@pulumi/cloudflare 5.44.0-alpha.1732685334 → 5.44.0

package/logpushJob.d.ts

@@ -39,7 +39,7 @@ export declare class LogpushJob extends pulumi.CustomResource {
      */
     readonly accountId: pulumi.Output<string | undefined>;
     /**
-     * The kind of the dataset to use with the logpush job. Available values: `accessRequests`, `casbFindings`, `firewallEvents`, `httpRequests`, `spectrumEvents`, `nelReports`, `auditLogs`, `gatewayDns`, `gatewayHttp`, `gatewayNetwork`, `dnsLogs`, `networkAnalyticsLogs`, `workersTraceEvents`, `devicePostureResults`, `zeroTrustNetworkSessions`, `magicIdsDetections`, `pageShieldEvents`.
+     * The kind of the dataset to use with the logpush job. Available values: `accessRequests`, `casbFindings`, `firewallEvents`, `httpRequests`, `spectrumEvents`, `nelReports`, `auditLogs`, `gatewayDns`, `gatewayHttp`, `gatewayNetwork`, `dnsLogs`, `networkAnalyticsLogs`, `workersTraceEvents`, `devicePostureResults`, `zeroTrustNetworkSessions`, `magicIdsDetections`, `pageShieldEvents`, `dlpForensicCopies`.
      */
     readonly dataset: pulumi.Output<string>;
     /**
@@ -114,7 +114,7 @@ export interface LogpushJobState {
      */
     accountId?: pulumi.Input<string>;
     /**
-     * The kind of the dataset to use with the logpush job. Available values: `accessRequests`, `casbFindings`, `firewallEvents`, `httpRequests`, `spectrumEvents`, `nelReports`, `auditLogs`, `gatewayDns`, `gatewayHttp`, `gatewayNetwork`, `dnsLogs`, `networkAnalyticsLogs`, `workersTraceEvents`, `devicePostureResults`, `zeroTrustNetworkSessions`, `magicIdsDetections`, `pageShieldEvents`.
+     * The kind of the dataset to use with the logpush job. Available values: `accessRequests`, `casbFindings`, `firewallEvents`, `httpRequests`, `spectrumEvents`, `nelReports`, `auditLogs`, `gatewayDns`, `gatewayHttp`, `gatewayNetwork`, `dnsLogs`, `networkAnalyticsLogs`, `workersTraceEvents`, `devicePostureResults`, `zeroTrustNetworkSessions`, `magicIdsDetections`, `pageShieldEvents`, `dlpForensicCopies`.
      */
     dataset?: pulumi.Input<string>;
     /**
@@ -181,7 +181,7 @@ export interface LogpushJobArgs {
      */
     accountId?: pulumi.Input<string>;
     /**
-     * The kind of the dataset to use with the logpush job. Available values: `accessRequests`, `casbFindings`, `firewallEvents`, `httpRequests`, `spectrumEvents`, `nelReports`, `auditLogs`, `gatewayDns`, `gatewayHttp`, `gatewayNetwork`, `dnsLogs`, `networkAnalyticsLogs`, `workersTraceEvents`, `devicePostureResults`, `zeroTrustNetworkSessions`, `magicIdsDetections`, `pageShieldEvents`.
+     * The kind of the dataset to use with the logpush job. Available values: `accessRequests`, `casbFindings`, `firewallEvents`, `httpRequests`, `spectrumEvents`, `nelReports`, `auditLogs`, `gatewayDns`, `gatewayHttp`, `gatewayNetwork`, `dnsLogs`, `networkAnalyticsLogs`, `workersTraceEvents`, `devicePostureResults`, `zeroTrustNetworkSessions`, `magicIdsDetections`, `pageShieldEvents`, `dlpForensicCopies`.
      */
     dataset: pulumi.Input<string>;
     /**

package/notificationPolicy.d.ts

@@ -33,7 +33,7 @@ export declare class NotificationPolicy extends pulumi.CustomResource {
      */
     readonly accountId: pulumi.Output<string>;
     /**
-     * The event type that will trigger the dispatch of a notification. See the developer documentation for descriptions of [available alert types](https://developers.cloudflare.com/fundamentals/notifications/notification-available/). Available values: `advancedHttpAlertError`, `accessCustomCertificateExpirationType`, `advancedDdosAttackL4Alert`, `advancedDdosAttackL7Alert`, `bgpHijackNotification`, `billingUsageAlert`, `blockNotificationBlockRemoved`, `blockNotificationNewBlock`, `blockNotificationReviewRejected`, `brandProtectionAlert`, `brandProtectionDigest`, `clickhouseAlertFwAnomaly`, `clickhouseAlertFwEntAnomaly`, `customSslCertificateEventType`, `dedicatedSslCertificateEventType`, `dosAttackL4`, `dosAttackL7`, `expiringServiceTokenAlert`, `failingLogpushJobDisabledAlert`, `fbmAutoAdvertisement`, `fbmDosdAttack`, `fbmVolumetricAttack`, `healthCheckStatusNotification`, `hostnameAopCustomCertificateExpirationType`, `httpAlertEdgeError`, `httpAlertOriginError`, `imageNotification`, `incidentAlert`, `loadBalancingHealthAlert`, `loadBalancingPoolEnablementAlert`, `logoMatchAlert`, `magicTunnelHealthCheckEvent`, `maintenanceEventNotification`, `mtlsCertificateStoreCertificateExpirationType`, `pagesEventAlert`, `radarNotification`, `realOriginMonitoring`, `scriptmonitorAlertNewCodeChangeDetections`, `scriptmonitorAlertNewHosts`, `scriptmonitorAlertNewMaliciousHosts`, `scriptmonitorAlertNewMaliciousScripts`, `scriptmonitorAlertNewMaliciousUrl`, `scriptmonitorAlertNewMaxLengthResourceUrl`, `scriptmonitorAlertNewResources`, `secondaryDnsAllPrimariesFailing`, `secondaryDnsPrimariesFailing`, `secondaryDnsZoneSuccessfullyUpdated`, `secondaryDnsZoneValidationWarning`, `sentinelAlert`, `streamLiveNotifications`, `trafficAnomaliesAlert`, `tunnelHealthEvent`, `tunnelUpdateEvent`, `universalSslEventType`, `webAnalyticsMetricsUpdate`, `weeklyAccountOverview`, `workersAlert`, `zoneAopCustomCertificateExpirationType`.
+     * The event type that will trigger the dispatch of a notification. See the developer documentation for descriptions of [available alert types](https://developers.cloudflare.com/fundamentals/notifications/notification-available/). Available values: `advancedHttpAlertError`, `accessCustomCertificateExpirationType`, `advancedDdosAttackL4Alert`, `advancedDdosAttackL7Alert`, `bgpHijackNotification`, `billingUsageAlert`, `blockNotificationBlockRemoved`, `blockNotificationNewBlock`, `blockNotificationReviewRejected`, `brandProtectionAlert`, `brandProtectionDigest`, `clickhouseAlertFwAnomaly`, `clickhouseAlertFwEntAnomaly`, `customSslCertificateEventType`, `dedicatedSslCertificateEventType`, `dosAttackL4`, `dosAttackL7`, `expiringServiceTokenAlert`, `failingLogpushJobDisabledAlert`, `fbmAutoAdvertisement`, `fbmDosdAttack`, `fbmVolumetricAttack`, `healthCheckStatusNotification`, `hostnameAopCustomCertificateExpirationType`, `httpAlertEdgeError`, `httpAlertOriginError`, `imageNotification`, `imageResizingNotification`, `incidentAlert`, `loadBalancingHealthAlert`, `loadBalancingPoolEnablementAlert`, `logoMatchAlert`, `magicTunnelHealthCheckEvent`, `maintenanceEventNotification`, `mtlsCertificateStoreCertificateExpirationType`, `pagesEventAlert`, `radarNotification`, `realOriginMonitoring`, `scriptmonitorAlertNewCodeChangeDetections`, `scriptmonitorAlertNewHosts`, `scriptmonitorAlertNewMaliciousHosts`, `scriptmonitorAlertNewMaliciousScripts`, `scriptmonitorAlertNewMaliciousUrl`, `scriptmonitorAlertNewMaxLengthResourceUrl`, `scriptmonitorAlertNewResources`, `secondaryDnsAllPrimariesFailing`, `secondaryDnsPrimariesFailing`, `secondaryDnsZoneSuccessfullyUpdated`, `secondaryDnsZoneValidationWarning`, `sentinelAlert`, `streamLiveNotifications`, `trafficAnomaliesAlert`, `tunnelHealthEvent`, `tunnelUpdateEvent`, `universalSslEventType`, `webAnalyticsMetricsUpdate`, `weeklyAccountOverview`, `workersAlert`, `zoneAopCustomCertificateExpirationType`.
      */
     readonly alertType: pulumi.Output<string>;
     /**
@@ -90,7 +90,7 @@ export interface NotificationPolicyState {
      */
     accountId?: pulumi.Input<string>;
     /**
-     * The event type that will trigger the dispatch of a notification. See the developer documentation for descriptions of [available alert types](https://developers.cloudflare.com/fundamentals/notifications/notification-available/). Available values: `advancedHttpAlertError`, `accessCustomCertificateExpirationType`, `advancedDdosAttackL4Alert`, `advancedDdosAttackL7Alert`, `bgpHijackNotification`, `billingUsageAlert`, `blockNotificationBlockRemoved`, `blockNotificationNewBlock`, `blockNotificationReviewRejected`, `brandProtectionAlert`, `brandProtectionDigest`, `clickhouseAlertFwAnomaly`, `clickhouseAlertFwEntAnomaly`, `customSslCertificateEventType`, `dedicatedSslCertificateEventType`, `dosAttackL4`, `dosAttackL7`, `expiringServiceTokenAlert`, `failingLogpushJobDisabledAlert`, `fbmAutoAdvertisement`, `fbmDosdAttack`, `fbmVolumetricAttack`, `healthCheckStatusNotification`, `hostnameAopCustomCertificateExpirationType`, `httpAlertEdgeError`, `httpAlertOriginError`, `imageNotification`, `incidentAlert`, `loadBalancingHealthAlert`, `loadBalancingPoolEnablementAlert`, `logoMatchAlert`, `magicTunnelHealthCheckEvent`, `maintenanceEventNotification`, `mtlsCertificateStoreCertificateExpirationType`, `pagesEventAlert`, `radarNotification`, `realOriginMonitoring`, `scriptmonitorAlertNewCodeChangeDetections`, `scriptmonitorAlertNewHosts`, `scriptmonitorAlertNewMaliciousHosts`, `scriptmonitorAlertNewMaliciousScripts`, `scriptmonitorAlertNewMaliciousUrl`, `scriptmonitorAlertNewMaxLengthResourceUrl`, `scriptmonitorAlertNewResources`, `secondaryDnsAllPrimariesFailing`, `secondaryDnsPrimariesFailing`, `secondaryDnsZoneSuccessfullyUpdated`, `secondaryDnsZoneValidationWarning`, `sentinelAlert`, `streamLiveNotifications`, `trafficAnomaliesAlert`, `tunnelHealthEvent`, `tunnelUpdateEvent`, `universalSslEventType`, `webAnalyticsMetricsUpdate`, `weeklyAccountOverview`, `workersAlert`, `zoneAopCustomCertificateExpirationType`.
+     * The event type that will trigger the dispatch of a notification. See the developer documentation for descriptions of [available alert types](https://developers.cloudflare.com/fundamentals/notifications/notification-available/). Available values: `advancedHttpAlertError`, `accessCustomCertificateExpirationType`, `advancedDdosAttackL4Alert`, `advancedDdosAttackL7Alert`, `bgpHijackNotification`, `billingUsageAlert`, `blockNotificationBlockRemoved`, `blockNotificationNewBlock`, `blockNotificationReviewRejected`, `brandProtectionAlert`, `brandProtectionDigest`, `clickhouseAlertFwAnomaly`, `clickhouseAlertFwEntAnomaly`, `customSslCertificateEventType`, `dedicatedSslCertificateEventType`, `dosAttackL4`, `dosAttackL7`, `expiringServiceTokenAlert`, `failingLogpushJobDisabledAlert`, `fbmAutoAdvertisement`, `fbmDosdAttack`, `fbmVolumetricAttack`, `healthCheckStatusNotification`, `hostnameAopCustomCertificateExpirationType`, `httpAlertEdgeError`, `httpAlertOriginError`, `imageNotification`, `imageResizingNotification`, `incidentAlert`, `loadBalancingHealthAlert`, `loadBalancingPoolEnablementAlert`, `logoMatchAlert`, `magicTunnelHealthCheckEvent`, `maintenanceEventNotification`, `mtlsCertificateStoreCertificateExpirationType`, `pagesEventAlert`, `radarNotification`, `realOriginMonitoring`, `scriptmonitorAlertNewCodeChangeDetections`, `scriptmonitorAlertNewHosts`, `scriptmonitorAlertNewMaliciousHosts`, `scriptmonitorAlertNewMaliciousScripts`, `scriptmonitorAlertNewMaliciousUrl`, `scriptmonitorAlertNewMaxLengthResourceUrl`, `scriptmonitorAlertNewResources`, `secondaryDnsAllPrimariesFailing`, `secondaryDnsPrimariesFailing`, `secondaryDnsZoneSuccessfullyUpdated`, `secondaryDnsZoneValidationWarning`, `sentinelAlert`, `streamLiveNotifications`, `trafficAnomaliesAlert`, `tunnelHealthEvent`, `tunnelUpdateEvent`, `universalSslEventType`, `webAnalyticsMetricsUpdate`, `weeklyAccountOverview`, `workersAlert`, `zoneAopCustomCertificateExpirationType`.
      */
     alertType?: pulumi.Input<string>;
     /**
@@ -139,7 +139,7 @@ export interface NotificationPolicyArgs {
      */
     accountId: pulumi.Input<string>;
     /**
-     * The event type that will trigger the dispatch of a notification. See the developer documentation for descriptions of [available alert types](https://developers.cloudflare.com/fundamentals/notifications/notification-available/). Available values: `advancedHttpAlertError`, `accessCustomCertificateExpirationType`, `advancedDdosAttackL4Alert`, `advancedDdosAttackL7Alert`, `bgpHijackNotification`, `billingUsageAlert`, `blockNotificationBlockRemoved`, `blockNotificationNewBlock`, `blockNotificationReviewRejected`, `brandProtectionAlert`, `brandProtectionDigest`, `clickhouseAlertFwAnomaly`, `clickhouseAlertFwEntAnomaly`, `customSslCertificateEventType`, `dedicatedSslCertificateEventType`, `dosAttackL4`, `dosAttackL7`, `expiringServiceTokenAlert`, `failingLogpushJobDisabledAlert`, `fbmAutoAdvertisement`, `fbmDosdAttack`, `fbmVolumetricAttack`, `healthCheckStatusNotification`, `hostnameAopCustomCertificateExpirationType`, `httpAlertEdgeError`, `httpAlertOriginError`, `imageNotification`, `incidentAlert`, `loadBalancingHealthAlert`, `loadBalancingPoolEnablementAlert`, `logoMatchAlert`, `magicTunnelHealthCheckEvent`, `maintenanceEventNotification`, `mtlsCertificateStoreCertificateExpirationType`, `pagesEventAlert`, `radarNotification`, `realOriginMonitoring`, `scriptmonitorAlertNewCodeChangeDetections`, `scriptmonitorAlertNewHosts`, `scriptmonitorAlertNewMaliciousHosts`, `scriptmonitorAlertNewMaliciousScripts`, `scriptmonitorAlertNewMaliciousUrl`, `scriptmonitorAlertNewMaxLengthResourceUrl`, `scriptmonitorAlertNewResources`, `secondaryDnsAllPrimariesFailing`, `secondaryDnsPrimariesFailing`, `secondaryDnsZoneSuccessfullyUpdated`, `secondaryDnsZoneValidationWarning`, `sentinelAlert`, `streamLiveNotifications`, `trafficAnomaliesAlert`, `tunnelHealthEvent`, `tunnelUpdateEvent`, `universalSslEventType`, `webAnalyticsMetricsUpdate`, `weeklyAccountOverview`, `workersAlert`, `zoneAopCustomCertificateExpirationType`.
+     * The event type that will trigger the dispatch of a notification. See the developer documentation for descriptions of [available alert types](https://developers.cloudflare.com/fundamentals/notifications/notification-available/). Available values: `advancedHttpAlertError`, `accessCustomCertificateExpirationType`, `advancedDdosAttackL4Alert`, `advancedDdosAttackL7Alert`, `bgpHijackNotification`, `billingUsageAlert`, `blockNotificationBlockRemoved`, `blockNotificationNewBlock`, `blockNotificationReviewRejected`, `brandProtectionAlert`, `brandProtectionDigest`, `clickhouseAlertFwAnomaly`, `clickhouseAlertFwEntAnomaly`, `customSslCertificateEventType`, `dedicatedSslCertificateEventType`, `dosAttackL4`, `dosAttackL7`, `expiringServiceTokenAlert`, `failingLogpushJobDisabledAlert`, `fbmAutoAdvertisement`, `fbmDosdAttack`, `fbmVolumetricAttack`, `healthCheckStatusNotification`, `hostnameAopCustomCertificateExpirationType`, `httpAlertEdgeError`, `httpAlertOriginError`, `imageNotification`, `imageResizingNotification`, `incidentAlert`, `loadBalancingHealthAlert`, `loadBalancingPoolEnablementAlert`, `logoMatchAlert`, `magicTunnelHealthCheckEvent`, `maintenanceEventNotification`, `mtlsCertificateStoreCertificateExpirationType`, `pagesEventAlert`, `radarNotification`, `realOriginMonitoring`, `scriptmonitorAlertNewCodeChangeDetections`, `scriptmonitorAlertNewHosts`, `scriptmonitorAlertNewMaliciousHosts`, `scriptmonitorAlertNewMaliciousScripts`, `scriptmonitorAlertNewMaliciousUrl`, `scriptmonitorAlertNewMaxLengthResourceUrl`, `scriptmonitorAlertNewResources`, `secondaryDnsAllPrimariesFailing`, `secondaryDnsPrimariesFailing`, `secondaryDnsZoneSuccessfullyUpdated`, `secondaryDnsZoneValidationWarning`, `sentinelAlert`, `streamLiveNotifications`, `trafficAnomaliesAlert`, `tunnelHealthEvent`, `tunnelUpdateEvent`, `universalSslEventType`, `webAnalyticsMetricsUpdate`, `weeklyAccountOverview`, `workersAlert`, `zoneAopCustomCertificateExpirationType`.
      */
     alertType: pulumi.Input<string>;
     /**

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@pulumi/cloudflare",
-    "version": "5.44.0-alpha.1732685334",
+    "version": "5.44.0",
     "description": "A Pulumi package for creating and managing Cloudflare cloud resources.",
     "keywords": [
         "pulumi",
@@ -23,6 +23,6 @@
     "pulumi": {
         "resource": true,
         "name": "cloudflare",
-        "version": "5.44.0-alpha.1732685334"
+        "version": "5.44.0"
     }
 }

package/r2bucket.d.ts

@@ -42,7 +42,7 @@ export declare class R2Bucket extends pulumi.CustomResource {
      */
     readonly accountId: pulumi.Output<string>;
     /**
-     * The location hint of the R2 bucket. Available values: `WNAM`, `ENAM`, `WEUR`, `EEUR`, `APAC`
+     * The location hint of the R2 bucket. Available values: `WNAM`, `ENAM`, `WEUR`, `EEUR`, `APAC`, `OC`
      */
     readonly location: pulumi.Output<string>;
     /**
@@ -67,7 +67,7 @@ export interface R2BucketState {
      */
     accountId?: pulumi.Input<string>;
     /**
-     * The location hint of the R2 bucket. Available values: `WNAM`, `ENAM`, `WEUR`, `EEUR`, `APAC`
+     * The location hint of the R2 bucket. Available values: `WNAM`, `ENAM`, `WEUR`, `EEUR`, `APAC`, `OC`
      */
     location?: pulumi.Input<string>;
     /**
@@ -84,7 +84,7 @@ export interface R2BucketArgs {
      */
     accountId: pulumi.Input<string>;
     /**
-     * The location hint of the R2 bucket. Available values: `WNAM`, `ENAM`, `WEUR`, `EEUR`, `APAC`
+     * The location hint of the R2 bucket. Available values: `WNAM`, `ENAM`, `WEUR`, `EEUR`, `APAC`, `OC`
      */
     location?: pulumi.Input<string>;
     /**

package/types/input.d.ts

@@ -248,7 +248,7 @@ export interface AccessApplicationScimConfig {
      */
     enabled?: pulumi.Input<boolean>;
     /**
-     * The UID of the IdP to use as the source for SCIM resources to provision to this application.
+     * The UIDs of the IdP to use as the source for SCIM resources to provision to this application.
      */
     idpUid: pulumi.Input<string>;
     /**
@@ -315,6 +315,10 @@ export interface AccessApplicationScimConfigMapping {
      * Which SCIM resource type this mapping applies to.
      */
     schema: pulumi.Input<string>;
+    /**
+     * How strictly to adhere to outbound resource schemas when provisioning to this mapping. "strict" will remove unknown values when provisioning, while "passthrough" will pass unknown values to the target.
+     */
+    strictness?: pulumi.Input<string>;
     /**
      * A [JSONata](https://jsonata.org/) expression that transforms the resource before provisioning it in the application.
      */
@@ -501,11 +505,11 @@ export interface AccessGroupExcludeGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: pulumi.Input<pulumi.Input<string>[]>;
+    emails: pulumi.Input<pulumi.Input<string>[]>;
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: pulumi.Input<string>;
+    identityProviderId: pulumi.Input<string>;
 }
 export interface AccessGroupExcludeOkta {
     /**
@@ -674,11 +678,11 @@ export interface AccessGroupIncludeGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: pulumi.Input<pulumi.Input<string>[]>;
+    emails: pulumi.Input<pulumi.Input<string>[]>;
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: pulumi.Input<string>;
+    identityProviderId: pulumi.Input<string>;
 }
 export interface AccessGroupIncludeOkta {
     /**
@@ -847,11 +851,11 @@ export interface AccessGroupRequireGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: pulumi.Input<pulumi.Input<string>[]>;
+    emails: pulumi.Input<pulumi.Input<string>[]>;
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: pulumi.Input<string>;
+    identityProviderId: pulumi.Input<string>;
 }
 export interface AccessGroupRequireOkta {
     /**
@@ -909,6 +913,7 @@ export interface AccessIdentityProviderConfig {
 export interface AccessIdentityProviderScimConfig {
     enabled?: pulumi.Input<boolean>;
     groupMemberDeprovision?: pulumi.Input<boolean>;
+    identityUpdateBehavior?: pulumi.Input<string>;
     seatDeprovision?: pulumi.Input<boolean>;
     secret?: pulumi.Input<string>;
     userDeprovision?: pulumi.Input<boolean>;
@@ -1125,11 +1130,11 @@ export interface AccessPolicyExcludeGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: pulumi.Input<pulumi.Input<string>[]>;
+    emails: pulumi.Input<pulumi.Input<string>[]>;
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: pulumi.Input<string>;
+    identityProviderId: pulumi.Input<string>;
 }
 export interface AccessPolicyExcludeOkta {
     /**
@@ -1298,11 +1303,11 @@ export interface AccessPolicyIncludeGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: pulumi.Input<pulumi.Input<string>[]>;
+    emails: pulumi.Input<pulumi.Input<string>[]>;
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: pulumi.Input<string>;
+    identityProviderId: pulumi.Input<string>;
 }
 export interface AccessPolicyIncludeOkta {
     /**
@@ -1471,11 +1476,11 @@ export interface AccessPolicyRequireGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: pulumi.Input<pulumi.Input<string>[]>;
+    emails: pulumi.Input<pulumi.Input<string>[]>;
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: pulumi.Input<string>;
+    identityProviderId: pulumi.Input<string>;
 }
 export interface AccessPolicyRequireOkta {
     /**
@@ -5689,7 +5694,7 @@ export interface ZeroTrustAccessApplicationScimConfig {
      */
     enabled?: pulumi.Input<boolean>;
     /**
-     * The UID of the IdP to use as the source for SCIM resources to provision to this application.
+     * The UIDs of the IdP to use as the source for SCIM resources to provision to this application.
      */
     idpUid: pulumi.Input<string>;
     /**
@@ -5756,6 +5761,10 @@ export interface ZeroTrustAccessApplicationScimConfigMapping {
      * Which SCIM resource type this mapping applies to.
      */
     schema: pulumi.Input<string>;
+    /**
+     * How strictly to adhere to outbound resource schemas when provisioning to this mapping. "strict" will remove unknown values when provisioning, while "passthrough" will pass unknown values to the target.
+     */
+    strictness?: pulumi.Input<string>;
     /**
      * A [JSONata](https://jsonata.org/) expression that transforms the resource before provisioning it in the application.
      */
@@ -5942,11 +5951,11 @@ export interface ZeroTrustAccessGroupExcludeGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: pulumi.Input<pulumi.Input<string>[]>;
+    emails: pulumi.Input<pulumi.Input<string>[]>;
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: pulumi.Input<string>;
+    identityProviderId: pulumi.Input<string>;
 }
 export interface ZeroTrustAccessGroupExcludeOkta {
     /**
@@ -6115,11 +6124,11 @@ export interface ZeroTrustAccessGroupIncludeGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: pulumi.Input<pulumi.Input<string>[]>;
+    emails: pulumi.Input<pulumi.Input<string>[]>;
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: pulumi.Input<string>;
+    identityProviderId: pulumi.Input<string>;
 }
 export interface ZeroTrustAccessGroupIncludeOkta {
     /**
@@ -6288,11 +6297,11 @@ export interface ZeroTrustAccessGroupRequireGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: pulumi.Input<pulumi.Input<string>[]>;
+    emails: pulumi.Input<pulumi.Input<string>[]>;
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: pulumi.Input<string>;
+    identityProviderId: pulumi.Input<string>;
 }
 export interface ZeroTrustAccessGroupRequireOkta {
     /**
@@ -6350,6 +6359,7 @@ export interface ZeroTrustAccessIdentityProviderConfig {
 export interface ZeroTrustAccessIdentityProviderScimConfig {
     enabled?: pulumi.Input<boolean>;
     groupMemberDeprovision?: pulumi.Input<boolean>;
+    identityUpdateBehavior?: pulumi.Input<string>;
     seatDeprovision?: pulumi.Input<boolean>;
     secret?: pulumi.Input<string>;
     userDeprovision?: pulumi.Input<boolean>;
@@ -6566,11 +6576,11 @@ export interface ZeroTrustAccessPolicyExcludeGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: pulumi.Input<pulumi.Input<string>[]>;
+    emails: pulumi.Input<pulumi.Input<string>[]>;
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: pulumi.Input<string>;
+    identityProviderId: pulumi.Input<string>;
 }
 export interface ZeroTrustAccessPolicyExcludeOkta {
     /**
@@ -6739,11 +6749,11 @@ export interface ZeroTrustAccessPolicyIncludeGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: pulumi.Input<pulumi.Input<string>[]>;
+    emails: pulumi.Input<pulumi.Input<string>[]>;
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: pulumi.Input<string>;
+    identityProviderId: pulumi.Input<string>;
 }
 export interface ZeroTrustAccessPolicyIncludeOkta {
     /**
@@ -6912,11 +6922,11 @@ export interface ZeroTrustAccessPolicyRequireGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: pulumi.Input<pulumi.Input<string>[]>;
+    emails: pulumi.Input<pulumi.Input<string>[]>;
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: pulumi.Input<string>;
+    identityProviderId: pulumi.Input<string>;
 }
 export interface ZeroTrustAccessPolicyRequireOkta {
     /**

package/types/output.d.ts

@@ -247,7 +247,7 @@ export interface AccessApplicationScimConfig {
      */
     enabled?: boolean;
     /**
-     * The UID of the IdP to use as the source for SCIM resources to provision to this application.
+     * The UIDs of the IdP to use as the source for SCIM resources to provision to this application.
      */
     idpUid: string;
     /**
@@ -314,6 +314,10 @@ export interface AccessApplicationScimConfigMapping {
      * Which SCIM resource type this mapping applies to.
      */
     schema: string;
+    /**
+     * How strictly to adhere to outbound resource schemas when provisioning to this mapping. "strict" will remove unknown values when provisioning, while "passthrough" will pass unknown values to the target.
+     */
+    strictness?: string;
     /**
      * A [JSONata](https://jsonata.org/) expression that transforms the resource before provisioning it in the application.
      */
@@ -500,11 +504,11 @@ export interface AccessGroupExcludeGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: string[];
+    emails: string[];
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: string;
+    identityProviderId: string;
 }
 export interface AccessGroupExcludeOkta {
     /**
@@ -673,11 +677,11 @@ export interface AccessGroupIncludeGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: string[];
+    emails: string[];
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: string;
+    identityProviderId: string;
 }
 export interface AccessGroupIncludeOkta {
     /**
@@ -846,11 +850,11 @@ export interface AccessGroupRequireGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: string[];
+    emails: string[];
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: string;
+    identityProviderId: string;
 }
 export interface AccessGroupRequireOkta {
     /**
@@ -908,6 +912,7 @@ export interface AccessIdentityProviderConfig {
 export interface AccessIdentityProviderScimConfig {
     enabled?: boolean;
     groupMemberDeprovision?: boolean;
+    identityUpdateBehavior: string;
     seatDeprovision?: boolean;
     secret: string;
     userDeprovision?: boolean;
@@ -1124,11 +1129,11 @@ export interface AccessPolicyExcludeGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: string[];
+    emails: string[];
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: string;
+    identityProviderId: string;
 }
 export interface AccessPolicyExcludeOkta {
     /**
@@ -1297,11 +1302,11 @@ export interface AccessPolicyIncludeGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: string[];
+    emails: string[];
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: string;
+    identityProviderId: string;
 }
 export interface AccessPolicyIncludeOkta {
     /**
@@ -1470,11 +1475,11 @@ export interface AccessPolicyRequireGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: string[];
+    emails: string[];
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: string;
+    identityProviderId: string;
 }
 export interface AccessPolicyRequireOkta {
     /**
@@ -6598,7 +6603,7 @@ export interface ZeroTrustAccessApplicationScimConfig {
      */
     enabled?: boolean;
     /**
-     * The UID of the IdP to use as the source for SCIM resources to provision to this application.
+     * The UIDs of the IdP to use as the source for SCIM resources to provision to this application.
      */
     idpUid: string;
     /**
@@ -6665,6 +6670,10 @@ export interface ZeroTrustAccessApplicationScimConfigMapping {
      * Which SCIM resource type this mapping applies to.
      */
     schema: string;
+    /**
+     * How strictly to adhere to outbound resource schemas when provisioning to this mapping. "strict" will remove unknown values when provisioning, while "passthrough" will pass unknown values to the target.
+     */
+    strictness?: string;
     /**
      * A [JSONata](https://jsonata.org/) expression that transforms the resource before provisioning it in the application.
      */
@@ -6851,11 +6860,11 @@ export interface ZeroTrustAccessGroupExcludeGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: string[];
+    emails: string[];
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: string;
+    identityProviderId: string;
 }
 export interface ZeroTrustAccessGroupExcludeOkta {
     /**
@@ -7024,11 +7033,11 @@ export interface ZeroTrustAccessGroupIncludeGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: string[];
+    emails: string[];
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: string;
+    identityProviderId: string;
 }
 export interface ZeroTrustAccessGroupIncludeOkta {
     /**
@@ -7197,11 +7206,11 @@ export interface ZeroTrustAccessGroupRequireGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: string[];
+    emails: string[];
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: string;
+    identityProviderId: string;
 }
 export interface ZeroTrustAccessGroupRequireOkta {
     /**
@@ -7259,6 +7268,7 @@ export interface ZeroTrustAccessIdentityProviderConfig {
 export interface ZeroTrustAccessIdentityProviderScimConfig {
     enabled?: boolean;
     groupMemberDeprovision?: boolean;
+    identityUpdateBehavior: string;
     seatDeprovision?: boolean;
     secret: string;
     userDeprovision?: boolean;
@@ -7475,11 +7485,11 @@ export interface ZeroTrustAccessPolicyExcludeGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: string[];
+    emails: string[];
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: string;
+    identityProviderId: string;
 }
 export interface ZeroTrustAccessPolicyExcludeOkta {
     /**
@@ -7648,11 +7658,11 @@ export interface ZeroTrustAccessPolicyIncludeGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: string[];
+    emails: string[];
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: string;
+    identityProviderId: string;
 }
 export interface ZeroTrustAccessPolicyIncludeOkta {
     /**
@@ -7821,11 +7831,11 @@ export interface ZeroTrustAccessPolicyRequireGsuite {
     /**
      * The email of the Google Workspace group.
      */
-    emails?: string[];
+    emails: string[];
     /**
      * The ID of your Google Workspace identity provider.
      */
-    identityProviderId?: string;
+    identityProviderId: string;
 }
 export interface ZeroTrustAccessPolicyRequireOkta {
     /**