evaluate_url",
31392
+ keysUrl: "keys_url",
31393
+ }),
31394
+ ),
31395
+ }).pipe(
31396
+ Schema.encodeKeys({
31397
+ externalEvaluation: "external_evaluation",
31398
+ }),
31399
+ ),
31400
+ Schema.Struct({
31401
+ githubOrganization: Schema.Struct({
31402
+ identityProviderId: Schema.String,
31403
+ name: Schema.String,
31404
+ team: Schema.optional(Schema.String),
31405
+ }).pipe(
31406
+ Schema.encodeKeys({
31407
+ identityProviderId: "identity_provider_id",
31408
+ name: "name",
31409
+ team: "team",
31410
+ }),
31411
+ ),
31412
+ }).pipe(
31413
+ Schema.encodeKeys({
31414
+ githubOrganization: "github-organization",
31415
+ }),
31416
+ ),
31417
+ Schema.Struct({
31418
+ gsuite: Schema.Struct({
31419
+ email: Schema.String,
31420
+ identityProviderId: Schema.String,
31421
+ }).pipe(
31422
+ Schema.encodeKeys({
31423
+ email: "email",
31424
+ identityProviderId: "identity_provider_id",
31425
+ }),
31426
+ ),
31427
+ }),
31428
+ Schema.Struct({
31429
+ loginMethod: Schema.Struct({
31430
+ id: Schema.String,
31431
+ }),
31432
+ }).pipe(Schema.encodeKeys({ loginMethod: "login_method" })),
31433
+ Schema.Struct({
31434
+ ipList: Schema.Struct({
31435
+ id: Schema.String,
31436
+ }),
31437
+ }).pipe(Schema.encodeKeys({ ipList: "ip_list" })),
31438
+ Schema.Struct({
31439
+ ip: Schema.Struct({
31440
+ ip: Schema.String,
31441
+ }),
31442
+ }),
31443
+ Schema.Struct({
31444
+ okta: Schema.Struct({
31445
+ identityProviderId: Schema.String,
31446
+ name: Schema.String,
31447
+ }).pipe(
31448
+ Schema.encodeKeys({
31449
+ identityProviderId: "identity_provider_id",
31450
+ name: "name",
31451
+ }),
31452
+ ),
31453
+ }),
31454
+ Schema.Struct({
31455
+ saml: Schema.Struct({
31456
+ attributeName: Schema.String,
31457
+ attributeValue: Schema.String,
31458
+ identityProviderId: Schema.String,
31459
+ }).pipe(
31460
+ Schema.encodeKeys({
31461
+ attributeName: "attribute_name",
31462
+ attributeValue: "attribute_value",
31463
+ identityProviderId: "identity_provider_id",
31464
+ }),
31465
+ ),
31466
+ }),
31467
+ Schema.Struct({
31468
+ oidc: Schema.Struct({
31469
+ claimName: Schema.String,
31470
+ claimValue: Schema.String,
31471
+ identityProviderId: Schema.String,
31472
+ }).pipe(
31473
+ Schema.encodeKeys({
31474
+ claimName: "claim_name",
31475
+ claimValue: "claim_value",
31476
+ identityProviderId: "identity_provider_id",
31477
+ }),
31478
+ ),
31479
+ }),
31480
+ Schema.Struct({
31481
+ serviceToken: Schema.Struct({
31482
+ tokenId: Schema.String,
31483
+ }).pipe(Schema.encodeKeys({ tokenId: "token_id" })),
31484
+ }).pipe(Schema.encodeKeys({ serviceToken: "service_token" })),
31485
+ Schema.Struct({
31486
+ linkedAppToken: Schema.Struct({
31487
+ appUid: Schema.String,
31488
+ }).pipe(Schema.encodeKeys({ appUid: "app_uid" })),
31489
+ }).pipe(
31490
+ Schema.encodeKeys({ linkedAppToken: "linked_app_token" }),
31491
+ ),
31492
+ Schema.Struct({
31493
+ userRiskScore: Schema.Struct({
31494
+ userRiskScore: Schema.Array(
31495
+ Schema.Union([
31496
+ Schema.Literals(["low", "medium", "high", "unscored"]),
31497
+ Schema.String,
31498
+ ]),
31499
+ ),
31500
+ }).pipe(
31501
+ Schema.encodeKeys({ userRiskScore: "user_risk_score" }),
31502
+ ),
31503
+ }).pipe(
31504
+ Schema.encodeKeys({ userRiskScore: "user_risk_score" }),
31505
+ ),
31506
+ Schema.Struct({
31507
+ cloudflareAccountMember: Schema.Struct({
31508
+ accountId: Schema.optional(Schema.String),
31509
+ }).pipe(Schema.encodeKeys({ accountId: "account_id" })),
31510
+ }).pipe(
31511
+ Schema.encodeKeys({
31512
+ cloudflareAccountMember: "cloudflare_account_member",
31513
+ }),
31514
+ ),
31515
+ ]),
31516
+ ),
31517
+ ),
31518
+ mfaConfig: Schema.optional(
31519
+ Schema.Struct({
31520
+ allowedAuthenticators: Schema.optional(
31521
+ Schema.Array(Schema.Literal("ssh_piv_key")),
31522
+ ),
31523
+ mfaDisabled: Schema.optional(Schema.Boolean),
31524
+ sessionDuration: Schema.optional(Schema.String),
31525
+ }).pipe(
31526
+ Schema.encodeKeys({
31527
+ allowedAuthenticators: "allowed_authenticators",
31528
+ mfaDisabled: "mfa_disabled",
31529
+ sessionDuration: "session_duration",
31530
+ }),
31531
+ ),
31532
+ ),
31533
+ require: Schema.optional(
31534
+ Schema.Array(
31535
+ Schema.Union([
31536
+ Schema.Struct({
31537
+ group: Schema.Struct({
31538
+ id: Schema.String,
31539
+ }),
31540
+ }),
31541
+ Schema.Struct({
31542
+ anyValidServiceToken: Schema.Unknown,
31543
+ }).pipe(
31544
+ Schema.encodeKeys({
31545
+ anyValidServiceToken: "any_valid_service_token",
31546
+ }),
31547
+ ),
31548
+ Schema.Struct({
31549
+ authContext: Schema.Struct({
31550
+ id: Schema.String,
31551
+ acId: Schema.String,
31552
+ identityProviderId: Schema.String,
31553
+ }).pipe(
31554
+ Schema.encodeKeys({
31555
+ id: "id",
31556
+ acId: "ac_id",
31557
+ identityProviderId: "identity_provider_id",
31558
+ }),
31559
+ ),
31560
+ }).pipe(Schema.encodeKeys({ authContext: "auth_context" })),
31561
+ Schema.Struct({
31562
+ authMethod: Schema.Struct({
31563
+ authMethod: Schema.String,
31564
+ }).pipe(Schema.encodeKeys({ authMethod: "auth_method" })),
31565
+ }).pipe(Schema.encodeKeys({ authMethod: "auth_method" })),
31566
+ Schema.Struct({
31567
+ azureAD: Schema.Struct({
31568
+ id: Schema.String,
31569
+ identityProviderId: Schema.String,
31570
+ }).pipe(
31571
+ Schema.encodeKeys({
31572
+ id: "id",
31573
+ identityProviderId: "identity_provider_id",
31574
+ }),
31575
+ ),
31576
+ }),
31577
+ Schema.Struct({
31578
+ certificate: Schema.Unknown,
31579
+ }),
31580
+ Schema.Struct({
31581
+ commonName: Schema.Struct({
31582
+ commonName: Schema.String,
31583
+ }).pipe(Schema.encodeKeys({ commonName: "common_name" })),
31584
+ }).pipe(Schema.encodeKeys({ commonName: "common_name" })),
31585
+ Schema.Struct({
31586
+ geo: Schema.Struct({
31587
+ countryCode: Schema.String,
31588
+ }).pipe(Schema.encodeKeys({ countryCode: "country_code" })),
31589
+ }),
31590
+ Schema.Struct({
31591
+ devicePosture: Schema.Struct({
31592
+ integrationUid: Schema.String,
31593
+ }).pipe(
31594
+ Schema.encodeKeys({ integrationUid: "integration_uid" }),
31595
+ ),
31596
+ }).pipe(Schema.encodeKeys({ devicePosture: "device_posture" })),
31597
+ Schema.Struct({
31598
+ emailDomain: Schema.Struct({
31599
+ domain: Schema.String,
31600
+ }),
31601
+ }).pipe(Schema.encodeKeys({ emailDomain: "email_domain" })),
31602
+ Schema.Struct({
31603
+ emailList: Schema.Struct({
31604
+ id: Schema.String,
31605
+ }),
31606
+ }).pipe(Schema.encodeKeys({ emailList: "email_list" })),
31607
+ Schema.Struct({
31608
+ email: Schema.Struct({
31609
+ email: Schema.String,
31610
+ }),
31611
+ }),
31612
+ Schema.Struct({
31613
+ everyone: Schema.Unknown,
31614
+ }),
31615
+ Schema.Struct({
31616
+ externalEvaluation: Schema.Struct({
31617
+ evaluateUrl: Schema.String,
31618
+ keysUrl: Schema.String,
31619
+ }).pipe(
31620
+ Schema.encodeKeys({
31621
+ evaluateUrl: "evaluate_url",
31622
+ keysUrl: "keys_url",
31623
+ }),
31624
+ ),
31625
+ }).pipe(
31626
+ Schema.encodeKeys({
31627
+ externalEvaluation: "external_evaluation",
31628
+ }),
31629
+ ),
31630
+ Schema.Struct({
31631
+ githubOrganization: Schema.Struct({
31632
+ identityProviderId: Schema.String,
31633
+ name: Schema.String,
31634
+ team: Schema.optional(Schema.String),
31635
+ }).pipe(
31636
+ Schema.encodeKeys({
31637
+ identityProviderId: "identity_provider_id",
31638
+ name: "name",
31639
+ team: "team",
31640
+ }),
31641
+ ),
31642
+ }).pipe(
31643
+ Schema.encodeKeys({
31644
+ githubOrganization: "github-organization",
31645
+ }),
31646
+ ),
31647
+ Schema.Struct({
31648
+ gsuite: Schema.Struct({
31649
+ email: Schema.String,
31650
+ identityProviderId: Schema.String,
31651
+ }).pipe(
31652
+ Schema.encodeKeys({
31653
+ email: "email",
31654
+ identityProviderId: "identity_provider_id",
31655
+ }),
31656
+ ),
31657
+ }),
31658
+ Schema.Struct({
31659
+ loginMethod: Schema.Struct({
31660
+ id: Schema.String,
31661
+ }),
31662
+ }).pipe(Schema.encodeKeys({ loginMethod: "login_method" })),
31663
+ Schema.Struct({
31664
+ ipList: Schema.Struct({
31665
+ id: Schema.String,
31666
+ }),
31667
+ }).pipe(Schema.encodeKeys({ ipList: "ip_list" })),
31668
+ Schema.Struct({
31669
+ ip: Schema.Struct({
31670
+ ip: Schema.String,
31671
+ }),
31672
+ }),
31673
+ Schema.Struct({
31674
+ okta: Schema.Struct({
31675
+ identityProviderId: Schema.String,
31676
+ name: Schema.String,
31677
+ }).pipe(
31678
+ Schema.encodeKeys({
31679
+ identityProviderId: "identity_provider_id",
31680
+ name: "name",
31681
+ }),
31682
+ ),
31683
+ }),
31684
+ Schema.Struct({
31685
+ saml: Schema.Struct({
31686
+ attributeName: Schema.String,
31687
+ attributeValue: Schema.String,
31688
+ identityProviderId: Schema.String,
31689
+ }).pipe(
31690
+ Schema.encodeKeys({
31691
+ attributeName: "attribute_name",
31692
+ attributeValue: "attribute_value",
31693
+ identityProviderId: "identity_provider_id",
31694
+ }),
31695
+ ),
31696
+ }),
31697
+ Schema.Struct({
31698
+ oidc: Schema.Struct({
31699
+ claimName: Schema.String,
31700
+ claimValue: Schema.String,
31701
+ identityProviderId: Schema.String,
31702
+ }).pipe(
31703
+ Schema.encodeKeys({
31704
+ claimName: "claim_name",
31705
+ claimValue: "claim_value",
31706
+ identityProviderId: "identity_provider_id",
31707
+ }),
31708
+ ),
31709
+ }),
31710
+ Schema.Struct({
31711
+ serviceToken: Schema.Struct({
31712
+ tokenId: Schema.String,
31713
+ }).pipe(Schema.encodeKeys({ tokenId: "token_id" })),
31714
+ }).pipe(Schema.encodeKeys({ serviceToken: "service_token" })),
31715
+ Schema.Struct({
31716
+ linkedAppToken: Schema.Struct({
31717
+ appUid: Schema.String,
31718
+ }).pipe(Schema.encodeKeys({ appUid: "app_uid" })),
31719
+ }).pipe(
31720
+ Schema.encodeKeys({ linkedAppToken: "linked_app_token" }),
31721
+ ),
31722
+ Schema.Struct({
31723
+ userRiskScore: Schema.Struct({
31724
+ userRiskScore: Schema.Array(
31725
+ Schema.Union([
31726
+ Schema.Literals(["low", "medium", "high", "unscored"]),
31727
+ Schema.String,
31728
+ ]),
31729
+ ),
31730
+ }).pipe(
31731
+ Schema.encodeKeys({ userRiskScore: "user_risk_score" }),
31732
+ ),
31733
+ }).pipe(
31734
+ Schema.encodeKeys({ userRiskScore: "user_risk_score" }),
31735
+ ),
31736
+ Schema.Struct({
31737
+ cloudflareAccountMember: Schema.Struct({
31738
+ accountId: Schema.optional(Schema.String),
31739
+ }).pipe(Schema.encodeKeys({ accountId: "account_id" })),
31740
+ }).pipe(
31741
+ Schema.encodeKeys({
31742
+ cloudflareAccountMember: "cloudflare_account_member",
31743
+ }),
31744
+ ),
31745
+ ]),
31746
+ ),
31747
+ ),
31748
+ }).pipe(
31749
+ Schema.encodeKeys({
31750
+ decision: "decision",
31751
+ include: "include",
31752
+ name: "name",
31753
+ connectionRules: "connection_rules",
31754
+ exclude: "exclude",
31755
+ mfaConfig: "mfa_config",
31756
+ require: "require",
31757
+ }),
31758
+ ),
31759
+ ),
31760
+ ]),
31761
+ ),
31762
+ readServiceTokensFromHeader: Schema.optional(Schema.String),
31763
+ sameSiteCookieAttribute: Schema.optional(Schema.String),
31764
+ scimConfig: Schema.optional(
31765
+ Schema.Struct({
31766
+ idpUid: Schema.String,
31767
+ remoteUri: Schema.String,
31768
+ authentication: Schema.optional(
31769
+ Schema.Union([
31770
+ Schema.Struct({
31771
+ authorizationUrl: Schema.String,
31772
+ clientId: Schema.String,
31773
+ clientSecret: SensitiveString,
31774
+ scheme: Schema.Literal("oauth2"),
31775
+ tokenUrl: Schema.String,
31776
+ scopes: Schema.optional(Schema.Array(Schema.String)),
31777
+ }).pipe(
31778
+ Schema.encodeKeys({
31779
+ authorizationUrl: "authorization_url",
31780
+ clientId: "client_id",
31781
+ clientSecret: "client_secret",
31782
+ scheme: "scheme",
31783
+ tokenUrl: "token_url",
31784
+ scopes: "scopes",
31785
+ }),
31786
+ ),
31787
+ Schema.Struct({
31788
+ password: SensitiveString,
31789
+ scheme: Schema.Literal("httpbasic"),
31790
+ user: Schema.String,
31791
+ }),
31792
+ Schema.Struct({
31793
+ clientId: Schema.String,
31794
+ clientSecret: SensitiveString,
31795
+ scheme: Schema.Literal("access_service_token"),
31796
+ }).pipe(
31797
+ Schema.encodeKeys({
31798
+ clientId: "client_id",
31799
+ clientSecret: "client_secret",
31800
+ scheme: "scheme",
31801
+ }),
31802
+ ),
31803
+ Schema.Struct({
31804
+ token: Schema.String,
31805
+ scheme: Schema.Literal("oauthbearertoken"),
31806
+ }),
31807
+ Schema.Array(
31808
+ Schema.Union([
31809
+ Schema.Struct({
31810
+ authorizationUrl: Schema.String,
31811
+ clientId: Schema.String,
31812
+ clientSecret: SensitiveString,
31813
+ scheme: Schema.Literal("oauth2"),
31814
+ tokenUrl: Schema.String,
31815
+ scopes: Schema.optional(Schema.Array(Schema.String)),
31816
+ }).pipe(
31817
+ Schema.encodeKeys({
31818
+ authorizationUrl: "authorization_url",
31819
+ clientId: "client_id",
31820
+ clientSecret: "client_secret",
31821
+ scheme: "scheme",
31822
+ tokenUrl: "token_url",
31823
+ scopes: "scopes",
31824
+ }),
31825
+ ),
31826
+ Schema.Struct({
31827
+ password: SensitiveString,
31828
+ scheme: Schema.Literal("httpbasic"),
31829
+ user: Schema.String,
31830
+ }),
31831
+ Schema.Struct({
31832
+ clientId: Schema.String,
31833
+ clientSecret: SensitiveString,
31834
+ scheme: Schema.Literal("access_service_token"),
31835
+ }).pipe(
31836
+ Schema.encodeKeys({
31837
+ clientId: "client_id",
31838
+ clientSecret: "client_secret",
31839
+ scheme: "scheme",
31840
+ }),
31841
+ ),
31842
+ Schema.Struct({
31843
+ token: Schema.String,
31844
+ scheme: Schema.Literal("oauthbearertoken"),
31845
+ }),
31846
+ ]),
31847
+ ),
31848
+ ]),
31849
+ ),
31850
+ deactivateOnDelete: Schema.optional(Schema.Boolean),
31851
+ enabled: Schema.optional(Schema.Boolean),
31852
+ mappings: Schema.optional(
31853
+ Schema.Array(
31854
+ Schema.Struct({
31855
+ schema: Schema.String,
31856
+ enabled: Schema.optional(Schema.Boolean),
31857
+ filter: Schema.optional(Schema.String),
31858
+ operations: Schema.optional(
31859
+ Schema.Struct({
31860
+ create: Schema.optional(Schema.Boolean),
31861
+ delete: Schema.optional(Schema.Boolean),
31862
+ update: Schema.optional(Schema.Boolean),
31863
+ }),
31864
+ ),
31865
+ strictness: Schema.optional(
31866
+ Schema.Union([
31867
+ Schema.Literals(["strict", "passthrough"]),
31868
+ Schema.String,
31869
+ ]),
31870
+ ),
31871
+ transformJsonata: Schema.optional(Schema.String),
31872
+ }).pipe(
31873
+ Schema.encodeKeys({
31874
+ schema: "schema",
31875
+ enabled: "enabled",
31876
+ filter: "filter",
31877
+ operations: "operations",
31878
+ strictness: "strictness",
31879
+ transformJsonata: "transform_jsonata",
31880
+ }),
31881
+ ),
31882
+ ),
31883
+ ),
31884
+ }).pipe(
31885
+ Schema.encodeKeys({
31886
+ idpUid: "idp_uid",
31887
+ remoteUri: "remote_uri",
31888
+ authentication: "authentication",
31889
+ deactivateOnDelete: "deactivate_on_delete",
31890
+ enabled: "enabled",
31891
+ mappings: "mappings",
31892
+ }),
31893
+ ),
31894
+ ),
31895
+ selfHostedDomains: Schema.optional(Schema.Array(Schema.String)),
31896
+ serviceAuth_401Redirect: Schema.optional(Schema.Boolean),
31897
+ sessionDuration: Schema.optional(Schema.String),
31898
+ skipInterstitial: Schema.optional(Schema.Boolean),
31899
+ tags: Schema.optional(Schema.Array(Schema.String)),
31900
+ useClientlessIsolationAppLauncherUrl: Schema.optional(Schema.Boolean),
31901
+ saasApp: Schema.optional(
31902
+ Schema.Struct({
31903
+ authType: Schema.optional(
31904
+ Schema.Union([Schema.Literals(["saml", "oidc"]), Schema.String]),
31905
+ ),
31906
+ consumerServiceUrl: Schema.optional(Schema.String),
31907
+ customAttributes: Schema.optional(
31908
+ Schema.Array(
31909
+ Schema.Struct({
31910
+ friendlyName: Schema.optional(Schema.String),
31911
+ name: Schema.optional(Schema.String),
31912
+ nameFormat: Schema.optional(
31913
+ Schema.Union([
31914
+ Schema.Literals([
31915
+ "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified",
31916
+ "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
31917
+ "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
31918
+ ]),
31919
+ Schema.String,
31920
+ ]),
31921
+ ),
31922
+ required: Schema.optional(Schema.Boolean),
31923
+ source: Schema.optional(
31924
+ Schema.Struct({
31925
+ name: Schema.optional(Schema.String),
31926
+ nameByIdp: Schema.optional(
31927
+ Schema.Array(
31928
+ Schema.Struct({
31929
+ idpId: Schema.optional(Schema.String),
31930
+ sourceName: Schema.optional(Schema.String),
31931
+ }).pipe(
31932
+ Schema.encodeKeys({
31933
+ idpId: "idp_id",
31934
+ sourceName: "source_name",
31935
+ }),
31936
+ ),
31937
+ ),
31938
+ ),
31939
+ }).pipe(
31940
+ Schema.encodeKeys({ name: "name", nameByIdp: "name_by_idp" }),
31941
+ ),
31942
+ ),
31943
+ }).pipe(
31944
+ Schema.encodeKeys({
31945
+ friendlyName: "friendly_name",
31946
+ name: "name",
31947
+ nameFormat: "name_format",
31948
+ required: "required",
31949
+ source: "source",
31950
+ }),
31951
+ ),
31952
+ ),
31953
+ ),
31954
+ defaultRelayState: Schema.optional(Schema.String),
31955
+ idpEntityId: Schema.optional(Schema.String),
31956
+ nameIdFormat: Schema.optional(
31957
+ Schema.Union([Schema.Literals(["id", "email"]), Schema.String]),
31958
+ ),
31959
+ nameIdTransformJsonata: Schema.optional(Schema.String),
31960
+ publicKey: Schema.optional(Schema.String),
31961
+ samlAttributeTransformJsonata: Schema.optional(Schema.String),
31962
+ spEntityId: Schema.optional(Schema.String),
31963
+ ssoEndpoint: Schema.optional(Schema.String),
31964
+ accessTokenLifetime: Schema.optional(Schema.String),
31965
+ allowPkceWithoutClientSecret: Schema.optional(Schema.Boolean),
31966
+ appLauncherUrl: Schema.optional(Schema.String),
31967
+ clientId: Schema.optional(Schema.String),
31968
+ clientSecret: Schema.optional(SensitiveString),
31969
+ customClaims: Schema.optional(
31970
+ Schema.Array(
31971
+ Schema.Struct({
31972
+ name: Schema.optional(Schema.String),
31973
+ required: Schema.optional(Schema.Boolean),
31974
+ scope: Schema.optional(
31975
+ Schema.Union([
31976
+ Schema.Literals(["groups", "profile", "email", "openid"]),
31977
+ Schema.String,
31978
+ ]),
31979
+ ),
31980
+ source: Schema.optional(
31981
+ Schema.Struct({
31982
+ name: Schema.optional(Schema.String),
31983
+ nameByIdp: Schema.optional(
31984
+ Schema.Record(Schema.String, Schema.Unknown),
31985
+ ),
31986
+ }).pipe(
31987
+ Schema.encodeKeys({ name: "name", nameByIdp: "name_by_idp" }),
31988
+ ),
31989
+ ),
31990
+ }),
31991
+ ),
31992
+ ),
31993
+ grantTypes: Schema.optional(
31994
+ Schema.Array(
31995
+ Schema.Union([
31996
+ Schema.Literals([
31997
+ "authorization_code",
31998
+ "authorization_code_with_pkce",
31999
+ "refresh_tokens",
32000
+ "hybrid",
32001
+ "implicit",
32002
+ ]),
32003
+ Schema.String,
32004
+ ]),
32005
+ ),
32006
+ ),
32007
+ groupFilterRegex: Schema.optional(Schema.String),
32008
+ hybridAndImplicitOptions: Schema.optional(
32009
+ Schema.Struct({
32010
+ returnAccessTokenFromAuthorizationEndpoint: Schema.optional(
32011
+ Schema.Boolean,
32012
+ ),
32013
+ returnIdTokenFromAuthorizationEndpoint: Schema.optional(
32014
+ Schema.Boolean,
32015
+ ),
32016
+ }).pipe(
32017
+ Schema.encodeKeys({
32018
+ returnAccessTokenFromAuthorizationEndpoint:
32019
+ "return_access_token_from_authorization_endpoint",
32020
+ returnIdTokenFromAuthorizationEndpoint:
32021
+ "return_id_token_from_authorization_endpoint",
32022
+ }),
32023
+ ),
32024
+ ),
32025
+ redirectUris: Schema.optional(Schema.Array(Schema.String)),
32026
+ refreshTokenOptions: Schema.optional(
32027
+ Schema.Struct({
32028
+ lifetime: Schema.optional(Schema.String),
32029
+ }),
32030
+ ),
32031
+ scopes: Schema.optional(
32032
+ Schema.Array(
32033
+ Schema.Union([
32034
+ Schema.Literals(["openid", "groups", "email", "profile"]),
32035
+ Schema.String,
32036
+ ]),
32037
+ ),
32038
+ ),
32039
+ }).pipe(
32040
+ Schema.encodeKeys({
32041
+ authType: "auth_type",
32042
+ consumerServiceUrl: "consumer_service_url",
32043
+ customAttributes: "custom_attributes",
32044
+ defaultRelayState: "default_relay_state",
32045
+ idpEntityId: "idp_entity_id",
32046
+ nameIdFormat: "name_id_format",
32047
+ nameIdTransformJsonata: "name_id_transform_jsonata",
32048
+ publicKey: "public_key",
32049
+ samlAttributeTransformJsonata: "saml_attribute_transform_jsonata",
32050
+ spEntityId: "sp_entity_id",
32051
+ ssoEndpoint: "sso_endpoint",
32052
+ accessTokenLifetime: "access_token_lifetime",
32053
+ allowPkceWithoutClientSecret: "allow_pkce_without_client_secret",
32054
+ appLauncherUrl: "app_launcher_url",
32055
+ clientId: "client_id",
32056
+ clientSecret: "client_secret",
32057
+ customClaims: "custom_claims",
32058
+ grantTypes: "grant_types",
32059
+ groupFilterRegex: "group_filter_regex",
32060
+ hybridAndImplicitOptions: "hybrid_and_implicit_options",
32061
+ redirectUris: "redirect_uris",
32062
+ refreshTokenOptions: "refresh_token_options",
32063
+ scopes: "scopes",
32064
+ }),
32065
+ ),
32066
+ ),
32067
+ appLauncherLogoUrl: Schema.optional(Schema.String),
32068
+ bgColor: Schema.optional(Schema.String),
32069
+ footerLinks: Schema.optional(
32070
+ Schema.Array(
32071
+ Schema.Struct({
32072
+ name: Schema.String,
32073
+ url: Schema.String,
32074
+ }),
32075
+ ),
32076
+ ),
32077
+ headerBgColor: Schema.optional(Schema.String),
32078
+ landingPageDesign: Schema.optional(
32079
+ Schema.Struct({
32080
+ buttonColor: Schema.optional(Schema.String),
32081
+ buttonTextColor: Schema.optional(Schema.String),
32082
+ imageUrl: Schema.optional(Schema.String),
32083
+ message: Schema.optional(Schema.String),
32084
+ title: Schema.optional(Schema.String),
32085
+ }).pipe(
32086
+ Schema.encodeKeys({
32087
+ buttonColor: "button_color",
32088
+ buttonTextColor: "button_text_color",
32089
+ imageUrl: "image_url",
32090
+ message: "message",
32091
+ title: "title",
32092
+ }),
32093
+ ),
32094
+ ),
32095
+ skipAppLauncherLoginPage: Schema.optional(Schema.Boolean),
32096
+ targetCriteria: Schema.optional(
32097
+ Schema.Union([
32098
+ Schema.Array(
32099
+ Schema.Struct({
32100
+ port: Schema.Number,
32101
+ protocol: Schema.Literal("SSH"),
32102
+ targetAttributes: Schema.Record(Schema.String, Schema.Unknown),
32103
+ }).pipe(
32104
+ Schema.encodeKeys({
32105
+ port: "port",
32106
+ protocol: "protocol",
32107
+ targetAttributes: "target_attributes",
32108
+ }),
32109
+ ),
32110
+ ),
32111
+ Schema.Array(
32112
+ Schema.Struct({
32113
+ port: Schema.Number,
32114
+ protocol: Schema.Literal("RDP"),
32115
+ targetAttributes: Schema.Record(Schema.String, Schema.Unknown),
32116
+ }).pipe(
32117
+ Schema.encodeKeys({
32118
+ port: "port",
32119
+ protocol: "protocol",
32120
+ targetAttributes: "target_attributes",
32121
+ }),
32122
+ ),
32123
+ ),
32124
+ ]),
32125
+ ),
32126
+ } as const;
32127
+
32128
+ interface CreateAccessApplicationBaseRequest {
32129
+ /** Body param: The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher. */
32130
+ domain?: string;
32131
+ /** Body param: The application type. */
32132
+ type?:
32133
+ | "self_hosted"
32134
+ | "saas"
32135
+ | "ssh"
32136
+ | "vnc"
32137
+ | "app_launcher"
32138
+ | "warp"
32139
+ | "biso"
32140
+ | "bookmark"
32141
+ | "dash_sso"
32142
+ | "infrastructure"
32143
+ | "rdp"
32144
+ | "mcp"
32145
+ | "mcp_portal"
32146
+ | "proxy_endpoint"
32147
+ | (string & {});
32148
+ /** Body param: When set to true, users can authenticate to this application using their WARP session. When set to false this application will always require direct IdP authentication. This setting always */
32149
+ allowAuthenticateViaWarp?: boolean;
32150
+ /** Body param: Enables loading application content in an iFrame. */
32151
+ allowIframe?: boolean;
32152
+ /** Body param: The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account. */
32153
+ allowedIdps?: string[];
32154
+ /** Body param: Displays the application in the App Launcher. */
32155
+ appLauncherVisible?: boolean;
32156
+ /** Body param: When set to `true`, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps. */
32157
+ autoRedirectToIdentity?: boolean;
32158
+ /** Body param */
32159
+ corsHeaders?: {
32160
+ allowAllHeaders?: boolean;
32161
+ allowAllMethods?: boolean;
32162
+ allowAllOrigins?: boolean;
32163
+ allowCredentials?: boolean;
32164
+ allowedHeaders?: string[];
32165
+ allowedMethods?: (
32166
+ | "GET"
32167
+ | "POST"
32168
+ | "HEAD"
32169
+ | "PUT"
32170
+ | "DELETE"
32171
+ | "CONNECT"
32172
+ | "OPTIONS"
32173
+ | "TRACE"
32174
+ | "PATCH"
32175
+ | (string & {})
32176
+ )[];
32177
+ allowedOrigins?: string[];
32178
+ maxAge?: number;
32179
+ };
32180
+ /** Body param: The custom error message shown to a user when they are denied access to the application. */
32181
+ customDenyMessage?: string;
32182
+ /** Body param: The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules. */
32183
+ customDenyUrl?: string;
32184
+ /** Body param: The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules. */
32185
+ customNonIdentityDenyUrl?: string;
32186
+ /** Body param: The custom pages that will be displayed when applicable for this application */
32187
+ customPages?: string[];
32188
+ /** Body param: List of destinations secured by Access. This supersedes `self_hosted_domains` to allow for more flexibility in defining different types of domains. If `destinations` are provided, then `se */
32189
+ destinations?: (
32190
+ | { type?: "public"; uri?: string }
32191
+ | {
32192
+ cidr?: string;
32193
+ hostname?: string;
32194
+ l4Protocol?: "tcp" | "udp" | (string & {});
32195
+ portRange?: string;
32196
+ type?: "private";
32197
+ vnetId?: string;
32198
+ }
32199
+ | { mcpServerId?: string; type?: "via_mcp_server_portal" }
32200
+ )[];
32201
+ /** Body param: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. */
32202
+ enableBindingCookie?: boolean;
32203
+ /** Body param: Enables the HttpOnly cookie attribute, which increases security against XSS attacks. */
32204
+ httpOnlyCookieAttribute?: boolean;
32205
+ /** Body param: The image URL for the logo shown in the App Launcher dashboard. */
32206
+ logoUrl?: string;
32207
+ /** Body param: Configures multi-factor authentication (MFA) settings. */
32208
+ mfaConfig?: {
32209
+ allowedAuthenticators?: (
32210
+ | "totp"
32211
+ | "biometrics"
32212
+ | "security_key"
32213
+ | (string & {})
32214
+ )[];
32215
+ mfaDisabled?: boolean;
32216
+ sessionDuration?: string;
32217
+ };
32218
+ /** Body param: The name of the application. */
32219
+ name?: string;
32220
+ /** Body param: Beta: Optional configuration for managing an OAuth authorization flow controlled by Access. When set, Access will act as the OAuth authorization server for this application. Only compati */
32221
+ oauthConfiguration?: {
32222
+ dynamicClientRegistration?: {
32223
+ allowAnyOnLocalhost?: boolean;
32224
+ allowAnyOnLoopback?: boolean;
32225
+ allowedUris?: string[];
32226
+ enabled?: boolean;
32227
+ };
32228
+ enabled?: boolean;
32229
+ grant?: { accessTokenLifetime?: string; sessionDuration?: string };
32230
+ };
32231
+ /** Body param: Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if cors_headers is set. */
32232
+ optionsPreflightBypass?: boolean;
32233
+ /** Body param: Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default */
32234
+ pathCookieAttribute?: boolean;
32235
+ /** Body param: The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application. Reusable a */
32236
+ policies?:
32237
+ | (
32238
+ | { id?: string; precedence?: number }
32239
+ | string
32240
+ | {
32241
+ id?: string;
32242
+ approvalGroups?: {
32243
+ approvalsNeeded: number;
32244
+ emailAddresses?: string[];
32245
+ emailListUuid?: string;
32246
+ }[];
32247
+ approvalRequired?: boolean;
32248
+ connectionRules?: {
32249
+ rdp?: {
32250
+ allowedClipboardLocalToRemoteFormats?: "text"[];
32251
+ allowedClipboardRemoteToLocalFormats?: "text"[];
32252
+ };
32253
+ };
32254
+ isolationRequired?: boolean;
32255
+ mfaConfig?: {
32256
+ allowedAuthenticators?: (
32257
+ | "totp"
32258
+ | "biometrics"
32259
+ | "security_key"
32260
+ | (string & {})
32261
+ )[];
32262
+ mfaDisabled?: boolean;
32263
+ sessionDuration?: string;
32264
+ };
32265
+ precedence?: number;
32266
+ purposeJustificationPrompt?: string;
32267
+ purposeJustificationRequired?: boolean;
32268
+ sessionDuration?: string;
32269
+ }
32270
+ )[]
32271
+ | {
32272
+ decision: "allow" | "deny" | "non_identity" | "bypass" | (string & {});
32273
+ include: (
32274
+ | { group: { id: string } }
32275
+ | { anyValidServiceToken: unknown }
32276
+ | {
32277
+ authContext: {
32278
+ id: string;
32279
+ acId: string;
32280
+ identityProviderId: string;
32281
+ };
32282
+ }
32283
+ | { authMethod: { authMethod: string } }
32284
+ | { azureAD: { id: string; identityProviderId: string } }
32285
+ | { certificate: unknown }
32286
+ | { commonName: { commonName: string } }
32287
+ | { geo: { countryCode: string } }
32288
+ | { devicePosture: { integrationUid: string } }
32289
+ | { emailDomain: { domain: string } }
32290
+ | { emailList: { id: string } }
32291
+ | { email: { email: string } }
32292
+ | { everyone: unknown }
32293
+ | { externalEvaluation: { evaluateUrl: string; keysUrl: string } }
32294
+ | {
32295
+ githubOrganization: {
32296
+ identityProviderId: string;
32297
+ name: string;
32298
+ team?: string;
32299
+ };
32300
+ }
32301
+ | { gsuite: { email: string; identityProviderId: string } }
32302
+ | { loginMethod: { id: string } }
32303
+ | { ipList: { id: string } }
32304
+ | { ip: { ip: string } }
32305
+ | { okta: { identityProviderId: string; name: string } }
32306
+ | {
32307
+ saml: {
32308
+ attributeName: string;
32309
+ attributeValue: string;
32310
+ identityProviderId: string;
32311
+ };
32312
+ }
32313
+ | {
32314
+ oidc: {
32315
+ claimName: string;
32316
+ claimValue: string;
32317
+ identityProviderId: string;
32318
+ };
32319
+ }
32320
+ | { serviceToken: { tokenId: string } }
32321
+ | { linkedAppToken: { appUid: string } }
32322
+ | {
32323
+ userRiskScore: {
32324
+ userRiskScore: (
32325
+ | "low"
32326
+ | "medium"
32327
+ | "high"
32328
+ | "unscored"
32329
+ | (string & {})
32330
+ )[];
32331
+ };
32332
+ }
32333
+ | { cloudflareAccountMember: { accountId?: string } }
32334
+ )[];
32335
+ name: string;
32336
+ connectionRules?: {
32337
+ ssh?: { usernames: string[]; allowEmailAlias?: boolean };
32338
+ };
32339
+ exclude?: (
32340
+ | { group: { id: string } }
32341
+ | { anyValidServiceToken: unknown }
32342
+ | {
32343
+ authContext: {
32344
+ id: string;
32345
+ acId: string;
32346
+ identityProviderId: string;
32347
+ };
32348
+ }
32349
+ | { authMethod: { authMethod: string } }
32350
+ | { azureAD: { id: string; identityProviderId: string } }
32351
+ | { certificate: unknown }
32352
+ | { commonName: { commonName: string } }
32353
+ | { geo: { countryCode: string } }
32354
+ | { devicePosture: { integrationUid: string } }
32355
+ | { emailDomain: { domain: string } }
32356
+ | { emailList: { id: string } }
32357
+ | { email: { email: string } }
32358
+ | { everyone: unknown }
32359
+ | { externalEvaluation: { evaluateUrl: string; keysUrl: string } }
32360
+ | {
32361
+ githubOrganization: {
32362
+ identityProviderId: string;
32363
+ name: string;
32364
+ team?: string;
32365
+ };
32366
+ }
32367
+ | { gsuite: { email: string; identityProviderId: string } }
32368
+ | { loginMethod: { id: string } }
32369
+ | { ipList: { id: string } }
32370
+ | { ip: { ip: string } }
32371
+ | { okta: { identityProviderId: string; name: string } }
32372
+ | {
32373
+ saml: {
32374
+ attributeName: string;
32375
+ attributeValue: string;
32376
+ identityProviderId: string;
32377
+ };
32378
+ }
32379
+ | {
32380
+ oidc: {
32381
+ claimName: string;
32382
+ claimValue: string;
32383
+ identityProviderId: string;
32384
+ };
32385
+ }
32386
+ | { serviceToken: { tokenId: string } }
32387
+ | { linkedAppToken: { appUid: string } }
32388
+ | {
32389
+ userRiskScore: {
32390
+ userRiskScore: (
32391
+ | "low"
32392
+ | "medium"
32393
+ | "high"
32394
+ | "unscored"
32395
+ | (string & {})
32396
+ )[];
32397
+ };
32398
+ }
32399
+ | { cloudflareAccountMember: { accountId?: string } }
32400
+ )[];
32401
+ mfaConfig?: {
32402
+ allowedAuthenticators?: "ssh_piv_key"[];
32403
+ mfaDisabled?: boolean;
32404
+ sessionDuration?: string;
32405
+ };
32406
+ require?: (
32407
+ | { group: { id: string } }
32408
+ | { anyValidServiceToken: unknown }
32409
+ | {
32410
+ authContext: {
32411
+ id: string;
32412
+ acId: string;
32413
+ identityProviderId: string;
32414
+ };
32415
+ }
32416
+ | { authMethod: { authMethod: string } }
32417
+ | { azureAD: { id: string; identityProviderId: string } }
32418
+ | { certificate: unknown }
32419
+ | { commonName: { commonName: string } }
32420
+ | { geo: { countryCode: string } }
32421
+ | { devicePosture: { integrationUid: string } }
32422
+ | { emailDomain: { domain: string } }
32423
+ | { emailList: { id: string } }
32424
+ | { email: { email: string } }
32425
+ | { everyone: unknown }
32426
+ | { externalEvaluation: { evaluateUrl: string; keysUrl: string } }
32427
+ | {
32428
+ githubOrganization: {
32429
+ identityProviderId: string;
32430
+ name: string;
32431
+ team?: string;
32432
+ };
32433
+ }
32434
+ | { gsuite: { email: string; identityProviderId: string } }
32435
+ | { loginMethod: { id: string } }
32436
+ | { ipList: { id: string } }
32437
+ | { ip: { ip: string } }
32438
+ | { okta: { identityProviderId: string; name: string } }
32439
+ | {
32440
+ saml: {
32441
+ attributeName: string;
32442
+ attributeValue: string;
32443
+ identityProviderId: string;
32444
+ };
32445
+ }
32446
+ | {
32447
+ oidc: {
32448
+ claimName: string;
32449
+ claimValue: string;
32450
+ identityProviderId: string;
32451
+ };
32452
+ }
32453
+ | { serviceToken: { tokenId: string } }
32454
+ | { linkedAppToken: { appUid: string } }
32455
+ | {
32456
+ userRiskScore: {
32457
+ userRiskScore: (
32458
+ | "low"
32459
+ | "medium"
32460
+ | "high"
32461
+ | "unscored"
32462
+ | (string & {})
32463
+ )[];
32464
+ };
32465
+ }
32466
+ | { cloudflareAccountMember: { accountId?: string } }
32467
+ )[];
32468
+ }[];
32469
+ /** Body param: Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The */
32470
+ readServiceTokensFromHeader?: string;
32471
+ /** Body param: Sets the SameSite cookie setting, which provides increased security against CSRF attacks. */
32472
+ sameSiteCookieAttribute?: string;
32473
+ /** Body param: Configuration for provisioning to this application via SCIM. This is currently in closed beta. */
32474
+ scimConfig?: {
32475
+ idpUid: string;
31358
32476
  remoteUri: string;
31359
32477
  authentication?:
31360
32478
  | { password: string; scheme: "httpbasic"; user: string }
@@ -31412,6 +32530,90 @@ interface CreateAccessApplicationBaseRequest {
31412
32530
  tags?: string[];
31413
32531
  /** Body param: Determines if users can access this application via a clientless browser isolation URL. This allows users to access private domains without connecting to Gateway. The option requires Clien */
31414
32532
  useClientlessIsolationAppLauncherUrl?: boolean;
32533
+ /** Body param */
32534
+ saasApp?: {
32535
+ authType?: "saml" | "oidc" | (string & {});
32536
+ consumerServiceUrl?: string;
32537
+ customAttributes?: {
32538
+ friendlyName?: string;
32539
+ name?: string;
32540
+ nameFormat?:
32541
+ | "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
32542
+ | "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
32543
+ | "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
32544
+ | (string & {});
32545
+ required?: boolean;
32546
+ source?: {
32547
+ name?: string;
32548
+ nameByIdp?: { idpId?: string; sourceName?: string }[];
32549
+ };
32550
+ }[];
32551
+ defaultRelayState?: string;
32552
+ idpEntityId?: string;
32553
+ nameIdFormat?: "id" | "email" | (string & {});
32554
+ nameIdTransformJsonata?: string;
32555
+ publicKey?: string;
32556
+ samlAttributeTransformJsonata?: string;
32557
+ spEntityId?: string;
32558
+ ssoEndpoint?: string;
32559
+ accessTokenLifetime?: string;
32560
+ allowPkceWithoutClientSecret?: boolean;
32561
+ appLauncherUrl?: string;
32562
+ clientId?: string;
32563
+ clientSecret?: string;
32564
+ customClaims?: {
32565
+ name?: string;
32566
+ required?: boolean;
32567
+ scope?: "groups" | "profile" | "email" | "openid" | (string & {});
32568
+ source?: { name?: string; nameByIdp?: Record<string, unknown> };
32569
+ }[];
32570
+ grantTypes?: (
32571
+ | "authorization_code"
32572
+ | "authorization_code_with_pkce"
32573
+ | "refresh_tokens"
32574
+ | "hybrid"
32575
+ | "implicit"
32576
+ | (string & {})
32577
+ )[];
32578
+ groupFilterRegex?: string;
32579
+ hybridAndImplicitOptions?: {
32580
+ returnAccessTokenFromAuthorizationEndpoint?: boolean;
32581
+ returnIdTokenFromAuthorizationEndpoint?: boolean;
32582
+ };
32583
+ redirectUris?: string[];
32584
+ refreshTokenOptions?: { lifetime?: string };
32585
+ scopes?: ("openid" | "groups" | "email" | "profile" | (string & {}))[];
32586
+ };
32587
+ /** Body param: The image URL of the logo shown in the App Launcher header. */
32588
+ appLauncherLogoUrl?: string;
32589
+ /** Body param: The background color of the App Launcher page. */
32590
+ bgColor?: string;
32591
+ /** Body param: The links in the App Launcher footer. */
32592
+ footerLinks?: { name: string; url: string }[];
32593
+ /** Body param: The background color of the App Launcher header. */
32594
+ headerBgColor?: string;
32595
+ /** Body param: The design of the App Launcher landing page shown to users when they log in. */
32596
+ landingPageDesign?: {
32597
+ buttonColor?: string;
32598
+ buttonTextColor?: string;
32599
+ imageUrl?: string;
32600
+ message?: string;
32601
+ title?: string;
32602
+ };
32603
+ /** Body param: Determines when to skip the App Launcher landing page. */
32604
+ skipAppLauncherLoginPage?: boolean;
32605
+ /** Body param */
32606
+ targetCriteria?:
32607
+ | {
32608
+ port: number;
32609
+ protocol: "SSH";
32610
+ targetAttributes: Record<string, unknown>;
32611
+ }[]
32612
+ | {
32613
+ port: number;
32614
+ protocol: "RDP";
32615
+ targetAttributes: Record<string, unknown>;
32616
+ }[];
31415
32617
  }
31416
32618
 
31417
32619
  export interface CreateAccessApplicationForAccountRequest extends CreateAccessApplicationBaseRequest {
@@ -31462,6 +32664,14 @@ export const CreateAccessApplicationForAccountRequest =
31462
32664
  tags: "tags",
31463
32665
  useClientlessIsolationAppLauncherUrl:
31464
32666
  "use_clientless_isolation_app_launcher_url",
32667
+ saasApp: "saas_app",
32668
+ appLauncherLogoUrl: "app_launcher_logo_url",
32669
+ bgColor: "bg_color",
32670
+ footerLinks: "footer_links",
32671
+ headerBgColor: "header_bg_color",
32672
+ landingPageDesign: "landing_page_design",
32673
+ skipAppLauncherLoginPage: "skip_app_launcher_login_page",
32674
+ targetCriteria: "target_criteria",
31465
32675
  }),
31466
32676
  T.Http({ method: "POST", path: "/accounts/{account_id}/access/apps" }),
31467
32677
  ) as unknown as Schema.Schema<CreateAccessApplicationForAccountRequest>;
@@ -31504,6 +32714,14 @@ export const CreateAccessApplicationForZoneRequest =
31504
32714
  tags: "tags",
31505
32715
  useClientlessIsolationAppLauncherUrl:
31506
32716
  "use_clientless_isolation_app_launcher_url",
32717
+ saasApp: "saas_app",
32718
+ appLauncherLogoUrl: "app_launcher_logo_url",
32719
+ bgColor: "bg_color",
32720
+ footerLinks: "footer_links",
32721
+ headerBgColor: "header_bg_color",
32722
+ landingPageDesign: "landing_page_design",
32723
+ skipAppLauncherLoginPage: "skip_app_launcher_login_page",
32724
+ targetCriteria: "target_criteria",
31507
32725
  }),
31508
32726
  T.Http({ method: "POST", path: "/zones/{zone_id}/access/apps" }),
31509
32727
  ) as unknown as Schema.Schema<CreateAccessApplicationForZoneRequest>;
@@ -45302,26 +46520,28 @@ export const createAccessApplicationForZone: API.OperationMethod<
45302
46520
 
45303
46521
  const UpdateAccessApplicationBaseFields = {
45304
46522
  appId: Schema.String.pipe(T.HttpPath("appId")),
45305
- domain: Schema.String,
45306
- type: Schema.Union([
45307
- Schema.Literals([
45308
- "self_hosted",
45309
- "saas",
45310
- "ssh",
45311
- "vnc",
45312
- "app_launcher",
45313
- "warp",
45314
- "biso",
45315
- "bookmark",
45316
- "dash_sso",
45317
- "infrastructure",
45318
- "rdp",
45319
- "mcp",
45320
- "mcp_portal",
45321
- "proxy_endpoint",
46523
+ domain: Schema.optional(Schema.String),
46524
+ type: Schema.optional(
46525
+ Schema.Union([
46526
+ Schema.Literals([
46527
+ "self_hosted",
46528
+ "saas",
46529
+ "ssh",
46530
+ "vnc",
46531
+ "app_launcher",
46532
+ "warp",
46533
+ "biso",
46534
+ "bookmark",
46535
+ "dash_sso",
46536
+ "infrastructure",
46537
+ "rdp",
46538
+ "mcp",
46539
+ "mcp_portal",
46540
+ "proxy_endpoint",
46541
+ ]),
46542
+ Schema.String,
45322
46543
  ]),
45323
- Schema.String,
45324
- ]),
46544
+ ),
45325
46545
  allowAuthenticateViaWarp: Schema.optional(Schema.Boolean),
45326
46546
  allowIframe: Schema.optional(Schema.Boolean),
45327
46547
  allowedIdps: Schema.optional(Schema.Array(Schema.String)),
@@ -45470,62 +46690,546 @@ const UpdateAccessApplicationBaseFields = {
45470
46690
  optionsPreflightBypass: Schema.optional(Schema.Boolean),
45471
46691
  pathCookieAttribute: Schema.optional(Schema.Boolean),
45472
46692
  policies: Schema.optional(
45473
- Schema.Array(
45474
- Schema.Union([
45475
- Schema.Struct({
45476
- id: Schema.optional(Schema.String),
45477
- precedence: Schema.optional(Schema.Number),
45478
- }),
45479
- Schema.String,
46693
+ Schema.Union([
46694
+ Schema.Array(
46695
+ Schema.Union([
46696
+ Schema.Struct({
46697
+ id: Schema.optional(Schema.String),
46698
+ precedence: Schema.optional(Schema.Number),
46699
+ }),
46700
+ Schema.String,
46701
+ Schema.Struct({
46702
+ id: Schema.optional(Schema.String),
46703
+ approvalGroups: Schema.optional(
46704
+ Schema.Array(
46705
+ Schema.Struct({
46706
+ approvalsNeeded: Schema.Number,
46707
+ emailAddresses: Schema.optional(Schema.Array(Schema.String)),
46708
+ emailListUuid: Schema.optional(Schema.String),
46709
+ }).pipe(
46710
+ Schema.encodeKeys({
46711
+ approvalsNeeded: "approvals_needed",
46712
+ emailAddresses: "email_addresses",
46713
+ emailListUuid: "email_list_uuid",
46714
+ }),
46715
+ ),
46716
+ ),
46717
+ ),
46718
+ approvalRequired: Schema.optional(Schema.Boolean),
46719
+ connectionRules: Schema.optional(
46720
+ Schema.Struct({
46721
+ rdp: Schema.optional(
46722
+ Schema.Struct({
46723
+ allowedClipboardLocalToRemoteFormats: Schema.optional(
46724
+ Schema.Array(Schema.Literal("text")),
46725
+ ),
46726
+ allowedClipboardRemoteToLocalFormats: Schema.optional(
46727
+ Schema.Array(Schema.Literal("text")),
46728
+ ),
46729
+ }).pipe(
46730
+ Schema.encodeKeys({
46731
+ allowedClipboardLocalToRemoteFormats:
46732
+ "allowed_clipboard_local_to_remote_formats",
46733
+ allowedClipboardRemoteToLocalFormats:
46734
+ "allowed_clipboard_remote_to_local_formats",
46735
+ }),
46736
+ ),
46737
+ ),
46738
+ }),
46739
+ ),
46740
+ isolationRequired: Schema.optional(Schema.Boolean),
46741
+ mfaConfig: Schema.optional(
46742
+ Schema.Struct({
46743
+ allowedAuthenticators: Schema.optional(
46744
+ Schema.Array(
46745
+ Schema.Union([
46746
+ Schema.Literals(["totp", "biometrics", "security_key"]),
46747
+ Schema.String,
46748
+ ]),
46749
+ ),
46750
+ ),
46751
+ mfaDisabled: Schema.optional(Schema.Boolean),
46752
+ sessionDuration: Schema.optional(Schema.String),
46753
+ }).pipe(
46754
+ Schema.encodeKeys({
46755
+ allowedAuthenticators: "allowed_authenticators",
46756
+ mfaDisabled: "mfa_disabled",
46757
+ sessionDuration: "session_duration",
46758
+ }),
46759
+ ),
46760
+ ),
46761
+ precedence: Schema.optional(Schema.Number),
46762
+ purposeJustificationPrompt: Schema.optional(Schema.String),
46763
+ purposeJustificationRequired: Schema.optional(Schema.Boolean),
46764
+ sessionDuration: Schema.optional(Schema.String),
46765
+ }).pipe(
46766
+ Schema.encodeKeys({
46767
+ id: "id",
46768
+ approvalGroups: "approval_groups",
46769
+ approvalRequired: "approval_required",
46770
+ connectionRules: "connection_rules",
46771
+ isolationRequired: "isolation_required",
46772
+ mfaConfig: "mfa_config",
46773
+ precedence: "precedence",
46774
+ purposeJustificationPrompt: "purpose_justification_prompt",
46775
+ purposeJustificationRequired: "purpose_justification_required",
46776
+ sessionDuration: "session_duration",
46777
+ }),
46778
+ ),
46779
+ ]),
46780
+ ),
46781
+ Schema.Array(
45480
46782
  Schema.Struct({
45481
- id: Schema.optional(Schema.String),
45482
- approvalGroups: Schema.optional(
45483
- Schema.Array(
46783
+ decision: Schema.Union([
46784
+ Schema.Literals(["allow", "deny", "non_identity", "bypass"]),
46785
+ Schema.String,
46786
+ ]),
46787
+ include: Schema.Array(
46788
+ Schema.Union([
45484
46789
  Schema.Struct({
45485
- approvalsNeeded: Schema.Number,
45486
- emailAddresses: Schema.optional(Schema.Array(Schema.String)),
45487
- emailListUuid: Schema.optional(Schema.String),
46790
+ group: Schema.Struct({
46791
+ id: Schema.String,
46792
+ }),
46793
+ }),
46794
+ Schema.Struct({
46795
+ anyValidServiceToken: Schema.Unknown,
45488
46796
  }).pipe(
45489
46797
  Schema.encodeKeys({
45490
- approvalsNeeded: "approvals_needed",
45491
- emailAddresses: "email_addresses",
45492
- emailListUuid: "email_list_uuid",
46798
+ anyValidServiceToken: "any_valid_service_token",
46799
+ }),
46800
+ ),
46801
+ Schema.Struct({
46802
+ authContext: Schema.Struct({
46803
+ id: Schema.String,
46804
+ acId: Schema.String,
46805
+ identityProviderId: Schema.String,
46806
+ }).pipe(
46807
+ Schema.encodeKeys({
46808
+ id: "id",
46809
+ acId: "ac_id",
46810
+ identityProviderId: "identity_provider_id",
46811
+ }),
46812
+ ),
46813
+ }).pipe(Schema.encodeKeys({ authContext: "auth_context" })),
46814
+ Schema.Struct({
46815
+ authMethod: Schema.Struct({
46816
+ authMethod: Schema.String,
46817
+ }).pipe(Schema.encodeKeys({ authMethod: "auth_method" })),
46818
+ }).pipe(Schema.encodeKeys({ authMethod: "auth_method" })),
46819
+ Schema.Struct({
46820
+ azureAD: Schema.Struct({
46821
+ id: Schema.String,
46822
+ identityProviderId: Schema.String,
46823
+ }).pipe(
46824
+ Schema.encodeKeys({
46825
+ id: "id",
46826
+ identityProviderId: "identity_provider_id",
46827
+ }),
46828
+ ),
46829
+ }),
46830
+ Schema.Struct({
46831
+ certificate: Schema.Unknown,
46832
+ }),
46833
+ Schema.Struct({
46834
+ commonName: Schema.Struct({
46835
+ commonName: Schema.String,
46836
+ }).pipe(Schema.encodeKeys({ commonName: "common_name" })),
46837
+ }).pipe(Schema.encodeKeys({ commonName: "common_name" })),
46838
+ Schema.Struct({
46839
+ geo: Schema.Struct({
46840
+ countryCode: Schema.String,
46841
+ }).pipe(Schema.encodeKeys({ countryCode: "country_code" })),
46842
+ }),
46843
+ Schema.Struct({
46844
+ devicePosture: Schema.Struct({
46845
+ integrationUid: Schema.String,
46846
+ }).pipe(
46847
+ Schema.encodeKeys({ integrationUid: "integration_uid" }),
46848
+ ),
46849
+ }).pipe(Schema.encodeKeys({ devicePosture: "device_posture" })),
46850
+ Schema.Struct({
46851
+ emailDomain: Schema.Struct({
46852
+ domain: Schema.String,
46853
+ }),
46854
+ }).pipe(Schema.encodeKeys({ emailDomain: "email_domain" })),
46855
+ Schema.Struct({
46856
+ emailList: Schema.Struct({
46857
+ id: Schema.String,
46858
+ }),
46859
+ }).pipe(Schema.encodeKeys({ emailList: "email_list" })),
46860
+ Schema.Struct({
46861
+ email: Schema.Struct({
46862
+ email: Schema.String,
46863
+ }),
46864
+ }),
46865
+ Schema.Struct({
46866
+ everyone: Schema.Unknown,
46867
+ }),
46868
+ Schema.Struct({
46869
+ externalEvaluation: Schema.Struct({
46870
+ evaluateUrl: Schema.String,
46871
+ keysUrl: Schema.String,
46872
+ }).pipe(
46873
+ Schema.encodeKeys({
46874
+ evaluateUrl: "evaluate_url",
46875
+ keysUrl: "keys_url",
46876
+ }),
46877
+ ),
46878
+ }).pipe(
46879
+ Schema.encodeKeys({
46880
+ externalEvaluation: "external_evaluation",
46881
+ }),
46882
+ ),
46883
+ Schema.Struct({
46884
+ githubOrganization: Schema.Struct({
46885
+ identityProviderId: Schema.String,
46886
+ name: Schema.String,
46887
+ team: Schema.optional(Schema.String),
46888
+ }).pipe(
46889
+ Schema.encodeKeys({
46890
+ identityProviderId: "identity_provider_id",
46891
+ name: "name",
46892
+ team: "team",
46893
+ }),
46894
+ ),
46895
+ }).pipe(
46896
+ Schema.encodeKeys({
46897
+ githubOrganization: "github-organization",
46898
+ }),
46899
+ ),
46900
+ Schema.Struct({
46901
+ gsuite: Schema.Struct({
46902
+ email: Schema.String,
46903
+ identityProviderId: Schema.String,
46904
+ }).pipe(
46905
+ Schema.encodeKeys({
46906
+ email: "email",
46907
+ identityProviderId: "identity_provider_id",
46908
+ }),
46909
+ ),
46910
+ }),
46911
+ Schema.Struct({
46912
+ loginMethod: Schema.Struct({
46913
+ id: Schema.String,
46914
+ }),
46915
+ }).pipe(Schema.encodeKeys({ loginMethod: "login_method" })),
46916
+ Schema.Struct({
46917
+ ipList: Schema.Struct({
46918
+ id: Schema.String,
46919
+ }),
46920
+ }).pipe(Schema.encodeKeys({ ipList: "ip_list" })),
46921
+ Schema.Struct({
46922
+ ip: Schema.Struct({
46923
+ ip: Schema.String,
46924
+ }),
46925
+ }),
46926
+ Schema.Struct({
46927
+ okta: Schema.Struct({
46928
+ identityProviderId: Schema.String,
46929
+ name: Schema.String,
46930
+ }).pipe(
46931
+ Schema.encodeKeys({
46932
+ identityProviderId: "identity_provider_id",
46933
+ name: "name",
46934
+ }),
46935
+ ),
46936
+ }),
46937
+ Schema.Struct({
46938
+ saml: Schema.Struct({
46939
+ attributeName: Schema.String,
46940
+ attributeValue: Schema.String,
46941
+ identityProviderId: Schema.String,
46942
+ }).pipe(
46943
+ Schema.encodeKeys({
46944
+ attributeName: "attribute_name",
46945
+ attributeValue: "attribute_value",
46946
+ identityProviderId: "identity_provider_id",
46947
+ }),
46948
+ ),
46949
+ }),
46950
+ Schema.Struct({
46951
+ oidc: Schema.Struct({
46952
+ claimName: Schema.String,
46953
+ claimValue: Schema.String,
46954
+ identityProviderId: Schema.String,
46955
+ }).pipe(
46956
+ Schema.encodeKeys({
46957
+ claimName: "claim_name",
46958
+ claimValue: "claim_value",
46959
+ identityProviderId: "identity_provider_id",
46960
+ }),
46961
+ ),
46962
+ }),
46963
+ Schema.Struct({
46964
+ serviceToken: Schema.Struct({
46965
+ tokenId: Schema.String,
46966
+ }).pipe(Schema.encodeKeys({ tokenId: "token_id" })),
46967
+ }).pipe(Schema.encodeKeys({ serviceToken: "service_token" })),
46968
+ Schema.Struct({
46969
+ linkedAppToken: Schema.Struct({
46970
+ appUid: Schema.String,
46971
+ }).pipe(Schema.encodeKeys({ appUid: "app_uid" })),
46972
+ }).pipe(
46973
+ Schema.encodeKeys({ linkedAppToken: "linked_app_token" }),
46974
+ ),
46975
+ Schema.Struct({
46976
+ userRiskScore: Schema.Struct({
46977
+ userRiskScore: Schema.Array(
46978
+ Schema.Union([
46979
+ Schema.Literals(["low", "medium", "high", "unscored"]),
46980
+ Schema.String,
46981
+ ]),
46982
+ ),
46983
+ }).pipe(
46984
+ Schema.encodeKeys({ userRiskScore: "user_risk_score" }),
46985
+ ),
46986
+ }).pipe(Schema.encodeKeys({ userRiskScore: "user_risk_score" })),
46987
+ Schema.Struct({
46988
+ cloudflareAccountMember: Schema.Struct({
46989
+ accountId: Schema.optional(Schema.String),
46990
+ }).pipe(Schema.encodeKeys({ accountId: "account_id" })),
46991
+ }).pipe(
46992
+ Schema.encodeKeys({
46993
+ cloudflareAccountMember: "cloudflare_account_member",
46994
+ }),
46995
+ ),
46996
+ ]),
46997
+ ),
46998
+ name: Schema.String,
46999
+ connectionRules: Schema.optional(
47000
+ Schema.Struct({
47001
+ ssh: Schema.optional(
47002
+ Schema.Struct({
47003
+ usernames: Schema.Array(Schema.String),
47004
+ allowEmailAlias: Schema.optional(Schema.Boolean),
47005
+ }).pipe(
47006
+ Schema.encodeKeys({
47007
+ usernames: "usernames",
47008
+ allowEmailAlias: "allow_email_alias",
47009
+ }),
47010
+ ),
47011
+ ),
47012
+ }),
47013
+ ),
47014
+ exclude: Schema.optional(
47015
+ Schema.Array(
47016
+ Schema.Union([
47017
+ Schema.Struct({
47018
+ group: Schema.Struct({
47019
+ id: Schema.String,
47020
+ }),
47021
+ }),
47022
+ Schema.Struct({
47023
+ anyValidServiceToken: Schema.Unknown,
47024
+ }).pipe(
47025
+ Schema.encodeKeys({
47026
+ anyValidServiceToken: "any_valid_service_token",
47027
+ }),
47028
+ ),
47029
+ Schema.Struct({
47030
+ authContext: Schema.Struct({
47031
+ id: Schema.String,
47032
+ acId: Schema.String,
47033
+ identityProviderId: Schema.String,
47034
+ }).pipe(
47035
+ Schema.encodeKeys({
47036
+ id: "id",
47037
+ acId: "ac_id",
47038
+ identityProviderId: "identity_provider_id",
47039
+ }),
47040
+ ),
47041
+ }).pipe(Schema.encodeKeys({ authContext: "auth_context" })),
47042
+ Schema.Struct({
47043
+ authMethod: Schema.Struct({
47044
+ authMethod: Schema.String,
47045
+ }).pipe(Schema.encodeKeys({ authMethod: "auth_method" })),
47046
+ }).pipe(Schema.encodeKeys({ authMethod: "auth_method" })),
47047
+ Schema.Struct({
47048
+ azureAD: Schema.Struct({
47049
+ id: Schema.String,
47050
+ identityProviderId: Schema.String,
47051
+ }).pipe(
47052
+ Schema.encodeKeys({
47053
+ id: "id",
47054
+ identityProviderId: "identity_provider_id",
47055
+ }),
47056
+ ),
47057
+ }),
47058
+ Schema.Struct({
47059
+ certificate: Schema.Unknown,
47060
+ }),
47061
+ Schema.Struct({
47062
+ commonName: Schema.Struct({
47063
+ commonName: Schema.String,
47064
+ }).pipe(Schema.encodeKeys({ commonName: "common_name" })),
47065
+ }).pipe(Schema.encodeKeys({ commonName: "common_name" })),
47066
+ Schema.Struct({
47067
+ geo: Schema.Struct({
47068
+ countryCode: Schema.String,
47069
+ }).pipe(Schema.encodeKeys({ countryCode: "country_code" })),
45493
47070
  }),
45494
- ),
45495
- ),
45496
- ),
45497
- approvalRequired: Schema.optional(Schema.Boolean),
45498
- connectionRules: Schema.optional(
45499
- Schema.Struct({
45500
- rdp: Schema.optional(
45501
47071
  Schema.Struct({
45502
- allowedClipboardLocalToRemoteFormats: Schema.optional(
45503
- Schema.Array(Schema.Literal("text")),
47072
+ devicePosture: Schema.Struct({
47073
+ integrationUid: Schema.String,
47074
+ }).pipe(
47075
+ Schema.encodeKeys({ integrationUid: "integration_uid" }),
45504
47076
  ),
45505
- allowedClipboardRemoteToLocalFormats: Schema.optional(
45506
- Schema.Array(Schema.Literal("text")),
47077
+ }).pipe(Schema.encodeKeys({ devicePosture: "device_posture" })),
47078
+ Schema.Struct({
47079
+ emailDomain: Schema.Struct({
47080
+ domain: Schema.String,
47081
+ }),
47082
+ }).pipe(Schema.encodeKeys({ emailDomain: "email_domain" })),
47083
+ Schema.Struct({
47084
+ emailList: Schema.Struct({
47085
+ id: Schema.String,
47086
+ }),
47087
+ }).pipe(Schema.encodeKeys({ emailList: "email_list" })),
47088
+ Schema.Struct({
47089
+ email: Schema.Struct({
47090
+ email: Schema.String,
47091
+ }),
47092
+ }),
47093
+ Schema.Struct({
47094
+ everyone: Schema.Unknown,
47095
+ }),
47096
+ Schema.Struct({
47097
+ externalEvaluation: Schema.Struct({
47098
+ evaluateUrl: Schema.String,
47099
+ keysUrl: Schema.String,
47100
+ }).pipe(
47101
+ Schema.encodeKeys({
47102
+ evaluateUrl: "evaluate_url",
47103
+ keysUrl: "keys_url",
47104
+ }),
45507
47105
  ),
45508
47106
  }).pipe(
45509
47107
  Schema.encodeKeys({
45510
- allowedClipboardLocalToRemoteFormats:
45511
- "allowed_clipboard_local_to_remote_formats",
45512
- allowedClipboardRemoteToLocalFormats:
45513
- "allowed_clipboard_remote_to_local_formats",
47108
+ externalEvaluation: "external_evaluation",
45514
47109
  }),
45515
47110
  ),
45516
- ),
45517
- }),
47111
+ Schema.Struct({
47112
+ githubOrganization: Schema.Struct({
47113
+ identityProviderId: Schema.String,
47114
+ name: Schema.String,
47115
+ team: Schema.optional(Schema.String),
47116
+ }).pipe(
47117
+ Schema.encodeKeys({
47118
+ identityProviderId: "identity_provider_id",
47119
+ name: "name",
47120
+ team: "team",
47121
+ }),
47122
+ ),
47123
+ }).pipe(
47124
+ Schema.encodeKeys({
47125
+ githubOrganization: "github-organization",
47126
+ }),
47127
+ ),
47128
+ Schema.Struct({
47129
+ gsuite: Schema.Struct({
47130
+ email: Schema.String,
47131
+ identityProviderId: Schema.String,
47132
+ }).pipe(
47133
+ Schema.encodeKeys({
47134
+ email: "email",
47135
+ identityProviderId: "identity_provider_id",
47136
+ }),
47137
+ ),
47138
+ }),
47139
+ Schema.Struct({
47140
+ loginMethod: Schema.Struct({
47141
+ id: Schema.String,
47142
+ }),
47143
+ }).pipe(Schema.encodeKeys({ loginMethod: "login_method" })),
47144
+ Schema.Struct({
47145
+ ipList: Schema.Struct({
47146
+ id: Schema.String,
47147
+ }),
47148
+ }).pipe(Schema.encodeKeys({ ipList: "ip_list" })),
47149
+ Schema.Struct({
47150
+ ip: Schema.Struct({
47151
+ ip: Schema.String,
47152
+ }),
47153
+ }),
47154
+ Schema.Struct({
47155
+ okta: Schema.Struct({
47156
+ identityProviderId: Schema.String,
47157
+ name: Schema.String,
47158
+ }).pipe(
47159
+ Schema.encodeKeys({
47160
+ identityProviderId: "identity_provider_id",
47161
+ name: "name",
47162
+ }),
47163
+ ),
47164
+ }),
47165
+ Schema.Struct({
47166
+ saml: Schema.Struct({
47167
+ attributeName: Schema.String,
47168
+ attributeValue: Schema.String,
47169
+ identityProviderId: Schema.String,
47170
+ }).pipe(
47171
+ Schema.encodeKeys({
47172
+ attributeName: "attribute_name",
47173
+ attributeValue: "attribute_value",
47174
+ identityProviderId: "identity_provider_id",
47175
+ }),
47176
+ ),
47177
+ }),
47178
+ Schema.Struct({
47179
+ oidc: Schema.Struct({
47180
+ claimName: Schema.String,
47181
+ claimValue: Schema.String,
47182
+ identityProviderId: Schema.String,
47183
+ }).pipe(
47184
+ Schema.encodeKeys({
47185
+ claimName: "claim_name",
47186
+ claimValue: "claim_value",
47187
+ identityProviderId: "identity_provider_id",
47188
+ }),
47189
+ ),
47190
+ }),
47191
+ Schema.Struct({
47192
+ serviceToken: Schema.Struct({
47193
+ tokenId: Schema.String,
47194
+ }).pipe(Schema.encodeKeys({ tokenId: "token_id" })),
47195
+ }).pipe(Schema.encodeKeys({ serviceToken: "service_token" })),
47196
+ Schema.Struct({
47197
+ linkedAppToken: Schema.Struct({
47198
+ appUid: Schema.String,
47199
+ }).pipe(Schema.encodeKeys({ appUid: "app_uid" })),
47200
+ }).pipe(
47201
+ Schema.encodeKeys({ linkedAppToken: "linked_app_token" }),
47202
+ ),
47203
+ Schema.Struct({
47204
+ userRiskScore: Schema.Struct({
47205
+ userRiskScore: Schema.Array(
47206
+ Schema.Union([
47207
+ Schema.Literals(["low", "medium", "high", "unscored"]),
47208
+ Schema.String,
47209
+ ]),
47210
+ ),
47211
+ }).pipe(
47212
+ Schema.encodeKeys({ userRiskScore: "user_risk_score" }),
47213
+ ),
47214
+ }).pipe(
47215
+ Schema.encodeKeys({ userRiskScore: "user_risk_score" }),
47216
+ ),
47217
+ Schema.Struct({
47218
+ cloudflareAccountMember: Schema.Struct({
47219
+ accountId: Schema.optional(Schema.String),
47220
+ }).pipe(Schema.encodeKeys({ accountId: "account_id" })),
47221
+ }).pipe(
47222
+ Schema.encodeKeys({
47223
+ cloudflareAccountMember: "cloudflare_account_member",
47224
+ }),
47225
+ ),
47226
+ ]),
47227
+ ),
45518
47228
  ),
45519
- isolationRequired: Schema.optional(Schema.Boolean),
45520
47229
  mfaConfig: Schema.optional(
45521
47230
  Schema.Struct({
45522
47231
  allowedAuthenticators: Schema.optional(
45523
- Schema.Array(
45524
- Schema.Union([
45525
- Schema.Literals(["totp", "biometrics", "security_key"]),
45526
- Schema.String,
45527
- ]),
45528
- ),
47232
+ Schema.Array(Schema.Literal("ssh_piv_key")),
45529
47233
  ),
45530
47234
  mfaDisabled: Schema.optional(Schema.Boolean),
45531
47235
  sessionDuration: Schema.optional(Schema.String),
@@ -45537,26 +47241,234 @@ const UpdateAccessApplicationBaseFields = {
45537
47241
  }),
45538
47242
  ),
45539
47243
  ),
45540
- precedence: Schema.optional(Schema.Number),
45541
- purposeJustificationPrompt: Schema.optional(Schema.String),
45542
- purposeJustificationRequired: Schema.optional(Schema.Boolean),
45543
- sessionDuration: Schema.optional(Schema.String),
47244
+ require: Schema.optional(
47245
+ Schema.Array(
47246
+ Schema.Union([
47247
+ Schema.Struct({
47248
+ group: Schema.Struct({
47249
+ id: Schema.String,
47250
+ }),
47251
+ }),
47252
+ Schema.Struct({
47253
+ anyValidServiceToken: Schema.Unknown,
47254
+ }).pipe(
47255
+ Schema.encodeKeys({
47256
+ anyValidServiceToken: "any_valid_service_token",
47257
+ }),
47258
+ ),
47259
+ Schema.Struct({
47260
+ authContext: Schema.Struct({
47261
+ id: Schema.String,
47262
+ acId: Schema.String,
47263
+ identityProviderId: Schema.String,
47264
+ }).pipe(
47265
+ Schema.encodeKeys({
47266
+ id: "id",
47267
+ acId: "ac_id",
47268
+ identityProviderId: "identity_provider_id",
47269
+ }),
47270
+ ),
47271
+ }).pipe(Schema.encodeKeys({ authContext: "auth_context" })),
47272
+ Schema.Struct({
47273
+ authMethod: Schema.Struct({
47274
+ authMethod: Schema.String,
47275
+ }).pipe(Schema.encodeKeys({ authMethod: "auth_method" })),
47276
+ }).pipe(Schema.encodeKeys({ authMethod: "auth_method" })),
47277
+ Schema.Struct({
47278
+ azureAD: Schema.Struct({
47279
+ id: Schema.String,
47280
+ identityProviderId: Schema.String,
47281
+ }).pipe(
47282
+ Schema.encodeKeys({
47283
+ id: "id",
47284
+ identityProviderId: "identity_provider_id",
47285
+ }),
47286
+ ),
47287
+ }),
47288
+ Schema.Struct({
47289
+ certificate: Schema.Unknown,
47290
+ }),
47291
+ Schema.Struct({
47292
+ commonName: Schema.Struct({
47293
+ commonName: Schema.String,
47294
+ }).pipe(Schema.encodeKeys({ commonName: "common_name" })),
47295
+ }).pipe(Schema.encodeKeys({ commonName: "common_name" })),
47296
+ Schema.Struct({
47297
+ geo: Schema.Struct({
47298
+ countryCode: Schema.String,
47299
+ }).pipe(Schema.encodeKeys({ countryCode: "country_code" })),
47300
+ }),
47301
+ Schema.Struct({
47302
+ devicePosture: Schema.Struct({
47303
+ integrationUid: Schema.String,
47304
+ }).pipe(
47305
+ Schema.encodeKeys({ integrationUid: "integration_uid" }),
47306
+ ),
47307
+ }).pipe(Schema.encodeKeys({ devicePosture: "device_posture" })),
47308
+ Schema.Struct({
47309
+ emailDomain: Schema.Struct({
47310
+ domain: Schema.String,
47311
+ }),
47312
+ }).pipe(Schema.encodeKeys({ emailDomain: "email_domain" })),
47313
+ Schema.Struct({
47314
+ emailList: Schema.Struct({
47315
+ id: Schema.String,
47316
+ }),
47317
+ }).pipe(Schema.encodeKeys({ emailList: "email_list" })),
47318
+ Schema.Struct({
47319
+ email: Schema.Struct({
47320
+ email: Schema.String,
47321
+ }),
47322
+ }),
47323
+ Schema.Struct({
47324
+ everyone: Schema.Unknown,
47325
+ }),
47326
+ Schema.Struct({
47327
+ externalEvaluation: Schema.Struct({
47328
+ evaluateUrl: Schema.String,
47329
+ keysUrl: Schema.String,
47330
+ }).pipe(
47331
+ Schema.encodeKeys({
47332
+ evaluateUrl: "evaluate_url",
47333
+ keysUrl: "keys_url",
47334
+ }),
47335
+ ),
47336
+ }).pipe(
47337
+ Schema.encodeKeys({
47338
+ externalEvaluation: "external_evaluation",
47339
+ }),
47340
+ ),
47341
+ Schema.Struct({
47342
+ githubOrganization: Schema.Struct({
47343
+ identityProviderId: Schema.String,
47344
+ name: Schema.String,
47345
+ team: Schema.optional(Schema.String),
47346
+ }).pipe(
47347
+ Schema.encodeKeys({
47348
+ identityProviderId: "identity_provider_id",
47349
+ name: "name",
47350
+ team: "team",
47351
+ }),
47352
+ ),
47353
+ }).pipe(
47354
+ Schema.encodeKeys({
47355
+ githubOrganization: "github-organization",
47356
+ }),
47357
+ ),
47358
+ Schema.Struct({
47359
+ gsuite: Schema.Struct({
47360
+ email: Schema.String,
47361
+ identityProviderId: Schema.String,
47362
+ }).pipe(
47363
+ Schema.encodeKeys({
47364
+ email: "email",
47365
+ identityProviderId: "identity_provider_id",
47366
+ }),
47367
+ ),
47368
+ }),
47369
+ Schema.Struct({
47370
+ loginMethod: Schema.Struct({
47371
+ id: Schema.String,
47372
+ }),
47373
+ }).pipe(Schema.encodeKeys({ loginMethod: "login_method" })),
47374
+ Schema.Struct({
47375
+ ipList: Schema.Struct({
47376
+ id: Schema.String,
47377
+ }),
47378
+ }).pipe(Schema.encodeKeys({ ipList: "ip_list" })),
47379
+ Schema.Struct({
47380
+ ip: Schema.Struct({
47381
+ ip: Schema.String,
47382
+ }),
47383
+ }),
47384
+ Schema.Struct({
47385
+ okta: Schema.Struct({
47386
+ identityProviderId: Schema.String,
47387
+ name: Schema.String,
47388
+ }).pipe(
47389
+ Schema.encodeKeys({
47390
+ identityProviderId: "identity_provider_id",
47391
+ name: "name",
47392
+ }),
47393
+ ),
47394
+ }),
47395
+ Schema.Struct({
47396
+ saml: Schema.Struct({
47397
+ attributeName: Schema.String,
47398
+ attributeValue: Schema.String,
47399
+ identityProviderId: Schema.String,
47400
+ }).pipe(
47401
+ Schema.encodeKeys({
47402
+ attributeName: "attribute_name",
47403
+ attributeValue: "attribute_value",
47404
+ identityProviderId: "identity_provider_id",
47405
+ }),
47406
+ ),
47407
+ }),
47408
+ Schema.Struct({
47409
+ oidc: Schema.Struct({
47410
+ claimName: Schema.String,
47411
+ claimValue: Schema.String,
47412
+ identityProviderId: Schema.String,
47413
+ }).pipe(
47414
+ Schema.encodeKeys({
47415
+ claimName: "claim_name",
47416
+ claimValue: "claim_value",
47417
+ identityProviderId: "identity_provider_id",
47418
+ }),
47419
+ ),
47420
+ }),
47421
+ Schema.Struct({
47422
+ serviceToken: Schema.Struct({
47423
+ tokenId: Schema.String,
47424
+ }).pipe(Schema.encodeKeys({ tokenId: "token_id" })),
47425
+ }).pipe(Schema.encodeKeys({ serviceToken: "service_token" })),
47426
+ Schema.Struct({
47427
+ linkedAppToken: Schema.Struct({
47428
+ appUid: Schema.String,
47429
+ }).pipe(Schema.encodeKeys({ appUid: "app_uid" })),
47430
+ }).pipe(
47431
+ Schema.encodeKeys({ linkedAppToken: "linked_app_token" }),
47432
+ ),
47433
+ Schema.Struct({
47434
+ userRiskScore: Schema.Struct({
47435
+ userRiskScore: Schema.Array(
47436
+ Schema.Union([
47437
+ Schema.Literals(["low", "medium", "high", "unscored"]),
47438
+ Schema.String,
47439
+ ]),
47440
+ ),
47441
+ }).pipe(
47442
+ Schema.encodeKeys({ userRiskScore: "user_risk_score" }),
47443
+ ),
47444
+ }).pipe(
47445
+ Schema.encodeKeys({ userRiskScore: "user_risk_score" }),
47446
+ ),
47447
+ Schema.Struct({
47448
+ cloudflareAccountMember: Schema.Struct({
47449
+ accountId: Schema.optional(Schema.String),
47450
+ }).pipe(Schema.encodeKeys({ accountId: "account_id" })),
47451
+ }).pipe(
47452
+ Schema.encodeKeys({
47453
+ cloudflareAccountMember: "cloudflare_account_member",
47454
+ }),
47455
+ ),
47456
+ ]),
47457
+ ),
47458
+ ),
45544
47459
  }).pipe(
45545
47460
  Schema.encodeKeys({
45546
- id: "id",
45547
- approvalGroups: "approval_groups",
45548
- approvalRequired: "approval_required",
47461
+ decision: "decision",
47462
+ include: "include",
47463
+ name: "name",
45549
47464
  connectionRules: "connection_rules",
45550
- isolationRequired: "isolation_required",
47465
+ exclude: "exclude",
45551
47466
  mfaConfig: "mfa_config",
45552
- precedence: "precedence",
45553
- purposeJustificationPrompt: "purpose_justification_prompt",
45554
- purposeJustificationRequired: "purpose_justification_required",
45555
- sessionDuration: "session_duration",
47467
+ require: "require",
45556
47468
  }),
45557
47469
  ),
45558
- ]),
45559
- ),
47470
+ ),
47471
+ ]),
45560
47472
  ),
45561
47473
  readServiceTokensFromHeader: Schema.optional(Schema.String),
45562
47474
  sameSiteCookieAttribute: Schema.optional(Schema.String),
@@ -45697,14 +47609,239 @@ const UpdateAccessApplicationBaseFields = {
45697
47609
  skipInterstitial: Schema.optional(Schema.Boolean),
45698
47610
  tags: Schema.optional(Schema.Array(Schema.String)),
45699
47611
  useClientlessIsolationAppLauncherUrl: Schema.optional(Schema.Boolean),
47612
+ saasApp: Schema.optional(
47613
+ Schema.Struct({
47614
+ authType: Schema.optional(
47615
+ Schema.Union([Schema.Literals(["saml", "oidc"]), Schema.String]),
47616
+ ),
47617
+ consumerServiceUrl: Schema.optional(Schema.String),
47618
+ customAttributes: Schema.optional(
47619
+ Schema.Array(
47620
+ Schema.Struct({
47621
+ friendlyName: Schema.optional(Schema.String),
47622
+ name: Schema.optional(Schema.String),
47623
+ nameFormat: Schema.optional(
47624
+ Schema.Union([
47625
+ Schema.Literals([
47626
+ "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified",
47627
+ "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
47628
+ "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
47629
+ ]),
47630
+ Schema.String,
47631
+ ]),
47632
+ ),
47633
+ required: Schema.optional(Schema.Boolean),
47634
+ source: Schema.optional(
47635
+ Schema.Struct({
47636
+ name: Schema.optional(Schema.String),
47637
+ nameByIdp: Schema.optional(
47638
+ Schema.Array(
47639
+ Schema.Struct({
47640
+ idpId: Schema.optional(Schema.String),
47641
+ sourceName: Schema.optional(Schema.String),
47642
+ }).pipe(
47643
+ Schema.encodeKeys({
47644
+ idpId: "idp_id",
47645
+ sourceName: "source_name",
47646
+ }),
47647
+ ),
47648
+ ),
47649
+ ),
47650
+ }).pipe(
47651
+ Schema.encodeKeys({ name: "name", nameByIdp: "name_by_idp" }),
47652
+ ),
47653
+ ),
47654
+ }).pipe(
47655
+ Schema.encodeKeys({
47656
+ friendlyName: "friendly_name",
47657
+ name: "name",
47658
+ nameFormat: "name_format",
47659
+ required: "required",
47660
+ source: "source",
47661
+ }),
47662
+ ),
47663
+ ),
47664
+ ),
47665
+ defaultRelayState: Schema.optional(Schema.String),
47666
+ idpEntityId: Schema.optional(Schema.String),
47667
+ nameIdFormat: Schema.optional(
47668
+ Schema.Union([Schema.Literals(["id", "email"]), Schema.String]),
47669
+ ),
47670
+ nameIdTransformJsonata: Schema.optional(Schema.String),
47671
+ publicKey: Schema.optional(Schema.String),
47672
+ samlAttributeTransformJsonata: Schema.optional(Schema.String),
47673
+ spEntityId: Schema.optional(Schema.String),
47674
+ ssoEndpoint: Schema.optional(Schema.String),
47675
+ accessTokenLifetime: Schema.optional(Schema.String),
47676
+ allowPkceWithoutClientSecret: Schema.optional(Schema.Boolean),
47677
+ appLauncherUrl: Schema.optional(Schema.String),
47678
+ clientId: Schema.optional(Schema.String),
47679
+ clientSecret: Schema.optional(SensitiveString),
47680
+ customClaims: Schema.optional(
47681
+ Schema.Array(
47682
+ Schema.Struct({
47683
+ name: Schema.optional(Schema.String),
47684
+ required: Schema.optional(Schema.Boolean),
47685
+ scope: Schema.optional(
47686
+ Schema.Union([
47687
+ Schema.Literals(["groups", "profile", "email", "openid"]),
47688
+ Schema.String,
47689
+ ]),
47690
+ ),
47691
+ source: Schema.optional(
47692
+ Schema.Struct({
47693
+ name: Schema.optional(Schema.String),
47694
+ nameByIdp: Schema.optional(
47695
+ Schema.Record(Schema.String, Schema.Unknown),
47696
+ ),
47697
+ }).pipe(
47698
+ Schema.encodeKeys({ name: "name", nameByIdp: "name_by_idp" }),
47699
+ ),
47700
+ ),
47701
+ }),
47702
+ ),
47703
+ ),
47704
+ grantTypes: Schema.optional(
47705
+ Schema.Array(
47706
+ Schema.Union([
47707
+ Schema.Literals([
47708
+ "authorization_code",
47709
+ "authorization_code_with_pkce",
47710
+ "refresh_tokens",
47711
+ "hybrid",
47712
+ "implicit",
47713
+ ]),
47714
+ Schema.String,
47715
+ ]),
47716
+ ),
47717
+ ),
47718
+ groupFilterRegex: Schema.optional(Schema.String),
47719
+ hybridAndImplicitOptions: Schema.optional(
47720
+ Schema.Struct({
47721
+ returnAccessTokenFromAuthorizationEndpoint: Schema.optional(
47722
+ Schema.Boolean,
47723
+ ),
47724
+ returnIdTokenFromAuthorizationEndpoint: Schema.optional(
47725
+ Schema.Boolean,
47726
+ ),
47727
+ }).pipe(
47728
+ Schema.encodeKeys({
47729
+ returnAccessTokenFromAuthorizationEndpoint:
47730
+ "return_access_token_from_authorization_endpoint",
47731
+ returnIdTokenFromAuthorizationEndpoint:
47732
+ "return_id_token_from_authorization_endpoint",
47733
+ }),
47734
+ ),
47735
+ ),
47736
+ redirectUris: Schema.optional(Schema.Array(Schema.String)),
47737
+ refreshTokenOptions: Schema.optional(
47738
+ Schema.Struct({
47739
+ lifetime: Schema.optional(Schema.String),
47740
+ }),
47741
+ ),
47742
+ scopes: Schema.optional(
47743
+ Schema.Array(
47744
+ Schema.Union([
47745
+ Schema.Literals(["openid", "groups", "email", "profile"]),
47746
+ Schema.String,
47747
+ ]),
47748
+ ),
47749
+ ),
47750
+ }).pipe(
47751
+ Schema.encodeKeys({
47752
+ authType: "auth_type",
47753
+ consumerServiceUrl: "consumer_service_url",
47754
+ customAttributes: "custom_attributes",
47755
+ defaultRelayState: "default_relay_state",
47756
+ idpEntityId: "idp_entity_id",
47757
+ nameIdFormat: "name_id_format",
47758
+ nameIdTransformJsonata: "name_id_transform_jsonata",
47759
+ publicKey: "public_key",
47760
+ samlAttributeTransformJsonata: "saml_attribute_transform_jsonata",
47761
+ spEntityId: "sp_entity_id",
47762
+ ssoEndpoint: "sso_endpoint",
47763
+ accessTokenLifetime: "access_token_lifetime",
47764
+ allowPkceWithoutClientSecret: "allow_pkce_without_client_secret",
47765
+ appLauncherUrl: "app_launcher_url",
47766
+ clientId: "client_id",
47767
+ clientSecret: "client_secret",
47768
+ customClaims: "custom_claims",
47769
+ grantTypes: "grant_types",
47770
+ groupFilterRegex: "group_filter_regex",
47771
+ hybridAndImplicitOptions: "hybrid_and_implicit_options",
47772
+ redirectUris: "redirect_uris",
47773
+ refreshTokenOptions: "refresh_token_options",
47774
+ scopes: "scopes",
47775
+ }),
47776
+ ),
47777
+ ),
47778
+ appLauncherLogoUrl: Schema.optional(Schema.String),
47779
+ bgColor: Schema.optional(Schema.String),
47780
+ footerLinks: Schema.optional(
47781
+ Schema.Array(
47782
+ Schema.Struct({
47783
+ name: Schema.String,
47784
+ url: Schema.String,
47785
+ }),
47786
+ ),
47787
+ ),
47788
+ headerBgColor: Schema.optional(Schema.String),
47789
+ landingPageDesign: Schema.optional(
47790
+ Schema.Struct({
47791
+ buttonColor: Schema.optional(Schema.String),
47792
+ buttonTextColor: Schema.optional(Schema.String),
47793
+ imageUrl: Schema.optional(Schema.String),
47794
+ message: Schema.optional(Schema.String),
47795
+ title: Schema.optional(Schema.String),
47796
+ }).pipe(
47797
+ Schema.encodeKeys({
47798
+ buttonColor: "button_color",
47799
+ buttonTextColor: "button_text_color",
47800
+ imageUrl: "image_url",
47801
+ message: "message",
47802
+ title: "title",
47803
+ }),
47804
+ ),
47805
+ ),
47806
+ skipAppLauncherLoginPage: Schema.optional(Schema.Boolean),
47807
+ targetCriteria: Schema.optional(
47808
+ Schema.Union([
47809
+ Schema.Array(
47810
+ Schema.Struct({
47811
+ port: Schema.Number,
47812
+ protocol: Schema.Literal("SSH"),
47813
+ targetAttributes: Schema.Record(Schema.String, Schema.Unknown),
47814
+ }).pipe(
47815
+ Schema.encodeKeys({
47816
+ port: "port",
47817
+ protocol: "protocol",
47818
+ targetAttributes: "target_attributes",
47819
+ }),
47820
+ ),
47821
+ ),
47822
+ Schema.Array(
47823
+ Schema.Struct({
47824
+ port: Schema.Number,
47825
+ protocol: Schema.Literal("RDP"),
47826
+ targetAttributes: Schema.Record(Schema.String, Schema.Unknown),
47827
+ }).pipe(
47828
+ Schema.encodeKeys({
47829
+ port: "port",
47830
+ protocol: "protocol",
47831
+ targetAttributes: "target_attributes",
47832
+ }),
47833
+ ),
47834
+ ),
47835
+ ]),
47836
+ ),
45700
47837
  } as const;
45701
47838
 
45702
47839
  interface UpdateAccessApplicationBaseRequest {
45703
47840
  appId: string;
45704
47841
  /** Body param: The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher. */
45705
- domain: string;
47842
+ domain?: string;
45706
47843
  /** Body param: The application type. */
45707
- type:
47844
+ type?:
45708
47845
  | "self_hosted"
45709
47846
  | "saas"
45710
47847
  | "ssh"
@@ -45808,40 +47945,239 @@ interface UpdateAccessApplicationBaseRequest {
45808
47945
  /** Body param: Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default */
45809
47946
  pathCookieAttribute?: boolean;
45810
47947
  /** Body param: The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application. Reusable a */
45811
- policies?: (
45812
- | { id?: string; precedence?: number }
45813
- | string
47948
+ policies?:
47949
+ | (
47950
+ | { id?: string; precedence?: number }
47951
+ | string
47952
+ | {
47953
+ id?: string;
47954
+ approvalGroups?: {
47955
+ approvalsNeeded: number;
47956
+ emailAddresses?: string[];
47957
+ emailListUuid?: string;
47958
+ }[];
47959
+ approvalRequired?: boolean;
47960
+ connectionRules?: {
47961
+ rdp?: {
47962
+ allowedClipboardLocalToRemoteFormats?: "text"[];
47963
+ allowedClipboardRemoteToLocalFormats?: "text"[];
47964
+ };
47965
+ };
47966
+ isolationRequired?: boolean;
47967
+ mfaConfig?: {
47968
+ allowedAuthenticators?: (
47969
+ | "totp"
47970
+ | "biometrics"
47971
+ | "security_key"
47972
+ | (string & {})
47973
+ )[];
47974
+ mfaDisabled?: boolean;
47975
+ sessionDuration?: string;
47976
+ };
47977
+ precedence?: number;
47978
+ purposeJustificationPrompt?: string;
47979
+ purposeJustificationRequired?: boolean;
47980
+ sessionDuration?: string;
47981
+ }
47982
+ )[]
45814
47983
  | {
45815
- id?: string;
45816
- approvalGroups?: {
45817
- approvalsNeeded: number;
45818
- emailAddresses?: string[];
45819
- emailListUuid?: string;
45820
- }[];
45821
- approvalRequired?: boolean;
47984
+ decision: "allow" | "deny" | "non_identity" | "bypass" | (string & {});
47985
+ include: (
47986
+ | { group: { id: string } }
47987
+ | { anyValidServiceToken: unknown }
47988
+ | {
47989
+ authContext: {
47990
+ id: string;
47991
+ acId: string;
47992
+ identityProviderId: string;
47993
+ };
47994
+ }
47995
+ | { authMethod: { authMethod: string } }
47996
+ | { azureAD: { id: string; identityProviderId: string } }
47997
+ | { certificate: unknown }
47998
+ | { commonName: { commonName: string } }
47999
+ | { geo: { countryCode: string } }
48000
+ | { devicePosture: { integrationUid: string } }
48001
+ | { emailDomain: { domain: string } }
48002
+ | { emailList: { id: string } }
48003
+ | { email: { email: string } }
48004
+ | { everyone: unknown }
48005
+ | { externalEvaluation: { evaluateUrl: string; keysUrl: string } }
48006
+ | {
48007
+ githubOrganization: {
48008
+ identityProviderId: string;
48009
+ name: string;
48010
+ team?: string;
48011
+ };
48012
+ }
48013
+ | { gsuite: { email: string; identityProviderId: string } }
48014
+ | { loginMethod: { id: string } }
48015
+ | { ipList: { id: string } }
48016
+ | { ip: { ip: string } }
48017
+ | { okta: { identityProviderId: string; name: string } }
48018
+ | {
48019
+ saml: {
48020
+ attributeName: string;
48021
+ attributeValue: string;
48022
+ identityProviderId: string;
48023
+ };
48024
+ }
48025
+ | {
48026
+ oidc: {
48027
+ claimName: string;
48028
+ claimValue: string;
48029
+ identityProviderId: string;
48030
+ };
48031
+ }
48032
+ | { serviceToken: { tokenId: string } }
48033
+ | { linkedAppToken: { appUid: string } }
48034
+ | {
48035
+ userRiskScore: {
48036
+ userRiskScore: (
48037
+ | "low"
48038
+ | "medium"
48039
+ | "high"
48040
+ | "unscored"
48041
+ | (string & {})
48042
+ )[];
48043
+ };
48044
+ }
48045
+ | { cloudflareAccountMember: { accountId?: string } }
48046
+ )[];
48047
+ name: string;
45822
48048
  connectionRules?: {
45823
- rdp?: {
45824
- allowedClipboardLocalToRemoteFormats?: "text"[];
45825
- allowedClipboardRemoteToLocalFormats?: "text"[];
45826
- };
48049
+ ssh?: { usernames: string[]; allowEmailAlias?: boolean };
45827
48050
  };
45828
- isolationRequired?: boolean;
48051
+ exclude?: (
48052
+ | { group: { id: string } }
48053
+ | { anyValidServiceToken: unknown }
48054
+ | {
48055
+ authContext: {
48056
+ id: string;
48057
+ acId: string;
48058
+ identityProviderId: string;
48059
+ };
48060
+ }
48061
+ | { authMethod: { authMethod: string } }
48062
+ | { azureAD: { id: string; identityProviderId: string } }
48063
+ | { certificate: unknown }
48064
+ | { commonName: { commonName: string } }
48065
+ | { geo: { countryCode: string } }
48066
+ | { devicePosture: { integrationUid: string } }
48067
+ | { emailDomain: { domain: string } }
48068
+ | { emailList: { id: string } }
48069
+ | { email: { email: string } }
48070
+ | { everyone: unknown }
48071
+ | { externalEvaluation: { evaluateUrl: string; keysUrl: string } }
48072
+ | {
48073
+ githubOrganization: {
48074
+ identityProviderId: string;
48075
+ name: string;
48076
+ team?: string;
48077
+ };
48078
+ }
48079
+ | { gsuite: { email: string; identityProviderId: string } }
48080
+ | { loginMethod: { id: string } }
48081
+ | { ipList: { id: string } }
48082
+ | { ip: { ip: string } }
48083
+ | { okta: { identityProviderId: string; name: string } }
48084
+ | {
48085
+ saml: {
48086
+ attributeName: string;
48087
+ attributeValue: string;
48088
+ identityProviderId: string;
48089
+ };
48090
+ }
48091
+ | {
48092
+ oidc: {
48093
+ claimName: string;
48094
+ claimValue: string;
48095
+ identityProviderId: string;
48096
+ };
48097
+ }
48098
+ | { serviceToken: { tokenId: string } }
48099
+ | { linkedAppToken: { appUid: string } }
48100
+ | {
48101
+ userRiskScore: {
48102
+ userRiskScore: (
48103
+ | "low"
48104
+ | "medium"
48105
+ | "high"
48106
+ | "unscored"
48107
+ | (string & {})
48108
+ )[];
48109
+ };
48110
+ }
48111
+ | { cloudflareAccountMember: { accountId?: string } }
48112
+ )[];
45829
48113
  mfaConfig?: {
45830
- allowedAuthenticators?: (
45831
- | "totp"
45832
- | "biometrics"
45833
- | "security_key"
45834
- | (string & {})
45835
- )[];
48114
+ allowedAuthenticators?: "ssh_piv_key"[];
45836
48115
  mfaDisabled?: boolean;
45837
48116
  sessionDuration?: string;
45838
48117
  };
45839
- precedence?: number;
45840
- purposeJustificationPrompt?: string;
45841
- purposeJustificationRequired?: boolean;
45842
- sessionDuration?: string;
45843
- }
45844
- )[];
48118
+ require?: (
48119
+ | { group: { id: string } }
48120
+ | { anyValidServiceToken: unknown }
48121
+ | {
48122
+ authContext: {
48123
+ id: string;
48124
+ acId: string;
48125
+ identityProviderId: string;
48126
+ };
48127
+ }
48128
+ | { authMethod: { authMethod: string } }
48129
+ | { azureAD: { id: string; identityProviderId: string } }
48130
+ | { certificate: unknown }
48131
+ | { commonName: { commonName: string } }
48132
+ | { geo: { countryCode: string } }
48133
+ | { devicePosture: { integrationUid: string } }
48134
+ | { emailDomain: { domain: string } }
48135
+ | { emailList: { id: string } }
48136
+ | { email: { email: string } }
48137
+ | { everyone: unknown }
48138
+ | { externalEvaluation: { evaluateUrl: string; keysUrl: string } }
48139
+ | {
48140
+ githubOrganization: {
48141
+ identityProviderId: string;
48142
+ name: string;
48143
+ team?: string;
48144
+ };
48145
+ }
48146
+ | { gsuite: { email: string; identityProviderId: string } }
48147
+ | { loginMethod: { id: string } }
48148
+ | { ipList: { id: string } }
48149
+ | { ip: { ip: string } }
48150
+ | { okta: { identityProviderId: string; name: string } }
48151
+ | {
48152
+ saml: {
48153
+ attributeName: string;
48154
+ attributeValue: string;
48155
+ identityProviderId: string;
48156
+ };
48157
+ }
48158
+ | {
48159
+ oidc: {
48160
+ claimName: string;
48161
+ claimValue: string;
48162
+ identityProviderId: string;
48163
+ };
48164
+ }
48165
+ | { serviceToken: { tokenId: string } }
48166
+ | { linkedAppToken: { appUid: string } }
48167
+ | {
48168
+ userRiskScore: {
48169
+ userRiskScore: (
48170
+ | "low"
48171
+ | "medium"
48172
+ | "high"
48173
+ | "unscored"
48174
+ | (string & {})
48175
+ )[];
48176
+ };
48177
+ }
48178
+ | { cloudflareAccountMember: { accountId?: string } }
48179
+ )[];
48180
+ }[];
45845
48181
  /** Body param: Allows matching Access Service Tokens passed HTTP in a single header with this name. This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers. The */
45846
48182
  readServiceTokensFromHeader?: string;
45847
48183
  /** Body param: Sets the SameSite cookie setting, which provides increased security against CSRF attacks. */
@@ -45906,6 +48242,90 @@ interface UpdateAccessApplicationBaseRequest {
45906
48242
  tags?: string[];
45907
48243
  /** Body param: Determines if users can access this application via a clientless browser isolation URL. This allows users to access private domains without connecting to Gateway. The option requires Clien */
45908
48244
  useClientlessIsolationAppLauncherUrl?: boolean;
48245
+ /** Body param */
48246
+ saasApp?: {
48247
+ authType?: "saml" | "oidc" | (string & {});
48248
+ consumerServiceUrl?: string;
48249
+ customAttributes?: {
48250
+ friendlyName?: string;
48251
+ name?: string;
48252
+ nameFormat?:
48253
+ | "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
48254
+ | "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
48255
+ | "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
48256
+ | (string & {});
48257
+ required?: boolean;
48258
+ source?: {
48259
+ name?: string;
48260
+ nameByIdp?: { idpId?: string; sourceName?: string }[];
48261
+ };
48262
+ }[];
48263
+ defaultRelayState?: string;
48264
+ idpEntityId?: string;
48265
+ nameIdFormat?: "id" | "email" | (string & {});
48266
+ nameIdTransformJsonata?: string;
48267
+ publicKey?: string;
48268
+ samlAttributeTransformJsonata?: string;
48269
+ spEntityId?: string;
48270
+ ssoEndpoint?: string;
48271
+ accessTokenLifetime?: string;
48272
+ allowPkceWithoutClientSecret?: boolean;
48273
+ appLauncherUrl?: string;
48274
+ clientId?: string;
48275
+ clientSecret?: string;
48276
+ customClaims?: {
48277
+ name?: string;
48278
+ required?: boolean;
48279
+ scope?: "groups" | "profile" | "email" | "openid" | (string & {});
48280
+ source?: { name?: string; nameByIdp?: Record<string, unknown> };
48281
+ }[];
48282
+ grantTypes?: (
48283
+ | "authorization_code"
48284
+ | "authorization_code_with_pkce"
48285
+ | "refresh_tokens"
48286
+ | "hybrid"
48287
+ | "implicit"
48288
+ | (string & {})
48289
+ )[];
48290
+ groupFilterRegex?: string;
48291
+ hybridAndImplicitOptions?: {
48292
+ returnAccessTokenFromAuthorizationEndpoint?: boolean;
48293
+ returnIdTokenFromAuthorizationEndpoint?: boolean;
48294
+ };
48295
+ redirectUris?: string[];
48296
+ refreshTokenOptions?: { lifetime?: string };
48297
+ scopes?: ("openid" | "groups" | "email" | "profile" | (string & {}))[];
48298
+ };
48299
+ /** Body param: The image URL of the logo shown in the App Launcher header. */
48300
+ appLauncherLogoUrl?: string;
48301
+ /** Body param: The background color of the App Launcher page. */
48302
+ bgColor?: string;
48303
+ /** Body param: The links in the App Launcher footer. */
48304
+ footerLinks?: { name: string; url: string }[];
48305
+ /** Body param: The background color of the App Launcher header. */
48306
+ headerBgColor?: string;
48307
+ /** Body param: The design of the App Launcher landing page shown to users when they log in. */
48308
+ landingPageDesign?: {
48309
+ buttonColor?: string;
48310
+ buttonTextColor?: string;
48311
+ imageUrl?: string;
48312
+ message?: string;
48313
+ title?: string;
48314
+ };
48315
+ /** Body param: Determines when to skip the App Launcher landing page. */
48316
+ skipAppLauncherLoginPage?: boolean;
48317
+ /** Body param */
48318
+ targetCriteria?:
48319
+ | {
48320
+ port: number;
48321
+ protocol: "SSH";
48322
+ targetAttributes: Record<string, unknown>;
48323
+ }[]
48324
+ | {
48325
+ port: number;
48326
+ protocol: "RDP";
48327
+ targetAttributes: Record<string, unknown>;
48328
+ }[];
45909
48329
  }
45910
48330
 
45911
48331
  export interface UpdateAccessApplicationForAccountRequest extends UpdateAccessApplicationBaseRequest {
@@ -45956,6 +48376,14 @@ export const UpdateAccessApplicationForAccountRequest =
45956
48376
  tags: "tags",
45957
48377
  useClientlessIsolationAppLauncherUrl:
45958
48378
  "use_clientless_isolation_app_launcher_url",
48379
+ saasApp: "saas_app",
48380
+ appLauncherLogoUrl: "app_launcher_logo_url",
48381
+ bgColor: "bg_color",
48382
+ footerLinks: "footer_links",
48383
+ headerBgColor: "header_bg_color",
48384
+ landingPageDesign: "landing_page_design",
48385
+ skipAppLauncherLoginPage: "skip_app_launcher_login_page",
48386
+ targetCriteria: "target_criteria",
45959
48387
  }),
45960
48388
  T.Http({
45961
48389
  method: "PUT",
@@ -46001,6 +48429,14 @@ export const UpdateAccessApplicationForZoneRequest =
46001
48429
  tags: "tags",
46002
48430
  useClientlessIsolationAppLauncherUrl:
46003
48431
  "use_clientless_isolation_app_launcher_url",
48432
+ saasApp: "saas_app",
48433
+ appLauncherLogoUrl: "app_launcher_logo_url",
48434
+ bgColor: "bg_color",
48435
+ footerLinks: "footer_links",
48436
+ headerBgColor: "header_bg_color",
48437
+ landingPageDesign: "landing_page_design",
48438
+ skipAppLauncherLoginPage: "skip_app_launcher_login_page",
48439
+ targetCriteria: "target_criteria",
46004
48440
  }),
46005
48441
  T.Http({ method: "PUT", path: "/zones/{zone_id}/access/apps/{appId}" }),
46006
48442
  ) as unknown as Schema.Schema<UpdateAccessApplicationForZoneRequest>;
@@ -103190,11 +105626,11 @@ export interface UpdateDlpEntryRequest {
103190
105626
  /** Path param */
103191
105627
  accountId: string;
103192
105628
  /** Body param */
103193
- name: string;
105629
+ name?: string;
103194
105630
  /** Body param */
103195
- pattern: { regex: string; validation?: "luhn" };
105631
+ pattern?: { regex: string; validation?: "luhn" };
103196
105632
  /** Body param */
103197
- type: "custom";
105633
+ type: "custom" | "predefined" | "integration" | (string & {});
103198
105634
  /** Body param */
103199
105635
  description?: string | null;
103200
105636
  /** Body param */
@@ -103204,12 +105640,17 @@ export interface UpdateDlpEntryRequest {
103204
105640
  export const UpdateDlpEntryRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
103205
105641
  entryId: Schema.String.pipe(T.HttpPath("entryId")),
103206
105642
  accountId: Schema.String.pipe(T.HttpPath("account_id")),
103207
- name: Schema.String,
103208
- pattern: Schema.Struct({
103209
- regex: Schema.String,
103210
- validation: Schema.optional(Schema.Literal("luhn")),
103211
- }),
103212
- type: Schema.Literal("custom"),
105643
+ name: Schema.optional(Schema.String),
105644
+ pattern: Schema.optional(
105645
+ Schema.Struct({
105646
+ regex: Schema.String,
105647
+ validation: Schema.optional(Schema.Literal("luhn")),
105648
+ }),
105649
+ ),
105650
+ type: Schema.Union([
105651
+ Schema.Literals(["custom", "predefined", "integration"]),
105652
+ Schema.String,
105653
+ ]),
103213
105654
  description: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
103214
105655
  enabled: Schema.optional(Schema.Boolean),
103215
105656
  }).pipe(
@@ -123407,14 +125848,16 @@ export interface CreateGatewayProxyEndpointRequest {
123407
125848
  /** Body param: Specify the name of the proxy endpoint. */
123408
125849
  name: string;
123409
125850
  /** Body param: The proxy endpoint kind */
123410
- kind?: "ip";
125851
+ kind?: "ip" | "identity" | (string & {});
123411
125852
  }
123412
125853
 
123413
125854
  export const CreateGatewayProxyEndpointRequest =
123414
125855
  /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
123415
125856
  accountId: Schema.String.pipe(T.HttpPath("account_id")),
123416
125857
  name: Schema.String,
123417
- kind: Schema.optional(Schema.Literal("ip")),
125858
+ kind: Schema.optional(
125859
+ Schema.Union([Schema.Literals(["ip", "identity"]), Schema.String]),
125860
+ ),
123418
125861
  }).pipe(
123419
125862
  T.Http({
123420
125863
  method: "POST",
@@ -132794,6 +135237,39 @@ const CreateIdentityProviderBaseFields = {
132794
135237
  ]),
132795
135238
  ),
132796
135239
  supportGroups: Schema.optional(Schema.Boolean),
135240
+ centrifyAccount: Schema.optional(Schema.String),
135241
+ centrifyAppId: Schema.optional(Schema.String),
135242
+ appsDomain: Schema.optional(Schema.String),
135243
+ authUrl: Schema.optional(Schema.String),
135244
+ certsUrl: Schema.optional(Schema.String),
135245
+ pkceEnabled: Schema.optional(Schema.Boolean),
135246
+ scopes: Schema.optional(Schema.Array(Schema.String)),
135247
+ tokenUrl: Schema.optional(Schema.String),
135248
+ authorizationServerId: Schema.optional(Schema.String),
135249
+ oktaAccount: Schema.optional(Schema.String),
135250
+ oneloginAccount: Schema.optional(Schema.String),
135251
+ pingEnvId: Schema.optional(Schema.String),
135252
+ attributes: Schema.optional(Schema.Array(Schema.String)),
135253
+ emailAttributeName: Schema.optional(Schema.String),
135254
+ enableEncryption: Schema.optional(Schema.Boolean),
135255
+ headerAttributes: Schema.optional(
135256
+ Schema.Array(
135257
+ Schema.Struct({
135258
+ attributeName: Schema.optional(Schema.String),
135259
+ headerName: Schema.optional(Schema.String),
135260
+ }).pipe(
135261
+ Schema.encodeKeys({
135262
+ attributeName: "attribute_name",
135263
+ headerName: "header_name",
135264
+ }),
135265
+ ),
135266
+ ),
135267
+ ),
135268
+ idpPublicCerts: Schema.optional(Schema.Array(Schema.String)),
135269
+ issuerUrl: Schema.optional(Schema.String),
135270
+ signRequest: Schema.optional(Schema.Boolean),
135271
+ ssoTargetUrl: Schema.optional(Schema.String),
135272
+ restrictToAccountMembers: Schema.optional(Schema.Boolean),
132797
135273
  }).pipe(
132798
135274
  Schema.encodeKeys({
132799
135275
  claims: "claims",
@@ -132804,6 +135280,27 @@ const CreateIdentityProviderBaseFields = {
132804
135280
  emailClaimName: "email_claim_name",
132805
135281
  prompt: "prompt",
132806
135282
  supportGroups: "support_groups",
135283
+ centrifyAccount: "centrify_account",
135284
+ centrifyAppId: "centrify_app_id",
135285
+ appsDomain: "apps_domain",
135286
+ authUrl: "auth_url",
135287
+ certsUrl: "certs_url",
135288
+ pkceEnabled: "pkce_enabled",
135289
+ scopes: "scopes",
135290
+ tokenUrl: "token_url",
135291
+ authorizationServerId: "authorization_server_id",
135292
+ oktaAccount: "okta_account",
135293
+ oneloginAccount: "onelogin_account",
135294
+ pingEnvId: "ping_env_id",
135295
+ attributes: "attributes",
135296
+ emailAttributeName: "email_attribute_name",
135297
+ enableEncryption: "enable_encryption",
135298
+ headerAttributes: "header_attributes",
135299
+ idpPublicCerts: "idp_public_certs",
135300
+ issuerUrl: "issuer_url",
135301
+ signRequest: "sign_request",
135302
+ ssoTargetUrl: "sso_target_url",
135303
+ restrictToAccountMembers: "restrict_to_account_members",
132807
135304
  }),
132808
135305
  ),
132809
135306
  name: Schema.String,
@@ -132861,6 +135358,27 @@ interface CreateIdentityProviderBaseRequest {
132861
135358
  emailClaimName?: string;
132862
135359
  prompt?: "login" | "select_account" | "none" | (string & {});
132863
135360
  supportGroups?: boolean;
135361
+ centrifyAccount?: string;
135362
+ centrifyAppId?: string;
135363
+ appsDomain?: string;
135364
+ authUrl?: string;
135365
+ certsUrl?: string;
135366
+ pkceEnabled?: boolean;
135367
+ scopes?: string[];
135368
+ tokenUrl?: string;
135369
+ authorizationServerId?: string;
135370
+ oktaAccount?: string;
135371
+ oneloginAccount?: string;
135372
+ pingEnvId?: string;
135373
+ attributes?: string[];
135374
+ emailAttributeName?: string;
135375
+ enableEncryption?: boolean;
135376
+ headerAttributes?: { attributeName?: string; headerName?: string }[];
135377
+ idpPublicCerts?: string[];
135378
+ issuerUrl?: string;
135379
+ signRequest?: boolean;
135380
+ ssoTargetUrl?: string;
135381
+ restrictToAccountMembers?: boolean;
132864
135382
  };
132865
135383
  /** Body param: The name of the identity provider, shown to users on the login page. */
132866
135384
  name: string;
@@ -135322,6 +137840,39 @@ const UpdateIdentityProviderBaseFields = {
135322
137840
  ]),
135323
137841
  ),
135324
137842
  supportGroups: Schema.optional(Schema.Boolean),
137843
+ centrifyAccount: Schema.optional(Schema.String),
137844
+ centrifyAppId: Schema.optional(Schema.String),
137845
+ appsDomain: Schema.optional(Schema.String),
137846
+ authUrl: Schema.optional(Schema.String),
137847
+ certsUrl: Schema.optional(Schema.String),
137848
+ pkceEnabled: Schema.optional(Schema.Boolean),
137849
+ scopes: Schema.optional(Schema.Array(Schema.String)),
137850
+ tokenUrl: Schema.optional(Schema.String),
137851
+ authorizationServerId: Schema.optional(Schema.String),
137852
+ oktaAccount: Schema.optional(Schema.String),
137853
+ oneloginAccount: Schema.optional(Schema.String),
137854
+ pingEnvId: Schema.optional(Schema.String),
137855
+ attributes: Schema.optional(Schema.Array(Schema.String)),
137856
+ emailAttributeName: Schema.optional(Schema.String),
137857
+ enableEncryption: Schema.optional(Schema.Boolean),
137858
+ headerAttributes: Schema.optional(
137859
+ Schema.Array(
137860
+ Schema.Struct({
137861
+ attributeName: Schema.optional(Schema.String),
137862
+ headerName: Schema.optional(Schema.String),
137863
+ }).pipe(
137864
+ Schema.encodeKeys({
137865
+ attributeName: "attribute_name",
137866
+ headerName: "header_name",
137867
+ }),
137868
+ ),
137869
+ ),
137870
+ ),
137871
+ idpPublicCerts: Schema.optional(Schema.Array(Schema.String)),
137872
+ issuerUrl: Schema.optional(Schema.String),
137873
+ signRequest: Schema.optional(Schema.Boolean),
137874
+ ssoTargetUrl: Schema.optional(Schema.String),
137875
+ restrictToAccountMembers: Schema.optional(Schema.Boolean),
135325
137876
  }).pipe(
135326
137877
  Schema.encodeKeys({
135327
137878
  claims: "claims",
@@ -135332,6 +137883,27 @@ const UpdateIdentityProviderBaseFields = {
135332
137883
  emailClaimName: "email_claim_name",
135333
137884
  prompt: "prompt",
135334
137885
  supportGroups: "support_groups",
137886
+ centrifyAccount: "centrify_account",
137887
+ centrifyAppId: "centrify_app_id",
137888
+ appsDomain: "apps_domain",
137889
+ authUrl: "auth_url",
137890
+ certsUrl: "certs_url",
137891
+ pkceEnabled: "pkce_enabled",
137892
+ scopes: "scopes",
137893
+ tokenUrl: "token_url",
137894
+ authorizationServerId: "authorization_server_id",
137895
+ oktaAccount: "okta_account",
137896
+ oneloginAccount: "onelogin_account",
137897
+ pingEnvId: "ping_env_id",
137898
+ attributes: "attributes",
137899
+ emailAttributeName: "email_attribute_name",
137900
+ enableEncryption: "enable_encryption",
137901
+ headerAttributes: "header_attributes",
137902
+ idpPublicCerts: "idp_public_certs",
137903
+ issuerUrl: "issuer_url",
137904
+ signRequest: "sign_request",
137905
+ ssoTargetUrl: "sso_target_url",
137906
+ restrictToAccountMembers: "restrict_to_account_members",
135335
137907
  }),
135336
137908
  ),
135337
137909
  name: Schema.String,
@@ -135390,6 +137962,27 @@ interface UpdateIdentityProviderBaseRequest {
135390
137962
  emailClaimName?: string;
135391
137963
  prompt?: "login" | "select_account" | "none" | (string & {});
135392
137964
  supportGroups?: boolean;
137965
+ centrifyAccount?: string;
137966
+ centrifyAppId?: string;
137967
+ appsDomain?: string;
137968
+ authUrl?: string;
137969
+ certsUrl?: string;
137970
+ pkceEnabled?: boolean;
137971
+ scopes?: string[];
137972
+ tokenUrl?: string;
137973
+ authorizationServerId?: string;
137974
+ oktaAccount?: string;
137975
+ oneloginAccount?: string;
137976
+ pingEnvId?: string;
137977
+ attributes?: string[];
137978
+ emailAttributeName?: string;
137979
+ enableEncryption?: boolean;
137980
+ headerAttributes?: { attributeName?: string; headerName?: string }[];
137981
+ idpPublicCerts?: string[];
137982
+ issuerUrl?: string;
137983
+ signRequest?: boolean;
137984
+ ssoTargetUrl?: string;
137985
+ restrictToAccountMembers?: boolean;
135393
137986
  };
135394
137987
  /** Body param: The name of the identity provider, shown to users on the login page. */
135395
137988
  name: string;