@pulumi/cloudflare 4.7.0 → 4.8.0

package/accessApplication.d.ts

@@ -1,10 +1,16 @@
 import * as pulumi from "@pulumi/pulumi";
 import { input as inputs, output as outputs } from "./types";
 /**
- * Provides a Cloudflare Access Application resource. Access Applications
- * are used to restrict access to a whole application using an
+ * Provides a Cloudflare Access Application resource. Access
+ * Applications are used to restrict access to a whole application using an
  * authorisation gateway managed by Cloudflare.
  *
+ * > It's required that an `accountId` or `zoneId` is provided and in
+ * most cases using either is fine. However, if you're using a scoped
+ * access token, you must provide the argument that matches the token's
+ * scope. For example, an access token that is scoped to the "example.com"
+ * zone needs to use the `zoneId` argument.
+ *
  * ## Example Usage
  *
  * ```typescript
@@ -33,10 +39,8 @@ import { input as inputs, output as outputs } from "./types";
  *
  * ## Import
  *
- * Access Applications can be imported using a composite ID formed of account ID and application ID.
- *
  * ```sh
- *  $ pulumi import cloudflare:index/accessApplication:AccessApplication staging cb029e245cfdd66dc8d2e570d5dd3322/d41d8cd98f00b204e9800998ecf8427e
+ *  $ pulumi import cloudflare:index/accessApplication:AccessApplication example <account_id>/<application_id>
  * ```
  */
 export declare class AccessApplication extends pulumi.CustomResource {
@@ -56,7 +60,7 @@ export declare class AccessApplication extends pulumi.CustomResource {
      */
     static isInstance(obj: any): obj is AccessApplication;
     /**
-     * The account to which the access application should be added. Conflicts with `zoneId`.
+     * The account identifier to target for the resource.
      */
     readonly accountId: pulumi.Output<string>;
     /**
@@ -64,22 +68,19 @@ export declare class AccessApplication extends pulumi.CustomResource {
      */
     readonly allowedIdps: pulumi.Output<string[] | undefined>;
     /**
-     * Option to show/hide applications in App Launcher. Defaults to `true`.
+     * Option to show/hide applications in App Launcher.
      */
     readonly appLauncherVisible: pulumi.Output<boolean | undefined>;
     /**
-     * Application Audience (AUD) Tag of the application
+     * Application Audience (AUD) Tag of the application.
      */
     readonly aud: pulumi.Output<string>;
     /**
-     * Option to skip identity provider
-     * selection if only one is configured in allowed_idps. Defaults to `false`
-     * (disabled).
+     * Option to skip identity provider selection if only one is configured in `allowed_idps`.
      */
     readonly autoRedirectToIdentity: pulumi.Output<boolean | undefined>;
     /**
-     * CORS configuration for the Access Application. See
-     * below for reference structure.
+     * CORS configuration for the Access Application. See below for reference structure.
      */
     readonly corsHeaders: pulumi.Output<outputs.AccessApplicationCorsHeader[] | undefined>;
     /**
@@ -91,21 +92,20 @@ export declare class AccessApplication extends pulumi.CustomResource {
      */
     readonly customDenyUrl: pulumi.Output<string | undefined>;
     /**
-     * The complete URL of the asset you wish to put
-     * Cloudflare Access in front of. Can include subdomains or paths. Or both.
+     * The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.
      */
     readonly domain: pulumi.Output<string>;
     /**
-     * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
+     * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an
+     * additional "binding" cookie on requests.
      */
     readonly enableBindingCookie: pulumi.Output<boolean | undefined>;
     /**
      * Option to add the `HttpOnly` cookie flag to access tokens.
      */
-    readonly httpOnlyCookieAttribute: pulumi.Output<boolean>;
+    readonly httpOnlyCookieAttribute: pulumi.Output<boolean | undefined>;
     /**
-     * Image URL for the logo shown in the app launcher
-     * dashboard.
+     * Image URL for the logo shown in the app launcher dashboard.
      */
     readonly logoUrl: pulumi.Output<string | undefined>;
     /**
@@ -113,33 +113,27 @@ export declare class AccessApplication extends pulumi.CustomResource {
      */
     readonly name: pulumi.Output<string>;
     /**
-     * Defines the same-site cookie setting
-     * for access tokens. Valid values are `none`, `lax`, and `strict`.
+     * Defines the same-site cookie setting for access tokens. Available values: `none`, `lax`, `strict`
      */
     readonly sameSiteCookieAttribute: pulumi.Output<string | undefined>;
     /**
-     * Option to return a 401 status code in
-     * service authentication rules on failed requests.
+     * Option to return a 401 status code in service authentication rules on failed requests.
      */
     readonly serviceAuth401Redirect: pulumi.Output<boolean | undefined>;
     /**
-     * How often a user will be forced to
-     * re-authorise. Must be in the format `"48h"` or `"2h45m"`.
-     * Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. Defaults to `24h`.
+     * How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`
      */
     readonly sessionDuration: pulumi.Output<string | undefined>;
     /**
-     * Option to skip the authorization interstitial
-     * when using the CLI.
+     * Option to skip the authorization interstitial when using the CLI.
      */
     readonly skipInterstitial: pulumi.Output<boolean | undefined>;
     /**
-     * The application type. Defaults to `selfHosted`. Valid
-     * values are `selfHosted`, `ssh`, `vnc`, `file` or `bookmark`.
+     * The application type. Available values: `self_hosted`, `ssh`, `vnc`, `file`
      */
     readonly type: pulumi.Output<string | undefined>;
     /**
-     * The DNS zone to which the access application should be added. Conflicts with `accountId`.
+     * The zone identifier to target for the resource.
      */
     readonly zoneId: pulumi.Output<string>;
     /**
@@ -156,7 +150,7 @@ export declare class AccessApplication extends pulumi.CustomResource {
  */
 export interface AccessApplicationState {
     /**
-     * The account to which the access application should be added. Conflicts with `zoneId`.
+     * The account identifier to target for the resource.
      */
     accountId?: pulumi.Input<string>;
     /**
@@ -164,22 +158,19 @@ export interface AccessApplicationState {
      */
     allowedIdps?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * Option to show/hide applications in App Launcher. Defaults to `true`.
+     * Option to show/hide applications in App Launcher.
      */
     appLauncherVisible?: pulumi.Input<boolean>;
     /**
-     * Application Audience (AUD) Tag of the application
+     * Application Audience (AUD) Tag of the application.
      */
     aud?: pulumi.Input<string>;
     /**
-     * Option to skip identity provider
-     * selection if only one is configured in allowed_idps. Defaults to `false`
-     * (disabled).
+     * Option to skip identity provider selection if only one is configured in `allowed_idps`.
      */
     autoRedirectToIdentity?: pulumi.Input<boolean>;
     /**
-     * CORS configuration for the Access Application. See
-     * below for reference structure.
+     * CORS configuration for the Access Application. See below for reference structure.
      */
     corsHeaders?: pulumi.Input<pulumi.Input<inputs.AccessApplicationCorsHeader>[]>;
     /**
@@ -191,12 +182,12 @@ export interface AccessApplicationState {
      */
     customDenyUrl?: pulumi.Input<string>;
     /**
-     * The complete URL of the asset you wish to put
-     * Cloudflare Access in front of. Can include subdomains or paths. Or both.
+     * The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.
      */
     domain?: pulumi.Input<string>;
     /**
-     * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
+     * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an
+     * additional "binding" cookie on requests.
      */
     enableBindingCookie?: pulumi.Input<boolean>;
     /**
@@ -204,8 +195,7 @@ export interface AccessApplicationState {
      */
     httpOnlyCookieAttribute?: pulumi.Input<boolean>;
     /**
-     * Image URL for the logo shown in the app launcher
-     * dashboard.
+     * Image URL for the logo shown in the app launcher dashboard.
      */
     logoUrl?: pulumi.Input<string>;
     /**
@@ -213,33 +203,27 @@ export interface AccessApplicationState {
      */
     name?: pulumi.Input<string>;
     /**
-     * Defines the same-site cookie setting
-     * for access tokens. Valid values are `none`, `lax`, and `strict`.
+     * Defines the same-site cookie setting for access tokens. Available values: `none`, `lax`, `strict`
      */
     sameSiteCookieAttribute?: pulumi.Input<string>;
     /**
-     * Option to return a 401 status code in
-     * service authentication rules on failed requests.
+     * Option to return a 401 status code in service authentication rules on failed requests.
      */
     serviceAuth401Redirect?: pulumi.Input<boolean>;
     /**
-     * How often a user will be forced to
-     * re-authorise. Must be in the format `"48h"` or `"2h45m"`.
-     * Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. Defaults to `24h`.
+     * How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`
      */
     sessionDuration?: pulumi.Input<string>;
     /**
-     * Option to skip the authorization interstitial
-     * when using the CLI.
+     * Option to skip the authorization interstitial when using the CLI.
      */
     skipInterstitial?: pulumi.Input<boolean>;
     /**
-     * The application type. Defaults to `selfHosted`. Valid
-     * values are `selfHosted`, `ssh`, `vnc`, `file` or `bookmark`.
+     * The application type. Available values: `self_hosted`, `ssh`, `vnc`, `file`
      */
     type?: pulumi.Input<string>;
     /**
-     * The DNS zone to which the access application should be added. Conflicts with `accountId`.
+     * The zone identifier to target for the resource.
      */
     zoneId?: pulumi.Input<string>;
 }
@@ -248,7 +232,7 @@ export interface AccessApplicationState {
  */
 export interface AccessApplicationArgs {
     /**
-     * The account to which the access application should be added. Conflicts with `zoneId`.
+     * The account identifier to target for the resource.
      */
     accountId?: pulumi.Input<string>;
     /**
@@ -256,18 +240,15 @@ export interface AccessApplicationArgs {
      */
     allowedIdps?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * Option to show/hide applications in App Launcher. Defaults to `true`.
+     * Option to show/hide applications in App Launcher.
      */
     appLauncherVisible?: pulumi.Input<boolean>;
     /**
-     * Option to skip identity provider
-     * selection if only one is configured in allowed_idps. Defaults to `false`
-     * (disabled).
+     * Option to skip identity provider selection if only one is configured in `allowed_idps`.
      */
     autoRedirectToIdentity?: pulumi.Input<boolean>;
     /**
-     * CORS configuration for the Access Application. See
-     * below for reference structure.
+     * CORS configuration for the Access Application. See below for reference structure.
      */
     corsHeaders?: pulumi.Input<pulumi.Input<inputs.AccessApplicationCorsHeader>[]>;
     /**
@@ -279,12 +260,12 @@ export interface AccessApplicationArgs {
      */
     customDenyUrl?: pulumi.Input<string>;
     /**
-     * The complete URL of the asset you wish to put
-     * Cloudflare Access in front of. Can include subdomains or paths. Or both.
+     * The complete URL of the asset you wish to put Cloudflare Access in front of. Can include subdomains or paths. Or both.
      */
     domain: pulumi.Input<string>;
     /**
-     * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
+     * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an
+     * additional "binding" cookie on requests.
      */
     enableBindingCookie?: pulumi.Input<boolean>;
     /**
@@ -292,8 +273,7 @@ export interface AccessApplicationArgs {
      */
     httpOnlyCookieAttribute?: pulumi.Input<boolean>;
     /**
-     * Image URL for the logo shown in the app launcher
-     * dashboard.
+     * Image URL for the logo shown in the app launcher dashboard.
      */
     logoUrl?: pulumi.Input<string>;
     /**
@@ -301,33 +281,27 @@ export interface AccessApplicationArgs {
      */
     name: pulumi.Input<string>;
     /**
-     * Defines the same-site cookie setting
-     * for access tokens. Valid values are `none`, `lax`, and `strict`.
+     * Defines the same-site cookie setting for access tokens. Available values: `none`, `lax`, `strict`
      */
     sameSiteCookieAttribute?: pulumi.Input<string>;
     /**
-     * Option to return a 401 status code in
-     * service authentication rules on failed requests.
+     * Option to return a 401 status code in service authentication rules on failed requests.
      */
     serviceAuth401Redirect?: pulumi.Input<boolean>;
     /**
-     * How often a user will be forced to
-     * re-authorise. Must be in the format `"48h"` or `"2h45m"`.
-     * Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. Defaults to `24h`.
+     * How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`
      */
     sessionDuration?: pulumi.Input<string>;
     /**
-     * Option to skip the authorization interstitial
-     * when using the CLI.
+     * Option to skip the authorization interstitial when using the CLI.
      */
     skipInterstitial?: pulumi.Input<boolean>;
     /**
-     * The application type. Defaults to `selfHosted`. Valid
-     * values are `selfHosted`, `ssh`, `vnc`, `file` or `bookmark`.
+     * The application type. Available values: `self_hosted`, `ssh`, `vnc`, `file`
      */
     type?: pulumi.Input<string>;
     /**
-     * The DNS zone to which the access application should be added. Conflicts with `accountId`.
+     * The zone identifier to target for the resource.
      */
     zoneId?: pulumi.Input<string>;
 }

package/accessApplication.js

@@ -6,10 +6,16 @@ exports.AccessApplication = void 0;
 const pulumi = require("@pulumi/pulumi");
 const utilities = require("./utilities");
 /**
- * Provides a Cloudflare Access Application resource. Access Applications
- * are used to restrict access to a whole application using an
+ * Provides a Cloudflare Access Application resource. Access
+ * Applications are used to restrict access to a whole application using an
  * authorisation gateway managed by Cloudflare.
  *
+ * > It's required that an `accountId` or `zoneId` is provided and in
+ * most cases using either is fine. However, if you're using a scoped
+ * access token, you must provide the argument that matches the token's
+ * scope. For example, an access token that is scoped to the "example.com"
+ * zone needs to use the `zoneId` argument.
+ *
  * ## Example Usage
  *
  * ```typescript
@@ -38,10 +44,8 @@ const utilities = require("./utilities");
  *
  * ## Import
  *
- * Access Applications can be imported using a composite ID formed of account ID and application ID.
- *
  * ```sh
- *  $ pulumi import cloudflare:index/accessApplication:AccessApplication staging cb029e245cfdd66dc8d2e570d5dd3322/d41d8cd98f00b204e9800998ecf8427e
+ *  $ pulumi import cloudflare:index/accessApplication:AccessApplication example <account_id>/<application_id>
  * ```
  */
 class AccessApplication extends pulumi.CustomResource {

package/accessApplication.js.map

@@ -1 +1 @@
-{"version":3,"file":"accessApplication.js","sourceRoot":"","sources":["../accessApplication.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AACH,MAAa,iBAAkB,SAAQ,MAAM,CAAC,cAAc;IA4HxD,YAAY,IAAY,EAAE,WAA4D,EAAE,IAAmC;QACvH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAiD,CAAC;YAChE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,qBAAqB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;aAAM;YACH,MAAM,IAAI,GAAG,WAAgD,CAAC;YAC9D,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACzD;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,qBAAqB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC7C;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,iBAAiB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACtE,CAAC;IAjLD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA8B,EAAE,IAAmC;QAC5H,OAAO,IAAI,iBAAiB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACxE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,iBAAiB,CAAC,YAAY,CAAC;IAClE,CAAC;;AA1BL,8CAmLC;AArKG,gBAAgB;AACO,8BAAY,GAAG,sDAAsD,CAAC"}
+{"version":3,"file":"accessApplication.js","sourceRoot":"","sources":["../accessApplication.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AACH,MAAa,iBAAkB,SAAQ,MAAM,CAAC,cAAc;IAkHxD,YAAY,IAAY,EAAE,WAA4D,EAAE,IAAmC;QACvH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAiD,CAAC;YAChE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,qBAAqB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;aAAM;YACH,MAAM,IAAI,GAAG,WAAgD,CAAC;YAC9D,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACzD;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,qBAAqB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC7C;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,iBAAiB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACtE,CAAC;IAvKD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA8B,EAAE,IAAmC;QAC5H,OAAO,IAAI,iBAAiB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACxE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,iBAAiB,CAAC,YAAY,CAAC;IAClE,CAAC;;AA1BL,8CAyKC;AA3JG,gBAAgB;AACO,8BAAY,GAAG,sDAAsD,CAAC"}

package/accessBookmark.d.ts

@@ -1,8 +1,12 @@
 import * as pulumi from "@pulumi/pulumi";
 /**
- * Provides a Cloudflare Access Bookmark resource. Access Bookmark
- * applications are not protected behind Access but are displayed in the App
- * Launcher.
+ * Provides a Cloudflare Access Bookmark resource. Access Bookmark applications are not protected behind Access but are displayed in the App Launcher.
+ *
+ * > It's required that an `accountId` or `zoneId` is provided and in
+ * most cases using either is fine. However, if you're using a scoped
+ * access token, you must provide the argument that matches the token's
+ * scope. For example, an access token that is scoped to the "example.com"
+ * zone needs to use the `zoneId` argument.
  *
  * ## Example Usage
  *
@@ -14,17 +18,15 @@ import * as pulumi from "@pulumi/pulumi";
  *     accountId: "1d5fdc9e88c8a8c4518b068cd94331fe",
  *     appLauncherVisible: true,
  *     domain: "example.com",
- *     logoUrl: "https://path-to-logo.com/example.png",
+ *     logoUrl: "https://example.com/example.png",
  *     name: "My Bookmark App",
  * });
  * ```
  *
  * ## Import
  *
- * Access Bookmarks can be imported using a composite ID formed of account ID and bookmark ID.
- *
  * ```sh
- *  $ pulumi import cloudflare:index/accessBookmark:AccessBookmark my_bookmark cb029e245cfdd66dc8d2e570d5dd3322/d41d8cd98f00b204e9800998ecf8427e
+ *  $ pulumi import cloudflare:index/accessBookmark:AccessBookmark example <account_id>/<bookmark_id>
  * ```
  */
 export declare class AccessBookmark extends pulumi.CustomResource {
@@ -44,11 +46,11 @@ export declare class AccessBookmark extends pulumi.CustomResource {
      */
     static isInstance(obj: any): obj is AccessBookmark;
     /**
-     * The account to which the Access bookmark application should be added. Conflicts with `zoneId`.
+     * The account identifier to target for the resource.
      */
     readonly accountId: pulumi.Output<string>;
     /**
-     * Option to show/hide the bookmark in the app launcher. Defaults to `true`.
+     * Option to show/hide the bookmark in the app launcher.
      */
     readonly appLauncherVisible: pulumi.Output<boolean | undefined>;
     /**
@@ -56,8 +58,7 @@ export declare class AccessBookmark extends pulumi.CustomResource {
      */
     readonly domain: pulumi.Output<string>;
     /**
-     * The image URL for the logo shown in the app
-     * launcher dashboard.
+     * The image URL for the logo shown in the app launcher dashboard.
      */
     readonly logoUrl: pulumi.Output<string | undefined>;
     /**
@@ -65,7 +66,7 @@ export declare class AccessBookmark extends pulumi.CustomResource {
      */
     readonly name: pulumi.Output<string>;
     /**
-     * The DNS zone to which the Access bookmark application should be added. Conflicts with `accountId`.
+     * The zone identifier to target for the resource.
      */
     readonly zoneId: pulumi.Output<string>;
     /**
@@ -82,11 +83,11 @@ export declare class AccessBookmark extends pulumi.CustomResource {
  */
 export interface AccessBookmarkState {
     /**
-     * The account to which the Access bookmark application should be added. Conflicts with `zoneId`.
+     * The account identifier to target for the resource.
      */
     accountId?: pulumi.Input<string>;
     /**
-     * Option to show/hide the bookmark in the app launcher. Defaults to `true`.
+     * Option to show/hide the bookmark in the app launcher.
      */
     appLauncherVisible?: pulumi.Input<boolean>;
     /**
@@ -94,8 +95,7 @@ export interface AccessBookmarkState {
      */
     domain?: pulumi.Input<string>;
     /**
-     * The image URL for the logo shown in the app
-     * launcher dashboard.
+     * The image URL for the logo shown in the app launcher dashboard.
      */
     logoUrl?: pulumi.Input<string>;
     /**
@@ -103,7 +103,7 @@ export interface AccessBookmarkState {
      */
     name?: pulumi.Input<string>;
     /**
-     * The DNS zone to which the Access bookmark application should be added. Conflicts with `accountId`.
+     * The zone identifier to target for the resource.
      */
     zoneId?: pulumi.Input<string>;
 }
@@ -112,11 +112,11 @@ export interface AccessBookmarkState {
  */
 export interface AccessBookmarkArgs {
     /**
-     * The account to which the Access bookmark application should be added. Conflicts with `zoneId`.
+     * The account identifier to target for the resource.
      */
     accountId?: pulumi.Input<string>;
     /**
-     * Option to show/hide the bookmark in the app launcher. Defaults to `true`.
+     * Option to show/hide the bookmark in the app launcher.
      */
     appLauncherVisible?: pulumi.Input<boolean>;
     /**
@@ -124,8 +124,7 @@ export interface AccessBookmarkArgs {
      */
     domain: pulumi.Input<string>;
     /**
-     * The image URL for the logo shown in the app
-     * launcher dashboard.
+     * The image URL for the logo shown in the app launcher dashboard.
      */
     logoUrl?: pulumi.Input<string>;
     /**
@@ -133,7 +132,7 @@ export interface AccessBookmarkArgs {
      */
     name: pulumi.Input<string>;
     /**
-     * The DNS zone to which the Access bookmark application should be added. Conflicts with `accountId`.
+     * The zone identifier to target for the resource.
      */
     zoneId?: pulumi.Input<string>;
 }

package/accessBookmark.js

@@ -6,9 +6,13 @@ exports.AccessBookmark = void 0;
 const pulumi = require("@pulumi/pulumi");
 const utilities = require("./utilities");
 /**
- * Provides a Cloudflare Access Bookmark resource. Access Bookmark
- * applications are not protected behind Access but are displayed in the App
- * Launcher.
+ * Provides a Cloudflare Access Bookmark resource. Access Bookmark applications are not protected behind Access but are displayed in the App Launcher.
+ *
+ * > It's required that an `accountId` or `zoneId` is provided and in
+ * most cases using either is fine. However, if you're using a scoped
+ * access token, you must provide the argument that matches the token's
+ * scope. For example, an access token that is scoped to the "example.com"
+ * zone needs to use the `zoneId` argument.
  *
  * ## Example Usage
  *
@@ -20,17 +24,15 @@ const utilities = require("./utilities");
  *     accountId: "1d5fdc9e88c8a8c4518b068cd94331fe",
  *     appLauncherVisible: true,
  *     domain: "example.com",
- *     logoUrl: "https://path-to-logo.com/example.png",
+ *     logoUrl: "https://example.com/example.png",
  *     name: "My Bookmark App",
  * });
  * ```
  *
  * ## Import
  *
- * Access Bookmarks can be imported using a composite ID formed of account ID and bookmark ID.
- *
  * ```sh
- *  $ pulumi import cloudflare:index/accessBookmark:AccessBookmark my_bookmark cb029e245cfdd66dc8d2e570d5dd3322/d41d8cd98f00b204e9800998ecf8427e
+ *  $ pulumi import cloudflare:index/accessBookmark:AccessBookmark example <account_id>/<bookmark_id>
  * ```
  */
 class AccessBookmark extends pulumi.CustomResource {

package/accessBookmark.js.map

@@ -1 +1 @@
-{"version":3,"file":"accessBookmark.js","sourceRoot":"","sources":["../accessBookmark.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAa,cAAe,SAAQ,MAAM,CAAC,cAAc;IA8DrD,YAAY,IAAY,EAAE,WAAsD,EAAE,IAAmC;QACjH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA8C,CAAC;YAC7D,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;aAAM;YACH,MAAM,IAAI,GAAG,WAA6C,CAAC;YAC3D,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACzD;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,cAAc,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACnE,CAAC;IAzFD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA2B,EAAE,IAAmC;QACzH,OAAO,IAAI,cAAc,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACrE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,cAAc,CAAC,YAAY,CAAC;IAC/D,CAAC;;AA1BL,wCA2FC;AA7EG,gBAAgB;AACO,2BAAY,GAAG,gDAAgD,CAAC"}
+{"version":3,"file":"accessBookmark.js","sourceRoot":"","sources":["../accessBookmark.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,MAAa,cAAe,SAAQ,MAAM,CAAC,cAAc;IA6DrD,YAAY,IAAY,EAAE,WAAsD,EAAE,IAAmC;QACjH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA8C,CAAC;YAC7D,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;aAAM;YACH,MAAM,IAAI,GAAG,WAA6C,CAAC;YAC3D,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;aACzD;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,cAAc,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACnE,CAAC;IAxFD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA2B,EAAE,IAAmC;QACzH,OAAO,IAAI,cAAc,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACrE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,cAAc,CAAC,YAAY,CAAC;IAC/D,CAAC;;AA1BL,wCA0FC;AA5EG,gBAAgB;AACO,2BAAY,GAAG,gDAAgD,CAAC"}

package/accessCaCertificate.d.ts

@@ -1,8 +1,12 @@
 import * as pulumi from "@pulumi/pulumi";
 /**
- * Cloudflare Access can replace traditional SSH key models with short-lived
- * certificates issued to your users based on the token generated by their Access
- * login.
+ * Cloudflare Access can replace traditional SSH key models with short-lived certificates issued to your users based on the token generated by their Access login.
+ *
+ * > It's required that an `accountId` or `zoneId` is provided and in
+ * most cases using either is fine. However, if you're using a scoped
+ * access token, you must provide the argument that matches the token's
+ * scope. For example, an access token that is scoped to the "example.com"
+ * zone needs to use the `zoneId` argument.
  *
  * ## Example Usage
  *
@@ -24,10 +28,16 @@ import * as pulumi from "@pulumi/pulumi";
  *
  * ## Import
  *
- * Access CA certificates can be imported using a composite ID formed of identifer ("account" or "zone"), identifier ID and the CA certificate ID.
+ * # Account level CA certificate import.
+ *
+ * ```sh
+ *  $ pulumi import cloudflare:index/accessCaCertificate:AccessCaCertificate example account/<account_id>/<certificate_id>
+ * ```
+ *
+ * # Zone level CA certificate import.
  *
  * ```sh
- *  $ pulumi import cloudflare:index/accessCaCertificate:AccessCaCertificate example account/1d5fdc9e88c8a8c4518b068cd94331fe/edc1e4e24567217764b4322669c44df985dddffdf03ac781
+ *  $ pulumi import cloudflare:index/accessCaCertificate:AccessCaCertificate example account/<zone_id>/<certificate_id>
  * ```
  */
 export declare class AccessCaCertificate extends pulumi.CustomResource {
@@ -47,7 +57,7 @@ export declare class AccessCaCertificate extends pulumi.CustomResource {
      */
     static isInstance(obj: any): obj is AccessCaCertificate;
     /**
-     * The account to which the Access CA certificate should be added. Conflicts with `zoneId`.
+     * The account identifier to target for the resource.
      */
     readonly accountId: pulumi.Output<string>;
     /**
@@ -63,7 +73,7 @@ export declare class AccessCaCertificate extends pulumi.CustomResource {
      */
     readonly publicKey: pulumi.Output<string>;
     /**
-     * The DNS zone to which the Access CA certificate should be added. Conflicts with `accountId`.
+     * The zone identifier to target for the resource.
      */
     readonly zoneId: pulumi.Output<string>;
     /**
@@ -80,7 +90,7 @@ export declare class AccessCaCertificate extends pulumi.CustomResource {
  */
 export interface AccessCaCertificateState {
     /**
-     * The account to which the Access CA certificate should be added. Conflicts with `zoneId`.
+     * The account identifier to target for the resource.
      */
     accountId?: pulumi.Input<string>;
     /**
@@ -96,7 +106,7 @@ export interface AccessCaCertificateState {
      */
     publicKey?: pulumi.Input<string>;
     /**
-     * The DNS zone to which the Access CA certificate should be added. Conflicts with `accountId`.
+     * The zone identifier to target for the resource.
      */
     zoneId?: pulumi.Input<string>;
 }
@@ -105,7 +115,7 @@ export interface AccessCaCertificateState {
  */
 export interface AccessCaCertificateArgs {
     /**
-     * The account to which the Access CA certificate should be added. Conflicts with `zoneId`.
+     * The account identifier to target for the resource.
      */
     accountId?: pulumi.Input<string>;
     /**
@@ -113,7 +123,7 @@ export interface AccessCaCertificateArgs {
      */
     applicationId: pulumi.Input<string>;
     /**
-     * The DNS zone to which the Access CA certificate should be added. Conflicts with `accountId`.
+     * The zone identifier to target for the resource.
      */
     zoneId?: pulumi.Input<string>;
 }