@pulumi/cloudflare 4.7.0 → 4.8.0

package/accessCaCertificate.js

@@ -6,9 +6,13 @@ exports.AccessCaCertificate = void 0;
 const pulumi = require("@pulumi/pulumi");
 const utilities = require("./utilities");
 /**
- * Cloudflare Access can replace traditional SSH key models with short-lived
- * certificates issued to your users based on the token generated by their Access
- * login.
+ * Cloudflare Access can replace traditional SSH key models with short-lived certificates issued to your users based on the token generated by their Access login.
+ *
+ * > It's required that an `accountId` or `zoneId` is provided and in
+ * most cases using either is fine. However, if you're using a scoped
+ * access token, you must provide the argument that matches the token's
+ * scope. For example, an access token that is scoped to the "example.com"
+ * zone needs to use the `zoneId` argument.
  *
  * ## Example Usage
  *
@@ -30,10 +34,16 @@ const utilities = require("./utilities");
  *
  * ## Import
  *
- * Access CA certificates can be imported using a composite ID formed of identifer ("account" or "zone"), identifier ID and the CA certificate ID.
+ * # Account level CA certificate import.
+ *
+ * ```sh
+ *  $ pulumi import cloudflare:index/accessCaCertificate:AccessCaCertificate example account/<account_id>/<certificate_id>
+ * ```
+ *
+ * # Zone level CA certificate import.
  *
  * ```sh
- *  $ pulumi import cloudflare:index/accessCaCertificate:AccessCaCertificate example account/1d5fdc9e88c8a8c4518b068cd94331fe/edc1e4e24567217764b4322669c44df985dddffdf03ac781
+ *  $ pulumi import cloudflare:index/accessCaCertificate:AccessCaCertificate example account/<zone_id>/<certificate_id>
  * ```
  */
 class AccessCaCertificate extends pulumi.CustomResource {

package/accessCaCertificate.js.map

@@ -1 +1 @@
-{"version":3,"file":"accessCaCertificate.js","sourceRoot":"","sources":["../accessCaCertificate.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,MAAa,mBAAoB,SAAQ,MAAM,CAAC,cAAc;IAyD1D,YAAY,IAAY,EAAE,WAAgE,EAAE,IAAmC;QAC3H,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAmD,CAAC;YAClE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;aAAM;YACH,MAAM,IAAI,GAAG,WAAkD,CAAC;YAChE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,aAAa,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC1D,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;aAChE;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC1C,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACnD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,mBAAmB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACxE,CAAC;IA/ED;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAgC,EAAE,IAAmC;QAC9H,OAAO,IAAI,mBAAmB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC1E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,mBAAmB,CAAC,YAAY,CAAC;IACpE,CAAC;;AA1BL,kDAiFC;AAnEG,gBAAgB;AACO,gCAAY,GAAG,0DAA0D,CAAC"}
+{"version":3,"file":"accessCaCertificate.js","sourceRoot":"","sources":["../accessCaCertificate.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AACH,MAAa,mBAAoB,SAAQ,MAAM,CAAC,cAAc;IAyD1D,YAAY,IAAY,EAAE,WAAgE,EAAE,IAAmC;QAC3H,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAmD,CAAC;YAClE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;aAAM;YACH,MAAM,IAAI,GAAG,WAAkD,CAAC;YAChE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,aAAa,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC1D,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;aAChE;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC1C,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACnD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,mBAAmB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACxE,CAAC;IA/ED;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAgC,EAAE,IAAmC;QAC9H,OAAO,IAAI,mBAAmB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC1E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,mBAAmB,CAAC,YAAY,CAAC;IACpE,CAAC;;AA1BL,kDAiFC;AAnEG,gBAAgB;AACO,gCAAY,GAAG,0DAA0D,CAAC"}

package/accessGroup.d.ts

@@ -1,9 +1,13 @@
 import * as pulumi from "@pulumi/pulumi";
 import { input as inputs, output as outputs } from "./types";
 /**
- * Provides a Cloudflare Access Group resource. Access Groups are used
- * in conjunction with Access Policies to restrict access to a
- * particular resource based on group membership.
+ * Provides a Cloudflare Access Group resource. Access Groups are used in conjunction with Access Policies to restrict access to a particular resource based on group membership.
+ *
+ * > It's required that an `accountId` or `zoneId` is provided and in
+ * most cases using either is fine. However, if you're using a scoped
+ * access token, you must provide the argument that matches the token's
+ * scope. For example, an access token that is scoped to the "example.com"
+ * zone needs to use the `zoneId` argument.
  *
  * ## Example Usage
  *
@@ -32,49 +36,12 @@ import { input as inputs, output as outputs } from "./types";
  *     },
  * });
  * ```
- * ## Conditions
- *
- * `require`, `exclude` and `include` arguments share the available
- * conditions which can be applied. The conditions are:
- *
- * * `ip` - (Optional) A list of IP addresses or ranges. Example:
- * `ip = ["1.2.3.4", "10.0.0.0/2"]`
- * * `email` - (Optional) A list of email addresses. Example:
- * `email = ["test@example.com"]`
- * * `emailDomain` - (Optional) A list of email domains. Example:
- * `emailDomain = ["example.com"]`
- * * `serviceToken` - (Optional) A list of service token ids. Example:
- * `serviceToken = [cloudflare_access_service_token.demo.id]`
- * * `anyValidServiceToken` - (Optional) Boolean indicating if allow
- * all tokens to be granted. Example: `anyValidServiceToken = true`
- * * `group` - (Optional) A list of access group ids. Example:
- * `group = [cloudflare_access_group.demo.id]`
- * * `everyone` - (Optional) Boolean indicating permitting access for all
- * requests. Example: `everyone = true`
- * * `certificate` - (Optional) Whether to use mTLS certificate authentication.
- * * `commonName` - (Optional) Use a certificate common name to authenticate with.
- * * `authMethod` - (Optional) A string identifying the authentication
- * method code. The list of codes are listed here: https://tools.ietf.org/html/rfc8176#section-2.
- * Custom values are also supported. Example: `authMethod = ["swk"]`
- * * `geo` - (Optional) A list of country codes. Example: `geo = ["US"]`
- * * `loginMethod` - (Optional) A list of identity provider ids. Example: `loginMethod = [cloudflare_access_identity_provider.my_idp.id]`
- * * `devicePosture` - (Optional) A list of devicePosture integration_uids. Example: `devicePosture = [cloudflare_device_posture_rule.my_posture_rule.id]`
- * * `gsuite` - (Optional) Use GSuite as the authentication mechanism. Example:
- * * `github` - (Optional) Use a GitHub organization as the `include` condition. Example:
- * * `azure` - (Optional) Use Azure AD as the `include` condition. Example:
- * * `okta` - (Optional) Use Okta as the `include` condition. Example:
- * * `saml` - (Optional) Use an external SAML setup as the `include` condition.
- * Example:
  *
  * ## Import
  *
- * Access Groups can be imported using a composite ID formed of account ID and group ID.
- *
  * ```sh
- *  $ pulumi import cloudflare:index/accessGroup:AccessGroup staging 975ecf5a45e3bcb680dba0722a420ad9/67ea780ce4982c1cfbe6b7293afc765d
+ *  $ pulumi import cloudflare:index/accessGroup:AccessGroup example <account_id>/<group_id>
  * ```
- *
- *  where * `975ecf5a45e3bcb680dba0722a420ad9` - Account ID * `67ea780ce4982c1cfbe6b7293afc765d` - Access Group ID
  */
 export declare class AccessGroup extends pulumi.CustomResource {
     /**
@@ -93,30 +60,15 @@ export declare class AccessGroup extends pulumi.CustomResource {
      */
     static isInstance(obj: any): obj is AccessGroup;
     /**
-     * The ID of the account the group is associated with. Conflicts with `zoneId`.
+     * The account identifier to target for the resource.
      */
     readonly accountId: pulumi.Output<string | undefined>;
-    /**
-     * A series of access conditions, see below for
-     * full list.
-     */
     readonly excludes: pulumi.Output<outputs.AccessGroupExclude[] | undefined>;
-    /**
-     * A series of access conditions, see below for
-     * full list.
-     */
     readonly includes: pulumi.Output<outputs.AccessGroupInclude[]>;
-    /**
-     * Friendly name of the Access Group.
-     */
     readonly name: pulumi.Output<string>;
-    /**
-     * A series of access conditions, see below for
-     * full list.
-     */
     readonly requires: pulumi.Output<outputs.AccessGroupRequire[] | undefined>;
     /**
-     * The ID of the zone the group is associated with. Conflicts with `accountId`.
+     * The zone identifier to target for the resource.
      */
     readonly zoneId: pulumi.Output<string>;
     /**
@@ -133,30 +85,15 @@ export declare class AccessGroup extends pulumi.CustomResource {
  */
 export interface AccessGroupState {
     /**
-     * The ID of the account the group is associated with. Conflicts with `zoneId`.
+     * The account identifier to target for the resource.
      */
     accountId?: pulumi.Input<string>;
-    /**
-     * A series of access conditions, see below for
-     * full list.
-     */
     excludes?: pulumi.Input<pulumi.Input<inputs.AccessGroupExclude>[]>;
-    /**
-     * A series of access conditions, see below for
-     * full list.
-     */
     includes?: pulumi.Input<pulumi.Input<inputs.AccessGroupInclude>[]>;
-    /**
-     * Friendly name of the Access Group.
-     */
     name?: pulumi.Input<string>;
-    /**
-     * A series of access conditions, see below for
-     * full list.
-     */
     requires?: pulumi.Input<pulumi.Input<inputs.AccessGroupRequire>[]>;
     /**
-     * The ID of the zone the group is associated with. Conflicts with `accountId`.
+     * The zone identifier to target for the resource.
      */
     zoneId?: pulumi.Input<string>;
 }
@@ -165,30 +102,15 @@ export interface AccessGroupState {
  */
 export interface AccessGroupArgs {
     /**
-     * The ID of the account the group is associated with. Conflicts with `zoneId`.
+     * The account identifier to target for the resource.
      */
     accountId?: pulumi.Input<string>;
-    /**
-     * A series of access conditions, see below for
-     * full list.
-     */
     excludes?: pulumi.Input<pulumi.Input<inputs.AccessGroupExclude>[]>;
-    /**
-     * A series of access conditions, see below for
-     * full list.
-     */
     includes: pulumi.Input<pulumi.Input<inputs.AccessGroupInclude>[]>;
-    /**
-     * Friendly name of the Access Group.
-     */
     name: pulumi.Input<string>;
-    /**
-     * A series of access conditions, see below for
-     * full list.
-     */
     requires?: pulumi.Input<pulumi.Input<inputs.AccessGroupRequire>[]>;
     /**
-     * The ID of the zone the group is associated with. Conflicts with `accountId`.
+     * The zone identifier to target for the resource.
      */
     zoneId?: pulumi.Input<string>;
 }

package/accessGroup.js

@@ -6,9 +6,13 @@ exports.AccessGroup = void 0;
 const pulumi = require("@pulumi/pulumi");
 const utilities = require("./utilities");
 /**
- * Provides a Cloudflare Access Group resource. Access Groups are used
- * in conjunction with Access Policies to restrict access to a
- * particular resource based on group membership.
+ * Provides a Cloudflare Access Group resource. Access Groups are used in conjunction with Access Policies to restrict access to a particular resource based on group membership.
+ *
+ * > It's required that an `accountId` or `zoneId` is provided and in
+ * most cases using either is fine. However, if you're using a scoped
+ * access token, you must provide the argument that matches the token's
+ * scope. For example, an access token that is scoped to the "example.com"
+ * zone needs to use the `zoneId` argument.
  *
  * ## Example Usage
  *
@@ -37,49 +41,12 @@ const utilities = require("./utilities");
  *     },
  * });
  * ```
- * ## Conditions
- *
- * `require`, `exclude` and `include` arguments share the available
- * conditions which can be applied. The conditions are:
- *
- * * `ip` - (Optional) A list of IP addresses or ranges. Example:
- * `ip = ["1.2.3.4", "10.0.0.0/2"]`
- * * `email` - (Optional) A list of email addresses. Example:
- * `email = ["test@example.com"]`
- * * `emailDomain` - (Optional) A list of email domains. Example:
- * `emailDomain = ["example.com"]`
- * * `serviceToken` - (Optional) A list of service token ids. Example:
- * `serviceToken = [cloudflare_access_service_token.demo.id]`
- * * `anyValidServiceToken` - (Optional) Boolean indicating if allow
- * all tokens to be granted. Example: `anyValidServiceToken = true`
- * * `group` - (Optional) A list of access group ids. Example:
- * `group = [cloudflare_access_group.demo.id]`
- * * `everyone` - (Optional) Boolean indicating permitting access for all
- * requests. Example: `everyone = true`
- * * `certificate` - (Optional) Whether to use mTLS certificate authentication.
- * * `commonName` - (Optional) Use a certificate common name to authenticate with.
- * * `authMethod` - (Optional) A string identifying the authentication
- * method code. The list of codes are listed here: https://tools.ietf.org/html/rfc8176#section-2.
- * Custom values are also supported. Example: `authMethod = ["swk"]`
- * * `geo` - (Optional) A list of country codes. Example: `geo = ["US"]`
- * * `loginMethod` - (Optional) A list of identity provider ids. Example: `loginMethod = [cloudflare_access_identity_provider.my_idp.id]`
- * * `devicePosture` - (Optional) A list of devicePosture integration_uids. Example: `devicePosture = [cloudflare_device_posture_rule.my_posture_rule.id]`
- * * `gsuite` - (Optional) Use GSuite as the authentication mechanism. Example:
- * * `github` - (Optional) Use a GitHub organization as the `include` condition. Example:
- * * `azure` - (Optional) Use Azure AD as the `include` condition. Example:
- * * `okta` - (Optional) Use Okta as the `include` condition. Example:
- * * `saml` - (Optional) Use an external SAML setup as the `include` condition.
- * Example:
  *
  * ## Import
  *
- * Access Groups can be imported using a composite ID formed of account ID and group ID.
- *
  * ```sh
- *  $ pulumi import cloudflare:index/accessGroup:AccessGroup staging 975ecf5a45e3bcb680dba0722a420ad9/67ea780ce4982c1cfbe6b7293afc765d
+ *  $ pulumi import cloudflare:index/accessGroup:AccessGroup example <account_id>/<group_id>
  * ```
- *
- *  where * `975ecf5a45e3bcb680dba0722a420ad9` - Account ID * `67ea780ce4982c1cfbe6b7293afc765d` - Access Group ID
  */
 class AccessGroup extends pulumi.CustomResource {
     constructor(name, argsOrState, opts) {

package/accessGroup.js.map

@@ -1 +1 @@
-{"version":3,"file":"accessGroup.js","sourceRoot":"","sources":["../accessGroup.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2EG;AACH,MAAa,WAAY,SAAQ,MAAM,CAAC,cAAc;IAgElD,YAAY,IAAY,EAAE,WAAgD,EAAE,IAAmC;QAC3G,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA2C,CAAC;YAC1D,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;aAAM;YACH,MAAM,IAAI,GAAG,WAA0C,CAAC;YACxD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACrD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAChE,CAAC;IA3FD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAwB,EAAE,IAAmC;QACtH,OAAO,IAAI,WAAW,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAClE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,WAAW,CAAC,YAAY,CAAC;IAC5D,CAAC;;AA1BL,kCA6FC;AA/EG,gBAAgB;AACO,wBAAY,GAAG,0CAA0C,CAAC"}
+{"version":3,"file":"accessGroup.js","sourceRoot":"","sources":["../accessGroup.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AACH,MAAa,WAAY,SAAQ,MAAM,CAAC,cAAc;IAiDlD,YAAY,IAAY,EAAE,WAAgD,EAAE,IAAmC;QAC3G,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA2C,CAAC;YAC1D,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;aAAM;YACH,MAAM,IAAI,GAAG,WAA0C,CAAC;YACxD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACrD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAChE,CAAC;IA5ED;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAwB,EAAE,IAAmC;QACtH,OAAO,IAAI,WAAW,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAClE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,WAAW,CAAC,YAAY,CAAC;IAC5D,CAAC;;AA1BL,kCA8EC;AAhEG,gBAAgB;AACO,wBAAY,GAAG,0CAA0C,CAAC"}

package/accessIdentityProvider.d.ts

@@ -1,8 +1,13 @@
 import * as pulumi from "@pulumi/pulumi";
 import { input as inputs, output as outputs } from "./types";
 /**
- * Provides a Cloudflare Access Identity Provider resource. Identity Providers are
- * used as an authentication or authorisation source within Access.
+ * Provides a Cloudflare Access Identity Provider resource. Identity Providers are used as an authentication or authorisation source within Access.
+ *
+ * > It's required that an `accountId` or `zoneId` is provided and in
+ * most cases using either is fine. However, if you're using a scoped
+ * access token, you must provide the argument that matches the token's
+ * scope. For example, an access token that is scoped to the "example.com"
+ * zone needs to use the `zoneId` argument.
  *
  * ## Example Usage
  *
@@ -56,18 +61,11 @@ import { input as inputs, output as outputs } from "./types";
  * });
  * ```
  *
- * Please refer to the [developers.cloudflare.com Access documentation][accessIdentityProviderGuide]
- * for full reference on what is available and how to configure your provider.
- *
  * ## Import
  *
- * Access Identity Providers can be imported using a composite ID formed of account ID and Access Identity Provider ID.
- *
  * ```sh
- *  $ pulumi import cloudflare:index/accessIdentityProvider:AccessIdentityProvider my_idp cb029e245cfdd66dc8d2e570d5dd3322/e00e1c13-e350-44fe-96c5-fb75c954871c
+ *  $ pulumi import cloudflare:index/accessIdentityProvider:AccessIdentityProvider example <account_id>/<identity_provider_id>
  * ```
- *
- *  [access_identity_provider_guide]https://developers.cloudflare.com/access/configuring-identity-providers/
  */
 export declare class AccessIdentityProvider extends pulumi.CustomResource {
     /**
@@ -86,11 +84,12 @@ export declare class AccessIdentityProvider extends pulumi.CustomResource {
      */
     static isInstance(obj: any): obj is AccessIdentityProvider;
     /**
-     * The account ID the provider should be associated with. Conflicts with `zoneId`.
+     * The account identifier to target for the resource.
      */
     readonly accountId: pulumi.Output<string | undefined>;
     /**
-     * Provider configuration from the [developer documentation][accessIdentityProviderGuide].
+     * Provider configuration from the [developer
+     * documentation](https://developers.cloudflare.com/access/configuring-identity-providers/).
      */
     readonly configs: pulumi.Output<outputs.AccessIdentityProviderConfig[] | undefined>;
     /**
@@ -98,13 +97,12 @@ export declare class AccessIdentityProvider extends pulumi.CustomResource {
      */
     readonly name: pulumi.Output<string>;
     /**
-     * The provider type to use. Must be one of: `"centrify"`,
-     * `"facebook"`, `"google-apps"`, `"oidc"`, `"github"`, `"google"`, `"saml"`,
-     * `"linkedin"`, `"azureAD"`, `"okta"`, `"onetimepin"`, `"onelogin"`, `"yandex"`.
+     * The provider type to use. Available values: `centrify`, `facebook`, `google-apps`, `oidc`, `github`, `google`, `saml`,
+     * `linkedin`, `azureAD`, `okta`, `onetimepin`, `onelogin`, `yandex`
      */
     readonly type: pulumi.Output<string>;
     /**
-     * The zone ID the provider should be associated with. Conflicts with `accountId`.
+     * The zone identifier to target for the resource.
      */
     readonly zoneId: pulumi.Output<string | undefined>;
     /**
@@ -121,11 +119,12 @@ export declare class AccessIdentityProvider extends pulumi.CustomResource {
  */
 export interface AccessIdentityProviderState {
     /**
-     * The account ID the provider should be associated with. Conflicts with `zoneId`.
+     * The account identifier to target for the resource.
      */
     accountId?: pulumi.Input<string>;
     /**
-     * Provider configuration from the [developer documentation][accessIdentityProviderGuide].
+     * Provider configuration from the [developer
+     * documentation](https://developers.cloudflare.com/access/configuring-identity-providers/).
      */
     configs?: pulumi.Input<pulumi.Input<inputs.AccessIdentityProviderConfig>[]>;
     /**
@@ -133,13 +132,12 @@ export interface AccessIdentityProviderState {
      */
     name?: pulumi.Input<string>;
     /**
-     * The provider type to use. Must be one of: `"centrify"`,
-     * `"facebook"`, `"google-apps"`, `"oidc"`, `"github"`, `"google"`, `"saml"`,
-     * `"linkedin"`, `"azureAD"`, `"okta"`, `"onetimepin"`, `"onelogin"`, `"yandex"`.
+     * The provider type to use. Available values: `centrify`, `facebook`, `google-apps`, `oidc`, `github`, `google`, `saml`,
+     * `linkedin`, `azureAD`, `okta`, `onetimepin`, `onelogin`, `yandex`
      */
     type?: pulumi.Input<string>;
     /**
-     * The zone ID the provider should be associated with. Conflicts with `accountId`.
+     * The zone identifier to target for the resource.
      */
     zoneId?: pulumi.Input<string>;
 }
@@ -148,11 +146,12 @@ export interface AccessIdentityProviderState {
  */
 export interface AccessIdentityProviderArgs {
     /**
-     * The account ID the provider should be associated with. Conflicts with `zoneId`.
+     * The account identifier to target for the resource.
      */
     accountId?: pulumi.Input<string>;
     /**
-     * Provider configuration from the [developer documentation][accessIdentityProviderGuide].
+     * Provider configuration from the [developer
+     * documentation](https://developers.cloudflare.com/access/configuring-identity-providers/).
      */
     configs?: pulumi.Input<pulumi.Input<inputs.AccessIdentityProviderConfig>[]>;
     /**
@@ -160,13 +159,12 @@ export interface AccessIdentityProviderArgs {
      */
     name: pulumi.Input<string>;
     /**
-     * The provider type to use. Must be one of: `"centrify"`,
-     * `"facebook"`, `"google-apps"`, `"oidc"`, `"github"`, `"google"`, `"saml"`,
-     * `"linkedin"`, `"azureAD"`, `"okta"`, `"onetimepin"`, `"onelogin"`, `"yandex"`.
+     * The provider type to use. Available values: `centrify`, `facebook`, `google-apps`, `oidc`, `github`, `google`, `saml`,
+     * `linkedin`, `azureAD`, `okta`, `onetimepin`, `onelogin`, `yandex`
      */
     type: pulumi.Input<string>;
     /**
-     * The zone ID the provider should be associated with. Conflicts with `accountId`.
+     * The zone identifier to target for the resource.
      */
     zoneId?: pulumi.Input<string>;
 }

package/accessIdentityProvider.js

@@ -6,8 +6,13 @@ exports.AccessIdentityProvider = void 0;
 const pulumi = require("@pulumi/pulumi");
 const utilities = require("./utilities");
 /**
- * Provides a Cloudflare Access Identity Provider resource. Identity Providers are
- * used as an authentication or authorisation source within Access.
+ * Provides a Cloudflare Access Identity Provider resource. Identity Providers are used as an authentication or authorisation source within Access.
+ *
+ * > It's required that an `accountId` or `zoneId` is provided and in
+ * most cases using either is fine. However, if you're using a scoped
+ * access token, you must provide the argument that matches the token's
+ * scope. For example, an access token that is scoped to the "example.com"
+ * zone needs to use the `zoneId` argument.
  *
  * ## Example Usage
  *
@@ -61,18 +66,11 @@ const utilities = require("./utilities");
  * });
  * ```
  *
- * Please refer to the [developers.cloudflare.com Access documentation][accessIdentityProviderGuide]
- * for full reference on what is available and how to configure your provider.
- *
  * ## Import
  *
- * Access Identity Providers can be imported using a composite ID formed of account ID and Access Identity Provider ID.
- *
  * ```sh
- *  $ pulumi import cloudflare:index/accessIdentityProvider:AccessIdentityProvider my_idp cb029e245cfdd66dc8d2e570d5dd3322/e00e1c13-e350-44fe-96c5-fb75c954871c
+ *  $ pulumi import cloudflare:index/accessIdentityProvider:AccessIdentityProvider example <account_id>/<identity_provider_id>
  * ```
- *
- *  [access_identity_provider_guide]https://developers.cloudflare.com/access/configuring-identity-providers/
  */
 class AccessIdentityProvider extends pulumi.CustomResource {
     constructor(name, argsOrState, opts) {

package/accessIdentityProvider.js.map

@@ -1 +1 @@
-{"version":3,"file":"accessIdentityProvider.js","sourceRoot":"","sources":["../accessIdentityProvider.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoEG;AACH,MAAa,sBAAuB,SAAQ,MAAM,CAAC,cAAc;IA2D7D,YAAY,IAAY,EAAE,WAAsE,EAAE,IAAmC;QACjI,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAsD,CAAC;YACrE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;aAAM;YACH,MAAM,IAAI,GAAG,WAAqD,CAAC;YACnE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,sBAAsB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC3E,CAAC;IApFD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAmC,EAAE,IAAmC;QACjI,OAAO,IAAI,sBAAsB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC7E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,sBAAsB,CAAC,YAAY,CAAC;IACvE,CAAC;;AA1BL,wDAsFC;AAxEG,gBAAgB;AACO,mCAAY,GAAG,gEAAgE,CAAC"}
+{"version":3,"file":"accessIdentityProvider.js","sourceRoot":"","sources":["../accessIdentityProvider.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkEG;AACH,MAAa,sBAAuB,SAAQ,MAAM,CAAC,cAAc;IA2D7D,YAAY,IAAY,EAAE,WAAsE,EAAE,IAAmC;QACjI,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAsD,CAAC;YACrE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;aAAM;YACH,MAAM,IAAI,GAAG,WAAqD,CAAC;YACnE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,sBAAsB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC3E,CAAC;IApFD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAmC,EAAE,IAAmC;QACjI,OAAO,IAAI,sBAAsB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC7E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,sBAAsB,CAAC,YAAY,CAAC;IACvE,CAAC;;AA1BL,wDAsFC;AAxEG,gBAAgB;AACO,mCAAY,GAAG,gEAAgE,CAAC"}

package/accessKeysConfiguration.d.ts

@@ -15,7 +15,13 @@ export declare class AccessKeysConfiguration extends pulumi.CustomResource {
      * when multiple copies of the Pulumi SDK have been loaded into the same process.
      */
     static isInstance(obj: any): obj is AccessKeysConfiguration;
+    /**
+     * The account identifier to target for the resource.
+     */
     readonly accountId: pulumi.Output<string>;
+    /**
+     * Number of days to trigger a rotation of the keys.
+     */
     readonly keyRotationIntervalDays: pulumi.Output<number>;
     /**
      * Create a AccessKeysConfiguration resource with the given unique name, arguments, and options.
@@ -30,13 +36,25 @@ export declare class AccessKeysConfiguration extends pulumi.CustomResource {
  * Input properties used for looking up and filtering AccessKeysConfiguration resources.
  */
 export interface AccessKeysConfigurationState {
+    /**
+     * The account identifier to target for the resource.
+     */
     accountId?: pulumi.Input<string>;
+    /**
+     * Number of days to trigger a rotation of the keys.
+     */
     keyRotationIntervalDays?: pulumi.Input<number>;
 }
 /**
  * The set of arguments for constructing a AccessKeysConfiguration resource.
  */
 export interface AccessKeysConfigurationArgs {
+    /**
+     * The account identifier to target for the resource.
+     */
     accountId: pulumi.Input<string>;
+    /**
+     * Number of days to trigger a rotation of the keys.
+     */
     keyRotationIntervalDays?: pulumi.Input<number>;
 }

package/accessKeysConfiguration.js.map

@@ -1 +1 @@
-{"version":3,"file":"accessKeysConfiguration.js","sourceRoot":"","sources":["../accessKeysConfiguration.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC,MAAa,uBAAwB,SAAQ,MAAM,CAAC,cAAc;IAuC9D,YAAY,IAAY,EAAE,WAAwE,EAAE,IAAmC;QACnI,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAuD,CAAC;YACtE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;SACjG;aAAM;YACH,MAAM,IAAI,GAAG,WAAsD,CAAC;YACpE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACtD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/F;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,uBAAuB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC5E,CAAC;IAvDD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAoC,EAAE,IAAmC;QAClI,OAAO,IAAI,uBAAuB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC9E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,uBAAuB,CAAC,YAAY,CAAC;IACxE,CAAC;;AA1BL,0DAyDC;AA3CG,gBAAgB;AACO,oCAAY,GAAG,kEAAkE,CAAC"}
+{"version":3,"file":"accessKeysConfiguration.js","sourceRoot":"","sources":["../accessKeysConfiguration.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC,MAAa,uBAAwB,SAAQ,MAAM,CAAC,cAAc;IA6C9D,YAAY,IAAY,EAAE,WAAwE,EAAE,IAAmC;QACnI,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAuD,CAAC;YACtE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;SACjG;aAAM;YACH,MAAM,IAAI,GAAG,WAAsD,CAAC;YACpE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACtD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/F;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,uBAAuB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC5E,CAAC;IA7DD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAoC,EAAE,IAAmC;QAClI,OAAO,IAAI,uBAAuB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC9E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,uBAAuB,CAAC,YAAY,CAAC;IACxE,CAAC;;AA1BL,0DA+DC;AAjDG,gBAAgB;AACO,oCAAY,GAAG,kEAAkE,CAAC"}

package/accessMutualTlsCertificate.d.ts

@@ -2,6 +2,12 @@ import * as pulumi from "@pulumi/pulumi";
 /**
  * Provides a Cloudflare Access Mutual TLS Certificate resource. Mutual TLS authentication ensures that the traffic is secure and trusted in both directions between a client and server and can be used with Access to only allows requests from devices with a corresponding client certificate.
  *
+ * > It's required that an `accountId` or `zoneId` is provided and in
+ * most cases using either is fine. However, if you're using a scoped
+ * access token, you must provide the argument that matches the token's
+ * scope. For example, an access token that is scoped to the "example.com"
+ * zone needs to use the `zoneId` argument.
+ *
  * ## Example Usage
  *
  * ```typescript
@@ -18,10 +24,16 @@ import * as pulumi from "@pulumi/pulumi";
  *
  * ## Import
  *
- * Access Mutual TLS Certificate can be imported using a composite ID composed of the account or zone and the mutual TLS certificate ID in the form of`account/ACCOUNT_ID/MUTUAL_TLS_CERTIFICATE_ID` or `zone/ZONE_ID/MUTUAL_TLS_CERTIFICATE_ID`.
+ * # Account level import.
+ *
+ * ```sh
+ *  $ pulumi import cloudflare:index/accessMutualTlsCertificate:AccessMutualTlsCertificate example account/<account_id>/<mutual_tls_certificate_id>
+ * ```
+ *
+ * # Zone level import.
  *
  * ```sh
- *  $ pulumi import cloudflare:index/accessMutualTlsCertificate:AccessMutualTlsCertificate staging account/cb029e245cfdd66dc8d2e570d5dd3322/d41d8cd98f00b204e9800998ecf8427e
+ *  $ pulumi import cloudflare:index/accessMutualTlsCertificate:AccessMutualTlsCertificate example zone/<zone_id>/<mutual_tls_certificate_id>
  * ```
  */
 export declare class AccessMutualTlsCertificate extends pulumi.CustomResource {
@@ -41,7 +53,7 @@ export declare class AccessMutualTlsCertificate extends pulumi.CustomResource {
      */
     static isInstance(obj: any): obj is AccessMutualTlsCertificate;
     /**
-     * The account to which the certificate should be added. Conflicts with `zoneId`.
+     * The account identifier to target for the resource.
      */
     readonly accountId: pulumi.Output<string>;
     /**
@@ -58,7 +70,7 @@ export declare class AccessMutualTlsCertificate extends pulumi.CustomResource {
      */
     readonly name: pulumi.Output<string>;
     /**
-     * The DNS zone to which the certificate should be added. Conflicts with `accountId`.
+     * The zone identifier to target for the resource.
      */
     readonly zoneId: pulumi.Output<string>;
     /**
@@ -75,7 +87,7 @@ export declare class AccessMutualTlsCertificate extends pulumi.CustomResource {
  */
 export interface AccessMutualTlsCertificateState {
     /**
-     * The account to which the certificate should be added. Conflicts with `zoneId`.
+     * The account identifier to target for the resource.
      */
     accountId?: pulumi.Input<string>;
     /**
@@ -92,7 +104,7 @@ export interface AccessMutualTlsCertificateState {
      */
     name?: pulumi.Input<string>;
     /**
-     * The DNS zone to which the certificate should be added. Conflicts with `accountId`.
+     * The zone identifier to target for the resource.
      */
     zoneId?: pulumi.Input<string>;
 }
@@ -101,7 +113,7 @@ export interface AccessMutualTlsCertificateState {
  */
 export interface AccessMutualTlsCertificateArgs {
     /**
-     * The account to which the certificate should be added. Conflicts with `zoneId`.
+     * The account identifier to target for the resource.
      */
     accountId?: pulumi.Input<string>;
     /**
@@ -117,7 +129,7 @@ export interface AccessMutualTlsCertificateArgs {
      */
     name: pulumi.Input<string>;
     /**
-     * The DNS zone to which the certificate should be added. Conflicts with `accountId`.
+     * The zone identifier to target for the resource.
      */
     zoneId?: pulumi.Input<string>;
 }

package/accessMutualTlsCertificate.js

@@ -8,6 +8,12 @@ const utilities = require("./utilities");
 /**
  * Provides a Cloudflare Access Mutual TLS Certificate resource. Mutual TLS authentication ensures that the traffic is secure and trusted in both directions between a client and server and can be used with Access to only allows requests from devices with a corresponding client certificate.
  *
+ * > It's required that an `accountId` or `zoneId` is provided and in
+ * most cases using either is fine. However, if you're using a scoped
+ * access token, you must provide the argument that matches the token's
+ * scope. For example, an access token that is scoped to the "example.com"
+ * zone needs to use the `zoneId` argument.
+ *
  * ## Example Usage
  *
  * ```typescript
@@ -24,10 +30,16 @@ const utilities = require("./utilities");
  *
  * ## Import
  *
- * Access Mutual TLS Certificate can be imported using a composite ID composed of the account or zone and the mutual TLS certificate ID in the form of`account/ACCOUNT_ID/MUTUAL_TLS_CERTIFICATE_ID` or `zone/ZONE_ID/MUTUAL_TLS_CERTIFICATE_ID`.
+ * # Account level import.
+ *
+ * ```sh
+ *  $ pulumi import cloudflare:index/accessMutualTlsCertificate:AccessMutualTlsCertificate example account/<account_id>/<mutual_tls_certificate_id>
+ * ```
+ *
+ * # Zone level import.
  *
  * ```sh
- *  $ pulumi import cloudflare:index/accessMutualTlsCertificate:AccessMutualTlsCertificate staging account/cb029e245cfdd66dc8d2e570d5dd3322/d41d8cd98f00b204e9800998ecf8427e
+ *  $ pulumi import cloudflare:index/accessMutualTlsCertificate:AccessMutualTlsCertificate example zone/<zone_id>/<mutual_tls_certificate_id>
  * ```
  */
 class AccessMutualTlsCertificate extends pulumi.CustomResource {