@pulumi/cloudflare 6.3.0-alpha.1749049430 → 6.3.0

package/types/output.d.ts

@@ -52,7 +52,7 @@ export interface AccessApplicationDestination {
      */
     portRange?: string;
     /**
-     * Available values: "public".
+     * Available values: "public", "private".
      */
     type?: string;
     /**
@@ -109,7 +109,7 @@ export interface AccessApplicationPolicy {
     /**
      * Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
      */
-    excludes?: outputs.AccessApplicationPolicyExclude[];
+    excludes: outputs.AccessApplicationPolicyExclude[];
     /**
      * The UUID of the policy
      */
@@ -117,7 +117,7 @@ export interface AccessApplicationPolicy {
     /**
      * Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
      */
-    includes?: outputs.AccessApplicationPolicyInclude[];
+    includes: outputs.AccessApplicationPolicyInclude[];
     /**
      * The name of the Access policy.
      */
@@ -129,7 +129,7 @@ export interface AccessApplicationPolicy {
     /**
      * Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
      */
-    requires?: outputs.AccessApplicationPolicyRequire[];
+    requires: outputs.AccessApplicationPolicyRequire[];
 }
 export interface AccessApplicationPolicyConnectionRules {
     /**
@@ -932,7 +932,7 @@ export interface AccessApplicationScimConfigAuthentication {
     password?: string;
     /**
      * The authentication scheme to use when making SCIM requests to this application.
-     * Available values: "httpbasic".
+     * Available values: "httpbasic", "oauthbearertoken", "oauth2", "access*service*token".
      */
     scheme: string;
     /**
@@ -1678,7 +1678,7 @@ export interface AccessIdentityProviderConfig {
     /**
      * Sign the SAML authentication request with Access credentials. To verify the signature, use the public key from the Access certs endpoints.
      */
-    signRequest?: boolean;
+    signRequest: boolean;
     /**
      * URL to send the SAML authentication requests to
      */
@@ -2362,7 +2362,7 @@ export interface AccessPolicyRequireServiceToken {
 export interface AccessRuleConfiguration {
     /**
      * The configuration target. You must set the target to `ip` when specifying an IP address in the rule.
-     * Available values: "ip".
+     * Available values: "ip", "ip6", "ipRange", "asn", "country".
      */
     target?: string;
     /**
@@ -2525,26 +2525,11 @@ export interface AccountSettings {
      * Sets an abuse contact email to notify for abuse reports.
      */
     abuseContactEmail?: string;
-    /**
-     * Specifies the default nameservers to be used for new zones added to this account.
-     *
-     * @deprecated This attribute is deprecated.
-     */
-    defaultNameservers: string;
     /**
      * Indicates whether membership in this account requires that
      * Two-Factor Authentication is enabled
      */
     enforceTwofactor: boolean;
-    /**
-     * Indicates whether new zones should use the account-level custom
-     * nameservers by default.
-     *
-     * Deprecated in favor of [DNS Settings](https://developers.cloudflare.com/api/operations/dns-settings-for-an-account-update-dns-settings).
-     *
-     * @deprecated This attribute is deprecated.
-     */
-    useAccountCustomNsByDefault: boolean;
 }
 export interface AccountSubscriptionRatePlan {
     /**
@@ -2661,7 +2646,7 @@ export interface ApiShieldAuthIdCharacteristic {
     name: string;
     /**
      * The type of characteristic.
-     * Available values: "header", "cookie".
+     * Available values: "header", "cookie", "jwt".
      */
     type: string;
 }
@@ -2984,7 +2969,7 @@ export interface CloudConnectorRulesRule {
     description?: string;
     enabled?: boolean;
     expression?: string;
-    id?: string;
+    id: string;
     /**
      * Parameters of Cloud Connector Rule
      */
@@ -3192,11 +3177,11 @@ export interface DeviceManagedNetworksConfig {
 }
 export interface DevicePostureIntegrationConfig {
     /**
-     * If present, this id will be passed in the `CF-Access-Client-ID` header when hitting the `apiUrl`
+     * If present, this id will be passed in the `CF-Access-Client-ID` header when hitting the `apiUrl`.
      */
     accessClientId?: string;
     /**
-     * If present, this secret will be passed in the `CF-Access-Client-Secret` header when hitting the `apiUrl`
+     * If present, this secret will be passed in the `CF-Access-Client-Secret` header when hitting the `apiUrl`.
      */
     accessClientSecret?: string;
     /**
@@ -3242,12 +3227,12 @@ export interface DevicePostureRuleInput {
      */
     checkPrivateKey?: boolean;
     /**
-     * Common Name that is protected by the certificate
+     * Common Name that is protected by the certificate.
      */
     cn?: string;
     /**
-     * Compliance Status
-     * Available values: "compliant", "noncompliant", "unknown".
+     * Compliance Status.
+     * Available values: "compliant", "noncompliant", "unknown", "notapplicable", "ingraceperiod", "error".
      */
     complianceStatus?: string;
     /**
@@ -3255,12 +3240,12 @@ export interface DevicePostureRuleInput {
      */
     connectionId?: string;
     /**
-     * Count Operator
+     * Count Operator.
      * Available values: "<", "<=", ">", ">=", "==".
      */
     countOperator?: string;
     /**
-     * Domain
+     * Domain.
      */
     domain?: string;
     /**
@@ -3268,15 +3253,15 @@ export interface DevicePostureRuleInput {
      */
     eidLastSeen?: string;
     /**
-     * Enabled
+     * Enabled.
      */
     enabled?: boolean;
     /**
-     * Whether or not file exists
+     * Whether or not file exists.
      */
     exists?: boolean;
     /**
-     * List of values indicating purposes for which the certificate public key can be used
+     * List of values indicating purposes for which the certificate public key can be used.
      */
     extendedKeyUsages?: string[];
     /**
@@ -3306,8 +3291,8 @@ export interface DevicePostureRuleInput {
      */
     networkStatus?: string;
     /**
-     * Operating system
-     * Available values: "windows", "linux", "mac".
+     * Operating system.
+     * Available values: "windows", "linux", "mac", "android", "ios", "chromeos".
      */
     operatingSystem?: string;
     /**
@@ -3316,28 +3301,28 @@ export interface DevicePostureRuleInput {
      */
     operationalState?: string;
     /**
-     * operator
+     * Operator.
      * Available values: "<", "<=", ">", ">=", "==".
      */
     operator?: string;
     /**
-     * Os Version
+     * Os Version.
      */
     os?: string;
     /**
-     * Operating System Distribution Name (linux only)
+     * Operating System Distribution Name (linux only).
      */
     osDistroName?: string;
     /**
-     * Version of OS Distribution (linux only)
+     * Version of OS Distribution (linux only).
      */
     osDistroRevision?: string;
     /**
-     * Additional version data. For Mac or iOS, the Product Version Extra. For Linux, the kernel release version. (Mac, iOS, and Linux only)
+     * Additional version data. For Mac or iOS, the Product Version Extra. For Linux, the kernel release version. (Mac, iOS, and Linux only).
      */
     osVersionExtra?: string;
     /**
-     * overall
+     * Overall.
      */
     overall?: string;
     /**
@@ -3358,12 +3343,12 @@ export interface DevicePostureRuleInput {
      */
     score?: number;
     /**
-     * Score Operator
+     * Score Operator.
      * Available values: "<", "<=", ">", ">=", "==".
      */
     scoreOperator?: string;
     /**
-     * SensorConfig
+     * SensorConfig.
      */
     sensorConfig?: string;
     /**
@@ -3384,11 +3369,11 @@ export interface DevicePostureRuleInput {
      */
     totalScore?: number;
     /**
-     * Version of OS
+     * Version of OS.
      */
     version?: string;
     /**
-     * Version Operator
+     * Version Operator.
      * Available values: "<", "<=", ">", ">=", "==".
      */
     versionOperator?: string;
@@ -3498,7 +3483,7 @@ export interface DlpCustomProfileProfileSharedEntry {
     enabled: boolean;
     entryId: string;
     /**
-     * Available values: "custom".
+     * Available values: "custom", "predefined", "integration", "exactData".
      */
     entryType: string;
 }
@@ -3506,7 +3491,7 @@ export interface DlpCustomProfileSharedEntry {
     enabled: boolean;
     entryId: string;
     /**
-     * Available values: "custom".
+     * Available values: "custom", "predefined", "integration", "exactData".
      */
     entryType: string;
 }
@@ -3847,7 +3832,7 @@ export interface EmailRoutingRuleMatcher {
     field?: string;
     /**
      * Type of matcher.
-     * Available values: "literal".
+     * Available values: "all", "literal".
      */
     type: string;
     /**
@@ -3923,7 +3908,7 @@ export interface FirewallRuleFilter {
 export interface GetAccessRuleConfiguration {
     /**
      * The configuration target. You must set the target to `ip` when specifying an IP address in the rule.
-     * Available values: "ip".
+     * Available values: "ip", "ip6", "ipRange", "asn", "country".
      */
     target: string;
     /**
@@ -4036,7 +4021,7 @@ export interface GetAccessRulesResult {
 export interface GetAccessRulesResultConfiguration {
     /**
      * The configuration target. You must set the target to `ip` when specifying an IP address in the rule.
-     * Available values: "ip".
+     * Available values: "ip", "ip6", "ipRange", "asn", "country".
      */
     target: string;
     /**
@@ -4804,26 +4789,11 @@ export interface GetAccountSettings {
      * Sets an abuse contact email to notify for abuse reports.
      */
     abuseContactEmail: string;
-    /**
-     * Specifies the default nameservers to be used for new zones added to this account.
-     *
-     * @deprecated This attribute is deprecated.
-     */
-    defaultNameservers: string;
     /**
      * Indicates whether membership in this account requires that
      * Two-Factor Authentication is enabled
      */
     enforceTwofactor: boolean;
-    /**
-     * Indicates whether new zones should use the account-level custom
-     * nameservers by default.
-     *
-     * Deprecated in favor of [DNS Settings](https://developers.cloudflare.com/api/operations/dns-settings-for-an-account-update-dns-settings).
-     *
-     * @deprecated This attribute is deprecated.
-     */
-    useAccountCustomNsByDefault: boolean;
 }
 export interface GetAccountSubscriptionRatePlan {
     /**
@@ -5036,26 +5006,11 @@ export interface GetAccountsResultSettings {
      * Sets an abuse contact email to notify for abuse reports.
      */
     abuseContactEmail: string;
-    /**
-     * Specifies the default nameservers to be used for new zones added to this account.
-     *
-     * @deprecated This attribute is deprecated.
-     */
-    defaultNameservers: string;
     /**
      * Indicates whether membership in this account requires that
      * Two-Factor Authentication is enabled
      */
     enforceTwofactor: boolean;
-    /**
-     * Indicates whether new zones should use the account-level custom
-     * nameservers by default.
-     *
-     * Deprecated in favor of [DNS Settings](https://developers.cloudflare.com/api/operations/dns-settings-for-an-account-update-dns-settings).
-     *
-     * @deprecated This attribute is deprecated.
-     */
-    useAccountCustomNsByDefault: boolean;
 }
 export interface GetAddressMapIp {
     createdAt: string;
@@ -5115,7 +5070,7 @@ export interface GetApiShieldAuthIdCharacteristic {
     name: string;
     /**
      * The type of characteristic.
-     * Available values: "header", "cookie".
+     * Available values: "header", "cookie", "jwt".
      */
     type: string;
 }
@@ -5873,7 +5828,7 @@ export interface GetCallsTurnAppsResult {
 }
 export interface GetCertificatePacksResult {
 }
-export interface GetCloudConnectorRulesListResult {
+export interface GetCloudConnectorRulesRule {
     description: string;
     enabled: boolean;
     expression: string;
@@ -5881,34 +5836,78 @@ export interface GetCloudConnectorRulesListResult {
     /**
      * Parameters of Cloud Connector Rule
      */
-    parameters: outputs.GetCloudConnectorRulesListResultParameters;
+    parameters: outputs.GetCloudConnectorRulesRuleParameters;
     /**
      * Cloud Provider type
      * Available values: "aws*s3", "r2", "gcp*storage", "azureStorage".
      */
     provider: string;
 }
-export interface GetCloudConnectorRulesListResultParameters {
+export interface GetCloudConnectorRulesRuleParameters {
     /**
      * Host to perform Cloud Connection to
      */
     host: string;
 }
+export interface GetCloudforceOneRequestFilter {
+    /**
+     * Retrieve requests completed after this time.
+     */
+    completedAfter?: string;
+    /**
+     * Retrieve requests completed before this time.
+     */
+    completedBefore?: string;
+    /**
+     * Retrieve requests created after this time.
+     */
+    createdAfter?: string;
+    /**
+     * Retrieve requests created before this time.
+     */
+    createdBefore?: string;
+    /**
+     * Page number of results.
+     */
+    page: number;
+    /**
+     * Number of results per page.
+     */
+    perPage: number;
+    /**
+     * Requested information from request.
+     */
+    requestType?: string;
+    /**
+     * Field to sort results by.
+     */
+    sortBy?: string;
+    /**
+     * Sort order (asc or desc).
+     * Available values: "asc", "desc".
+     */
+    sortOrder?: string;
+    /**
+     * Request Status.
+     * Available values: "open", "accepted", "reported", "approved", "completed", "declined".
+     */
+    status?: string;
+}
 export interface GetCloudforceOneRequestsResult {
     /**
-     * Request completion time
+     * Request completion time.
      */
     completed: string;
     /**
-     * Request creation time
+     * Request creation time.
      */
     created: string;
     /**
-     * UUID
+     * UUID.
      */
     id: string;
     /**
-     * Tokens for the request messages
+     * Tokens for the request messages.
      */
     messageTokens: number;
     /**
@@ -5916,33 +5915,33 @@ export interface GetCloudforceOneRequestsResult {
      */
     priority: string;
     /**
-     * Readable Request ID
+     * Readable Request ID.
      */
     readableId: string;
     /**
-     * Requested information from request
+     * Requested information from request.
      */
     request: string;
     /**
-     * Request Status
+     * Request Status.
      * Available values: "open", "accepted", "reported", "approved", "completed", "declined".
      */
     status: string;
     /**
-     * Brief description of the request
+     * Brief description of the request.
      */
     summary: string;
     /**
-     * The CISA defined Traffic Light Protocol (TLP)
+     * The CISA defined Traffic Light Protocol (TLP).
      * Available values: "clear", "amber", "amber-strict", "green", "red".
      */
     tlp: string;
     /**
-     * Tokens for the request
+     * Tokens for the request.
      */
     tokens: number;
     /**
-     * Request last updated time
+     * Request last updated time.
      */
     updated: string;
 }
@@ -7039,7 +7038,7 @@ export interface GetDnsRecordsResult {
     ttl: number;
     /**
      * Record type.
-     * Available values: "A".
+     * Available values: "A", "AAAA", "CAA", "CERT", "CNAME", "DNSKEY", "DS", "HTTPS", "LOC", "MX", "NAPTR", "NS", "OPENPGPKEY", "PTR", "SMIMEA", "SRV", "SSHFP", "SVCB", "TLSA", "TXT", "URI".
      */
     type: string;
 }
@@ -7470,7 +7469,7 @@ export interface GetEmailRoutingRuleMatcher {
     field: string;
     /**
      * Type of matcher.
-     * Available values: "literal".
+     * Available values: "all", "literal".
      */
     type: string;
     /**
@@ -7526,7 +7525,7 @@ export interface GetEmailRoutingRulesResultMatcher {
     field: string;
     /**
      * Type of matcher.
-     * Available values: "literal".
+     * Available values: "all", "literal".
      */
     type: string;
     /**
@@ -7920,55 +7919,55 @@ export interface GetHealthchecksResultTcpConfig {
 }
 export interface GetHyperdriveConfigCaching {
     /**
-     * When set to true, disables the caching of SQL responses. (Default: false)
+     * Set to true to disable caching of SQL responses. Default is false.
      */
     disabled: boolean;
     /**
-     * When present, specifies max duration for which items should persist in the cache. Not returned if set to default. (Default: 60)
+     * Specify the maximum duration items should persist in the cache. Not returned if set to the default (60).
      */
     maxAge: number;
     /**
-     * When present, indicates the number of seconds cache may serve the response after it becomes stale. Not returned if set to default. (Default: 15)
+     * Specify the number of seconds the cache may serve a stale response. Omitted if set to the default (15).
      */
     staleWhileRevalidate: number;
 }
 export interface GetHyperdriveConfigMtls {
     /**
-     * CA certificate ID
+     * Define CA certificate ID obtained after uploading CA cert.
      */
     caCertificateId: string;
     /**
-     * mTLS certificate ID
+     * Define mTLS certificate ID obtained after uploading client cert.
      */
     mtlsCertificateId: string;
     /**
-     * SSL mode used for CA verification. Must be 'require', 'verify-ca', or 'verify-full'
+     * Set SSL mode to 'require', 'verify-ca', or 'verify-full' to verify the CA.
      */
     sslmode: string;
 }
 export interface GetHyperdriveConfigOrigin {
     /**
-     * The Client ID of the Access token to use when connecting to the origin database.
+     * Defines the Client ID of the Access token to use when connecting to the origin database.
      */
     accessClientId: string;
     /**
-     * The Client Secret of the Access token to use when connecting to the origin database. This value is write-only and never returned by the API.
+     * Defines the Client Secret of the Access Token to use when connecting to the origin database. The API never returns this write-only value.
      */
     accessClientSecret: string;
     /**
-     * The name of your origin database.
+     * Set the name of your origin database.
      */
     database: string;
     /**
-     * The host (hostname or IP) of your origin database.
+     * Defines the host (hostname or IP) of your origin database.
      */
     host: string;
     /**
-     * The password required to access your origin database. This value is write-only and never returned by the API.
+     * Set the password needed to access your origin database. The API never returns this write-only value.
      */
     password: string;
     /**
-     * The port (default: 5432 for Postgres) of your origin database.
+     * Defines the port (default: 5432 for Postgres) of your origin database.
      */
     port: number;
     /**
@@ -7977,22 +7976,22 @@ export interface GetHyperdriveConfigOrigin {
      */
     scheme: string;
     /**
-     * The user of your origin database.
+     * Set the user of your origin database.
      */
     user: string;
 }
 export interface GetHyperdriveConfigsResult {
     caching: outputs.GetHyperdriveConfigsResultCaching;
     /**
-     * When the Hyperdrive configuration was created.
+     * Defines the creation time of the Hyperdrive configuration.
      */
     createdOn: string;
     /**
-     * Identifier
+     * Define configurations using a unique string identifier.
      */
     id: string;
     /**
-     * When the Hyperdrive configuration was last modified.
+     * Defines the last modified time of the Hyperdrive configuration.
      */
     modifiedOn: string;
     mtls: outputs.GetHyperdriveConfigsResultMtls;
@@ -8001,55 +8000,55 @@ export interface GetHyperdriveConfigsResult {
 }
 export interface GetHyperdriveConfigsResultCaching {
     /**
-     * When set to true, disables the caching of SQL responses. (Default: false)
+     * Set to true to disable caching of SQL responses. Default is false.
      */
     disabled: boolean;
     /**
-     * When present, specifies max duration for which items should persist in the cache. Not returned if set to default. (Default: 60)
+     * Specify the maximum duration items should persist in the cache. Not returned if set to the default (60).
      */
     maxAge: number;
     /**
-     * When present, indicates the number of seconds cache may serve the response after it becomes stale. Not returned if set to default. (Default: 15)
+     * Specify the number of seconds the cache may serve a stale response. Omitted if set to the default (15).
      */
     staleWhileRevalidate: number;
 }
 export interface GetHyperdriveConfigsResultMtls {
     /**
-     * CA certificate ID
+     * Define CA certificate ID obtained after uploading CA cert.
      */
     caCertificateId: string;
     /**
-     * mTLS certificate ID
+     * Define mTLS certificate ID obtained after uploading client cert.
      */
     mtlsCertificateId: string;
     /**
-     * SSL mode used for CA verification. Must be 'require', 'verify-ca', or 'verify-full'
+     * Set SSL mode to 'require', 'verify-ca', or 'verify-full' to verify the CA.
      */
     sslmode: string;
 }
 export interface GetHyperdriveConfigsResultOrigin {
     /**
-     * The Client ID of the Access token to use when connecting to the origin database.
+     * Defines the Client ID of the Access token to use when connecting to the origin database.
      */
     accessClientId: string;
     /**
-     * The Client Secret of the Access token to use when connecting to the origin database. This value is write-only and never returned by the API.
+     * Defines the Client Secret of the Access Token to use when connecting to the origin database. The API never returns this write-only value.
      */
     accessClientSecret: string;
     /**
-     * The name of your origin database.
+     * Set the name of your origin database.
      */
     database: string;
     /**
-     * The host (hostname or IP) of your origin database.
+     * Defines the host (hostname or IP) of your origin database.
      */
     host: string;
     /**
-     * The password required to access your origin database. This value is write-only and never returned by the API.
+     * Set the password needed to access your origin database. The API never returns this write-only value.
      */
     password: string;
     /**
-     * The port (default: 5432 for Postgres) of your origin database.
+     * Defines the port (default: 5432 for Postgres) of your origin database.
      */
     port: number;
     /**
@@ -8058,7 +8057,7 @@ export interface GetHyperdriveConfigsResultOrigin {
      */
     scheme: string;
     /**
-     * The user of your origin database.
+     * Set the user of your origin database.
      */
     user: string;
 }
@@ -10913,7 +10912,7 @@ export interface GetPagesProjectCanonicalDeploymentDeploymentTriggerMetadata {
 }
 export interface GetPagesProjectCanonicalDeploymentEnvVars {
     /**
-     * Available values: "plainText".
+     * Available values: "plain*text", "secret*text".
      */
     type: string;
     /**
@@ -11108,7 +11107,7 @@ export interface GetPagesProjectDeploymentConfigsPreviewDurableObjectNamespaces
 }
 export interface GetPagesProjectDeploymentConfigsPreviewEnvVars {
     /**
-     * Available values: "plainText".
+     * Available values: "plain*text", "secret*text".
      */
     type: string;
     /**
@@ -11284,7 +11283,7 @@ export interface GetPagesProjectDeploymentConfigsProductionDurableObjectNamespac
 }
 export interface GetPagesProjectDeploymentConfigsProductionEnvVars {
     /**
-     * Available values: "plainText".
+     * Available values: "plain*text", "secret*text".
      */
     type: string;
     /**
@@ -11462,7 +11461,7 @@ export interface GetPagesProjectLatestDeploymentDeploymentTriggerMetadata {
 }
 export interface GetPagesProjectLatestDeploymentEnvVars {
     /**
-     * Available values: "plainText".
+     * Available values: "plain*text", "secret*text".
      */
     type: string;
     /**
@@ -11669,7 +11668,7 @@ export interface GetPagesProjectsResultDeploymentTriggerMetadata {
 }
 export interface GetPagesProjectsResultEnvVars {
     /**
-     * Available values: "plainText".
+     * Available values: "plain*text", "secret*text".
      */
     type: string;
     /**
@@ -11757,7 +11756,7 @@ export interface GetQueueConsumer {
     scriptName: string;
     settings: outputs.GetQueueConsumerSettings;
     /**
-     * Available values: "worker".
+     * Available values: "worker", "httpPull".
      */
     type: string;
 }
@@ -11791,7 +11790,7 @@ export interface GetQueueProducer {
     bucketName: string;
     script: string;
     /**
-     * Available values: "worker".
+     * Available values: "worker", "r2Bucket".
      */
     type: string;
 }
@@ -11840,7 +11839,7 @@ export interface GetQueuesResultConsumer {
     scriptName: string;
     settings: outputs.GetQueuesResultConsumerSettings;
     /**
-     * Available values: "worker".
+     * Available values: "worker", "httpPull".
      */
     type: string;
 }
@@ -11874,7 +11873,7 @@ export interface GetQueuesResultProducer {
     bucketName: string;
     script: string;
     /**
-     * Available values: "worker".
+     * Available values: "worker", "r2Bucket".
      */
     type: string;
 }
@@ -11924,42 +11923,56 @@ export interface GetR2BucketCorsRuleAllowed {
      */
     origins: string[];
 }
-export interface GetR2BucketEventNotificationQueue {
+export interface GetR2BucketEventNotificationAbortMultipartUploadsTransition {
     /**
-     * Queue ID.
+     * Condition for lifecycle transitions to apply after an object reaches an age in seconds.
      */
-    queueId: string;
+    condition: outputs.GetR2BucketEventNotificationAbortMultipartUploadsTransitionCondition;
+}
+export interface GetR2BucketEventNotificationAbortMultipartUploadsTransitionCondition {
+    maxAge: number;
     /**
-     * Name of the queue.
+     * Available values: "Age".
      */
-    queueName: string;
-    rules: outputs.GetR2BucketEventNotificationQueueRule[];
+    type: string;
 }
-export interface GetR2BucketEventNotificationQueueRule {
+export interface GetR2BucketEventNotificationConditions {
     /**
-     * Array of R2 object actions that will trigger notifications.
+     * Transitions will only apply to objects/uploads in the bucket that start with the given prefix, an empty prefix can be provided to scope rule to all objects/uploads.
      */
-    actions: string[];
+    prefix: string;
+}
+export interface GetR2BucketEventNotificationDeleteObjectsTransition {
     /**
-     * Timestamp when the rule was created.
+     * Condition for lifecycle transitions to apply after an object reaches an age in seconds.
      */
-    createdAt: string;
+    condition: outputs.GetR2BucketEventNotificationDeleteObjectsTransitionCondition;
+}
+export interface GetR2BucketEventNotificationDeleteObjectsTransitionCondition {
+    date: string;
+    maxAge: number;
     /**
-     * A description that can be used to identify the event notification rule after creation.
+     * Available values: "Age", "Date".
      */
-    description: string;
+    type: string;
+}
+export interface GetR2BucketEventNotificationStorageClassTransition {
     /**
-     * Notifications will be sent only for objects with this prefix.
+     * Condition for lifecycle transitions to apply after an object reaches an age in seconds.
      */
-    prefix: string;
+    condition: outputs.GetR2BucketEventNotificationStorageClassTransitionCondition;
     /**
-     * Rule ID.
+     * Available values: "InfrequentAccess".
      */
-    ruleId: string;
+    storageClass: string;
+}
+export interface GetR2BucketEventNotificationStorageClassTransitionCondition {
+    date: string;
+    maxAge: number;
     /**
-     * Notifications will be sent only for objects with this suffix.
+     * Available values: "Age", "Date".
      */
-    suffix: string;
+    type: string;
 }
 export interface GetR2BucketLifecycleRule {
     /**
@@ -12016,7 +12029,7 @@ export interface GetR2BucketLifecycleRuleDeleteObjectsTransitionCondition {
     date: string;
     maxAge: number;
     /**
-     * Available values: "Age".
+     * Available values: "Age", "Date".
      */
     type: string;
 }
@@ -12034,7 +12047,7 @@ export interface GetR2BucketLifecycleRuleStorageClassTransitionCondition {
     date: string;
     maxAge: number;
     /**
-     * Available values: "Age".
+     * Available values: "Age", "Date".
      */
     type: string;
 }
@@ -12060,7 +12073,7 @@ export interface GetR2BucketLockRuleCondition {
     date: string;
     maxAgeSeconds: number;
     /**
-     * Available values: "Age".
+     * Available values: "Age", "Date", "Indefinite".
      */
     type: string;
 }
@@ -12510,7 +12523,7 @@ export interface GetResourceGroupsResultScopeObject {
 export interface GetRulesetRule {
     /**
      * The action to perform when the rule matches.
-     * Available values: "block".
+     * Available values: "block", "challenge", "compress*response", "execute", "js*challenge", "log", "managed*challenge", "redirect", "rewrite", "route", "score", "serve*error", "set*config", "skip", "set*cache*settings", "log*custom*field", "ddos*dynamic", "force*connection*close".
      */
     action: string;
     /**
@@ -12687,7 +12700,7 @@ export interface GetRulesetRuleActionParameters {
      */
     overrides: outputs.GetRulesetRuleActionParametersOverrides;
     /**
-     * A list of phases to skip the execution of. This option is incompatible with the rulesets options.
+     * A list of phases to skip the execution of. This option is incompatible with the rulesets option.
      */
     phases: string[];
     /**
@@ -12734,7 +12747,7 @@ export interface GetRulesetRuleActionParameters {
         [key: string]: string[];
     };
     /**
-     * A ruleset to skip the execution of. This option is incompatible with the rulesets, rules. It can be incompatible with phases options base on the phase of the ruleset.
+     * A ruleset to skip the execution of. This option is incompatible with the rulesets option.
      * Available values: "current".
      */
     ruleset: string;
@@ -13023,7 +13036,7 @@ export interface GetRulesetRuleActionParametersHeaders {
      */
     expression: string;
     /**
-     * Available values: "remove".
+     * Available values: "remove", "add", "set".
      */
     operation: string;
     /**
@@ -13231,7 +13244,6 @@ export interface GetRulesetRuleRatelimit {
     mitigationTimeout: number;
     /**
      * Period in seconds over which the counter is being incremented.
-     * Available values: 10, 60, 600, 3600.
      */
     period: number;
     /**
@@ -13321,7 +13333,7 @@ export interface GetSpectrumApplicationEdgeIps {
     ips: string[];
     /**
      * The type of edge IP configuration specified. Dynamically allocated edge IPs use Spectrum anycast IPs in accordance with the connectivity you specify. Only valid with CNAME DNS names.
-     * Available values: "dynamic".
+     * Available values: "dynamic", "static".
      */
     type: string;
 }
@@ -13779,8 +13791,8 @@ export interface GetTurnstileWidgetsResult {
      */
     offlabel: boolean;
     /**
-     * Region where this widget can be used.
-     * Available values: "world".
+     * Region where this widget can be used. This cannot be changed after creation.
+     * Available values: "world", "china".
      */
     region: string;
     /**
@@ -13962,7 +13974,7 @@ export interface GetWaitingRoomsResult {
      * 8. `queueIsFull`: Boolean indicating if the waiting room's queue is currently full and not accepting new users at the moment.
      * 9. `queueAll`: Boolean indicating if all users will be queued in the waiting room and no one will be let into the origin website.
      * 10. `lastUpdated`: String displaying the timestamp as an ISO 8601 string of the user's last attempt to leave the waiting room and be let into the origin website. The user is able to make another attempt after `refreshIntervalSeconds` past this time. If the user makes a request too soon, it will be ignored and `lastUpdated` will not change.
-     * 11. `refreshIntervalSeconds`: Integer indicating the number of seconds after `lastUpdated` until the user is able to make another attempt to leave the waiting room and be let into the origin website. When the `queueingMethod` is `reject`, there is no specified refresh time — it will always be **zero**.
+     * 11. `refreshIntervalSeconds`: Integer indicating the number of seconds after `lastUpdated` until the user is able to make another attempt to leave the waiting room and be let into the origin website. When the `queueingMethod` is `reject`, there is no specified refresh time —\_it will always be **zero**.
      * 12. `queueingMethod`: The queueing method currently used by the waiting room. It is either **fifo**, **random**, **passthrough**, or **reject**.
      * 13. `isFIFOQueue`: Boolean indicating if the waiting room uses a FIFO (First-In-First-Out) queue.
      * 14. `isRandomQueue`: Boolean indicating if the waiting room uses a Random queue where users gain access randomly.
@@ -13975,6 +13987,8 @@ export interface GetWaitingRoomsResult {
      * 21. `timeUntilEventEnd`: Valid only when `isEventActive` is **true**. Integer indicating the number of minutes until the event ends.
      * 22. `timeUntilEventEndFormatted`: String displaying the `timeUntilEventEnd` formatted in English for users. If `isEventActive` is **false**, `timeUntilEventEndFormatted` will display **unavailable**.
      * 23. `shuffleAtEventStart`: Valid only when `isEventActive` is **true**. Boolean indicating if the users in the prequeue are shuffled randomly when the event starts.
+     * 24. `turnstile`: Empty when turnstile isn't enabled. String displaying an html tag to display the Turnstile widget. Please add the `{{{turnstile}}}` tag to the `customHtml` template to ensure the Turnstile widget appears.
+     * 25. `infiniteQueue`: Boolean indicating whether the response is for a user in the infinite queue.
      *
      * An example cURL to a waiting room could be:
      *
@@ -14039,7 +14053,7 @@ export interface GetWaitingRoomsResult {
      * 			"timeUntilEventEndFormatted": "15 minutes",
      * 			"shuffleAtEventStart": true
      * 		}
-     * 	}.
+     * 	}
      */
     jsonResponseEnabled: boolean;
     modifiedOn: string;
@@ -14374,7 +14388,7 @@ export interface GetWorkersForPlatformsDispatchNamespacesResult {
      */
     namespaceName: string;
     /**
-     * The current number of scripts in this Dispatch Namespace
+     * The current number of scripts in this Dispatch Namespace.
      */
     scriptCount: number;
 }
@@ -14562,7 +14576,7 @@ export interface GetZeroTrustAccessApplicationDestination {
      */
     portRange: string;
     /**
-     * Available values: "public".
+     * Available values: "public", "private".
      */
     type: string;
     /**
@@ -15500,7 +15514,7 @@ export interface GetZeroTrustAccessApplicationScimConfigAuthentication {
     password: string;
     /**
      * The authentication scheme to use when making SCIM requests to this application.
-     * Available values: "httpbasic".
+     * Available values: "httpbasic", "oauthbearertoken", "oauth2", "access*service*token".
      */
     scheme: string;
     /**
@@ -15708,7 +15722,7 @@ export interface GetZeroTrustAccessApplicationsResult {
      */
     serviceAuth401Redirect: boolean;
     /**
-     * The amount of time that tokens issued for this application will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h.
+     * The amount of time that tokens issued for this application will be valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. Note: unsupported for infrastructure type applications.
      */
     sessionDuration: string;
     /**
@@ -15783,7 +15797,7 @@ export interface GetZeroTrustAccessApplicationsResultDestination {
      */
     portRange: string;
     /**
-     * Available values: "public".
+     * Available values: "public", "private".
      */
     type: string;
     /**
@@ -16703,7 +16717,7 @@ export interface GetZeroTrustAccessApplicationsResultScimConfigAuthentication {
     password: string;
     /**
      * The authentication scheme to use when making SCIM requests to this application.
-     * Available values: "httpbasic".
+     * Available values: "httpbasic", "oauthbearertoken", "oauth2", "access*service*token".
      */
     scheme: string;
     /**
@@ -20211,11 +20225,11 @@ export interface GetZeroTrustDeviceCustomProfileServiceModeV2 {
 }
 export interface GetZeroTrustDeviceCustomProfileTargetTest {
     /**
-     * The id of the DEX test targeting this policy
+     * The id of the DEX test targeting this policy.
      */
     id: string;
     /**
-     * The name of the DEX test targeting this policy
+     * The name of the DEX test targeting this policy.
      */
     name: string;
 }
@@ -20279,7 +20293,7 @@ export interface GetZeroTrustDeviceCustomProfilesResult {
      */
     lanAllowSubnetSize: number;
     /**
-     * The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service*token*uuid", "identity.saml_attributes", "network", "os.name", "os.version"
+     * The wirefilter expression to match devices. Available values: "identity.email", "identity.groups.id", "identity.groups.name", "identity.groups.email", "identity.service*token*uuid", "identity.saml_attributes", "network", "os.name", "os.version".
      */
     match: string;
     /**
@@ -20295,6 +20309,10 @@ export interface GetZeroTrustDeviceCustomProfilesResult {
      * Determines if the operating system will register WARP's local interface IP with your on-premises DNS server.
      */
     registerInterfaceIpWithDns: boolean;
+    /**
+     * Determines whether the WARP client indicates to SCCM that it is inside a VPN boundary. (Windows only).
+     */
+    sccmVpnBoundarySupport: boolean;
     serviceModeV2: outputs.GetZeroTrustDeviceCustomProfilesResultServiceModeV2;
     /**
      * The URL to launch when the Send Feedback button is clicked.
@@ -20364,11 +20382,11 @@ export interface GetZeroTrustDeviceCustomProfilesResultServiceModeV2 {
 }
 export interface GetZeroTrustDeviceCustomProfilesResultTargetTest {
     /**
-     * The id of the DEX test targeting this policy
+     * The id of the DEX test targeting this policy.
      */
     id: string;
     /**
-     * The name of the DEX test targeting this policy
+     * The name of the DEX test targeting this policy.
      */
     name: string;
 }
@@ -20496,7 +20514,7 @@ export interface GetZeroTrustDevicePostureIntegrationsResult {
     name: string;
     /**
      * The type of device posture integration.
-     * Available values: "workspace*one", "crowdstrike*s2s", "uptycs", "intune", "kolide", "tanium", "sentinelone*s2s", "custom*s2s".
+     * Available values: "workspace*one", "crowdstrike*s2s", "uptycs", "intune", "kolide", "tanium*s2s", "sentinelone*s2s", "customS2s".
      */
     type: string;
 }
@@ -20532,12 +20550,12 @@ export interface GetZeroTrustDevicePostureRuleInput {
      */
     checkPrivateKey: boolean;
     /**
-     * Common Name that is protected by the certificate
+     * Common Name that is protected by the certificate.
      */
     cn: string;
     /**
-     * Compliance Status
-     * Available values: "compliant", "noncompliant", "unknown".
+     * Compliance Status.
+     * Available values: "compliant", "noncompliant", "unknown", "notapplicable", "ingraceperiod", "error".
      */
     complianceStatus: string;
     /**
@@ -20545,12 +20563,12 @@ export interface GetZeroTrustDevicePostureRuleInput {
      */
     connectionId: string;
     /**
-     * Count Operator
+     * Count Operator.
      * Available values: "<", "<=", ">", ">=", "==".
      */
     countOperator: string;
     /**
-     * Domain
+     * Domain.
      */
     domain: string;
     /**
@@ -20558,15 +20576,15 @@ export interface GetZeroTrustDevicePostureRuleInput {
      */
     eidLastSeen: string;
     /**
-     * Enabled
+     * Enabled.
      */
     enabled: boolean;
     /**
-     * Whether or not file exists
+     * Whether or not file exists.
      */
     exists: boolean;
     /**
-     * List of values indicating purposes for which the certificate public key can be used
+     * List of values indicating purposes for which the certificate public key can be used.
      */
     extendedKeyUsages: string[];
     /**
@@ -20596,8 +20614,8 @@ export interface GetZeroTrustDevicePostureRuleInput {
      */
     networkStatus: string;
     /**
-     * Operating system
-     * Available values: "windows", "linux", "mac".
+     * Operating system.
+     * Available values: "windows", "linux", "mac", "android", "ios", "chromeos".
      */
     operatingSystem: string;
     /**
@@ -20606,28 +20624,28 @@ export interface GetZeroTrustDevicePostureRuleInput {
      */
     operationalState: string;
     /**
-     * operator
+     * Operator.
      * Available values: "<", "<=", ">", ">=", "==".
      */
     operator: string;
     /**
-     * Os Version
+     * Os Version.
      */
     os: string;
     /**
-     * Operating System Distribution Name (linux only)
+     * Operating System Distribution Name (linux only).
      */
     osDistroName: string;
     /**
-     * Version of OS Distribution (linux only)
+     * Version of OS Distribution (linux only).
      */
     osDistroRevision: string;
     /**
-     * Additional version data. For Mac or iOS, the Product Version Extra. For Linux, the kernel release version. (Mac, iOS, and Linux only)
+     * Additional version data. For Mac or iOS, the Product Version Extra. For Linux, the kernel release version. (Mac, iOS, and Linux only).
      */
     osVersionExtra: string;
     /**
-     * overall
+     * Overall.
      */
     overall: string;
     /**
@@ -20648,12 +20666,12 @@ export interface GetZeroTrustDevicePostureRuleInput {
      */
     score: number;
     /**
-     * Score Operator
+     * Score Operator.
      * Available values: "<", "<=", ">", ">=", "==".
      */
     scoreOperator: string;
     /**
-     * SensorConfig
+     * SensorConfig.
      */
     sensorConfig: string;
     /**
@@ -20674,11 +20692,11 @@ export interface GetZeroTrustDevicePostureRuleInput {
      */
     totalScore: number;
     /**
-     * Version of OS
+     * Version of OS.
      */
     version: string;
     /**
-     * Version Operator
+     * Version Operator.
      * Available values: "<", "<=", ">", ">=", "==".
      */
     versionOperator: string;
@@ -20730,7 +20748,7 @@ export interface GetZeroTrustDevicePostureRulesResult {
     schedule: string;
     /**
      * The type of device posture rule.
-     * Available values: "file", "application", "tanium", "gateway", "warp", "disk*encryption", "sentinelone", "carbonblack", "firewall", "os*version", "domain*joined", "client*certificate", "client*certificate*v2", "unique*client*id", "kolide", "tanium*s2s", "crowdstrike*s2s", "intune", "workspace*one", "sentinelone*s2s", "customS2s".
+     * Available values: "file", "application", "tanium", "gateway", "warp", "disk*encryption", "serial*number", "sentinelone", "carbonblack", "firewall", "os*version", "domain*joined", "client*certificate", "client*certificate*v2", "unique*client*id", "kolide", "tanium*s2s", "crowdstrike*s2s", "intune", "workspace*one", "sentinelone*s2s", "custom*s2s".
      */
     type: string;
 }
@@ -20752,12 +20770,12 @@ export interface GetZeroTrustDevicePostureRulesResultInput {
      */
     checkPrivateKey: boolean;
     /**
-     * Common Name that is protected by the certificate
+     * Common Name that is protected by the certificate.
      */
     cn: string;
     /**
-     * Compliance Status
-     * Available values: "compliant", "noncompliant", "unknown".
+     * Compliance Status.
+     * Available values: "compliant", "noncompliant", "unknown", "notapplicable", "ingraceperiod", "error".
      */
     complianceStatus: string;
     /**
@@ -20765,12 +20783,12 @@ export interface GetZeroTrustDevicePostureRulesResultInput {
      */
     connectionId: string;
     /**
-     * Count Operator
+     * Count Operator.
      * Available values: "<", "<=", ">", ">=", "==".
      */
     countOperator: string;
     /**
-     * Domain
+     * Domain.
      */
     domain: string;
     /**
@@ -20778,15 +20796,15 @@ export interface GetZeroTrustDevicePostureRulesResultInput {
      */
     eidLastSeen: string;
     /**
-     * Enabled
+     * Enabled.
      */
     enabled: boolean;
     /**
-     * Whether or not file exists
+     * Whether or not file exists.
      */
     exists: boolean;
     /**
-     * List of values indicating purposes for which the certificate public key can be used
+     * List of values indicating purposes for which the certificate public key can be used.
      */
     extendedKeyUsages: string[];
     /**
@@ -20816,8 +20834,8 @@ export interface GetZeroTrustDevicePostureRulesResultInput {
      */
     networkStatus: string;
     /**
-     * Operating system
-     * Available values: "windows", "linux", "mac".
+     * Operating system.
+     * Available values: "windows", "linux", "mac", "android", "ios", "chromeos".
      */
     operatingSystem: string;
     /**
@@ -20826,28 +20844,28 @@ export interface GetZeroTrustDevicePostureRulesResultInput {
      */
     operationalState: string;
     /**
-     * operator
+     * Operator.
      * Available values: "<", "<=", ">", ">=", "==".
      */
     operator: string;
     /**
-     * Os Version
+     * Os Version.
      */
     os: string;
     /**
-     * Operating System Distribution Name (linux only)
+     * Operating System Distribution Name (linux only).
      */
     osDistroName: string;
     /**
-     * Version of OS Distribution (linux only)
+     * Version of OS Distribution (linux only).
      */
     osDistroRevision: string;
     /**
-     * Additional version data. For Mac or iOS, the Product Version Extra. For Linux, the kernel release version. (Mac, iOS, and Linux only)
+     * Additional version data. For Mac or iOS, the Product Version Extra. For Linux, the kernel release version. (Mac, iOS, and Linux only).
      */
     osVersionExtra: string;
     /**
-     * overall
+     * Overall.
      */
     overall: string;
     /**
@@ -20868,12 +20886,12 @@ export interface GetZeroTrustDevicePostureRulesResultInput {
      */
     score: number;
     /**
-     * Score Operator
+     * Score Operator.
      * Available values: "<", "<=", ">", ">=", "==".
      */
     scoreOperator: string;
     /**
-     * SensorConfig
+     * SensorConfig.
      */
     sensorConfig: string;
     /**
@@ -20894,11 +20912,11 @@ export interface GetZeroTrustDevicePostureRulesResultInput {
      */
     totalScore: number;
     /**
-     * Version of OS
+     * Version of OS.
      */
     version: string;
     /**
-     * Version Operator
+     * Version Operator.
      * Available values: "<", "<=", ">", ">=", "==".
      */
     versionOperator: string;
@@ -20919,6 +20937,93 @@ export interface GetZeroTrustDevicePostureRulesResultMatch {
      */
     platform: string;
 }
+export interface GetZeroTrustDexTestData {
+    /**
+     * The desired endpoint to test.
+     */
+    host: string;
+    /**
+     * The type of test.
+     */
+    kind: string;
+    /**
+     * The HTTP request method type.
+     */
+    method: string;
+}
+export interface GetZeroTrustDexTestTargetPolicy {
+    /**
+     * Whether the DEX rule is the account default
+     */
+    default: boolean;
+    /**
+     * The id of the DEX rule
+     */
+    id: string;
+    /**
+     * The name of the DEX rule
+     */
+    name: string;
+}
+export interface GetZeroTrustDexTestsResult {
+    /**
+     * The configuration object which contains the details for the WARP client to conduct the test.
+     */
+    data: outputs.GetZeroTrustDexTestsResultData;
+    /**
+     * Additional details about the test.
+     */
+    description: string;
+    /**
+     * Determines whether or not the test is active.
+     */
+    enabled: boolean;
+    /**
+     * How often the test will run.
+     */
+    interval: string;
+    /**
+     * The name of the DEX test. Must be unique.
+     */
+    name: string;
+    /**
+     * DEX rules targeted by this test
+     */
+    targetPolicies: outputs.GetZeroTrustDexTestsResultTargetPolicy[];
+    targeted: boolean;
+    /**
+     * The unique identifier for the test.
+     */
+    testId: string;
+}
+export interface GetZeroTrustDexTestsResultData {
+    /**
+     * The desired endpoint to test.
+     */
+    host: string;
+    /**
+     * The type of test.
+     */
+    kind: string;
+    /**
+     * The HTTP request method type.
+     */
+    method: string;
+}
+export interface GetZeroTrustDexTestsResultTargetPolicy {
+    /**
+     * Whether the DEX rule is the account default
+     */
+    default: boolean;
+    /**
+     * The id of the DEX rule
+     */
+    id: string;
+    /**
+     * The name of the DEX rule
+     */
+    name: string;
+}
 export interface GetZeroTrustDlpCustomProfileContextAwareness {
     /**
      * If true, scan the context of predefined entries to only return matches surrounded by keywords.
@@ -20951,7 +21056,7 @@ export interface GetZeroTrustDlpCustomProfileEntry {
     profileId: string;
     secret: boolean;
     /**
-     * Available values: "custom".
+     * Available values: "custom", "predefined", "integration", "exact*data", "word*list".
      */
     type: string;
     updatedAt: string;
@@ -21049,7 +21154,7 @@ export interface GetZeroTrustDlpEntriesResult {
     profileId: string;
     secret: boolean;
     /**
-     * Available values: "custom".
+     * Available values: "custom", "predefined", "integration", "exact*data", "word*list".
      */
     type: string;
     updatedAt: string;
@@ -21125,7 +21230,7 @@ export interface GetZeroTrustDlpPredefinedProfileEntry {
     profileId: string;
     secret: boolean;
     /**
-     * Available values: "custom".
+     * Available values: "custom", "predefined", "integration", "exact*data", "word*list".
      */
     type: string;
     updatedAt: string;
@@ -21527,9 +21632,6 @@ export interface GetZeroTrustGatewayPoliciesResult {
      * The name of the rule.
      */
     name: string;
-    /**
-     * Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable rules are evaluated in ascending order of this value.
-     */
     precedence: number;
     /**
      * Additional settings that modify the rule's action.
@@ -23193,7 +23295,7 @@ export interface GetZoneFilterAccount {
 export interface GetZoneLockdownConfiguration {
     /**
      * The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule.
-     * Available values: "ip".
+     * Available values: "ip", "ipRange".
      */
     target: string;
     /**
@@ -23272,7 +23374,7 @@ export interface GetZoneLockdownsResult {
 export interface GetZoneLockdownsResultConfiguration {
     /**
      * The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule.
-     * Available values: "ip".
+     * Available values: "ip", "ipRange".
      */
     target: string;
     /**
@@ -23321,6 +23423,64 @@ export interface GetZoneOwner {
      */
     type: string;
 }
+export interface GetZonePlan {
+    /**
+     * States if the subscription can be activated.
+     */
+    canSubscribe: boolean;
+    /**
+     * The denomination of the customer.
+     */
+    currency: string;
+    /**
+     * If this Zone is managed by another company.
+     */
+    externallyManaged: boolean;
+    /**
+     * How often the customer is billed.
+     */
+    frequency: string;
+    /**
+     * Identifier
+     */
+    id: string;
+    /**
+     * States if the subscription active.
+     */
+    isSubscribed: boolean;
+    /**
+     * If the legacy discount applies to this Zone.
+     */
+    legacyDiscount: boolean;
+    /**
+     * The legacy name of the plan.
+     */
+    legacyId: string;
+    /**
+     * Name of the owner
+     */
+    name: string;
+    /**
+     * How much the customer is paying.
+     */
+    price: number;
+}
+export interface GetZoneTenant {
+    /**
+     * Identifier
+     */
+    id: string;
+    /**
+     * The name of the Tenant account.
+     */
+    name: string;
+}
+export interface GetZoneTenantUnit {
+    /**
+     * Identifier
+     */
+    id: string;
+}
 export interface GetZonesAccount {
     /**
      * An account ID
@@ -23349,6 +23509,11 @@ export interface GetZonesResult {
      * active
      */
     activatedOn: string;
+    /**
+     * Allows the customer to use a custom apex.
+     * *Tenants Only Configuration*.
+     */
+    cnameSuffix: string;
     /**
      * When the zone was created
      */
@@ -23401,11 +23566,31 @@ export interface GetZonesResult {
      * benefits.
      */
     paused: boolean;
+    /**
+     * Legacy permissions based on legacy user membership information.
+     *
+     * @deprecated This attribute is deprecated.
+     */
+    permissions: string[];
+    /**
+     * A Zones subscription information.
+     *
+     * @deprecated This attribute is deprecated.
+     */
+    plan: outputs.GetZonesResultPlan;
     /**
      * The zone status on Cloudflare.
      * Available values: "initializing", "pending", "active", "moved".
      */
     status: string;
+    /**
+     * The root organizational unit that this zone belongs to (such as a tenant or organization).
+     */
+    tenant: outputs.GetZonesResultTenant;
+    /**
+     * The immediate parent organizational unit that this zone belongs to (such as under a tenant or sub-organization).
+     */
+    tenantUnit: outputs.GetZonesResultTenantUnit;
     /**
      * A full zone implies that DNS is hosted with Cloudflare. A partial zone is
      * typically a partner-hosted zone or a CNAME setup.
@@ -23472,6 +23657,64 @@ export interface GetZonesResultOwner {
      */
     type: string;
 }
+export interface GetZonesResultPlan {
+    /**
+     * States if the subscription can be activated.
+     */
+    canSubscribe: boolean;
+    /**
+     * The denomination of the customer.
+     */
+    currency: string;
+    /**
+     * If this Zone is managed by another company.
+     */
+    externallyManaged: boolean;
+    /**
+     * How often the customer is billed.
+     */
+    frequency: string;
+    /**
+     * Identifier
+     */
+    id: string;
+    /**
+     * States if the subscription active.
+     */
+    isSubscribed: boolean;
+    /**
+     * If the legacy discount applies to this Zone.
+     */
+    legacyDiscount: boolean;
+    /**
+     * The legacy name of the plan.
+     */
+    legacyId: string;
+    /**
+     * Name of the owner
+     */
+    name: string;
+    /**
+     * How much the customer is paying.
+     */
+    price: number;
+}
+export interface GetZonesResultTenant {
+    /**
+     * Identifier
+     */
+    id: string;
+    /**
+     * The name of the Tenant account.
+     */
+    name: string;
+}
+export interface GetZonesResultTenantUnit {
+    /**
+     * Identifier
+     */
+    id: string;
+}
 export interface HealthcheckHttpConfig {
     /**
      * Do not validate the certificate when the health check uses HTTPS.
@@ -23522,55 +23765,55 @@ export interface HealthcheckTcpConfig {
 }
 export interface HyperdriveConfigCaching {
     /**
-     * When set to true, disables the caching of SQL responses. (Default: false)
+     * Set to true to disable caching of SQL responses. Default is false.
      */
     disabled: boolean;
     /**
-     * When present, specifies max duration for which items should persist in the cache. Not returned if set to default. (Default: 60)
+     * Specify the maximum duration items should persist in the cache. Not returned if set to the default (60).
      */
     maxAge?: number;
     /**
-     * When present, indicates the number of seconds cache may serve the response after it becomes stale. Not returned if set to default. (Default: 15)
+     * Specify the number of seconds the cache may serve a stale response. Omitted if set to the default (15).
      */
     staleWhileRevalidate?: number;
 }
 export interface HyperdriveConfigMtls {
     /**
-     * CA certificate ID
+     * Define CA certificate ID obtained after uploading CA cert.
      */
     caCertificateId?: string;
     /**
-     * mTLS certificate ID
+     * Define mTLS certificate ID obtained after uploading client cert.
      */
     mtlsCertificateId?: string;
     /**
-     * SSL mode used for CA verification. Must be 'require', 'verify-ca', or 'verify-full'
+     * Set SSL mode to 'require', 'verify-ca', or 'verify-full' to verify the CA.
      */
     sslmode?: string;
 }
 export interface HyperdriveConfigOrigin {
     /**
-     * The Client ID of the Access token to use when connecting to the origin database.
+     * Defines the Client ID of the Access token to use when connecting to the origin database.
      */
     accessClientId?: string;
     /**
-     * The Client Secret of the Access token to use when connecting to the origin database. This value is write-only and never returned by the API.
+     * Defines the Client Secret of the Access Token to use when connecting to the origin database. The API never returns this write-only value.
      */
     accessClientSecret?: string;
     /**
-     * The name of your origin database.
+     * Set the name of your origin database.
      */
     database: string;
     /**
-     * The host (hostname or IP) of your origin database.
+     * Defines the host (hostname or IP) of your origin database.
      */
     host: string;
     /**
-     * The password required to access your origin database. This value is write-only and never returned by the API.
+     * Set the password needed to access your origin database. The API never returns this write-only value.
      */
     password: string;
     /**
-     * The port (default: 5432 for Postgres) of your origin database.
+     * Defines the port (default: 5432 for Postgres) of your origin database.
      */
     port?: number;
     /**
@@ -23579,7 +23822,7 @@ export interface HyperdriveConfigOrigin {
      */
     scheme: string;
     /**
-     * The user of your origin database.
+     * Set the user of your origin database.
      */
     user: string;
 }
@@ -25177,9 +25420,9 @@ export interface PageRuleActions {
 export interface PageRuleActionsCacheKeyFields {
     cookie?: outputs.PageRuleActionsCacheKeyFieldsCookie;
     header?: outputs.PageRuleActionsCacheKeyFieldsHeader;
-    host?: outputs.PageRuleActionsCacheKeyFieldsHost;
+    host: outputs.PageRuleActionsCacheKeyFieldsHost;
     queryString?: outputs.PageRuleActionsCacheKeyFieldsQueryString;
-    user?: outputs.PageRuleActionsCacheKeyFieldsUser;
+    user: outputs.PageRuleActionsCacheKeyFieldsUser;
 }
 export interface PageRuleActionsCacheKeyFieldsCookie {
     checkPresences: string[];
@@ -25191,16 +25434,16 @@ export interface PageRuleActionsCacheKeyFieldsHeader {
     includes: string[];
 }
 export interface PageRuleActionsCacheKeyFieldsHost {
-    resolved?: boolean;
+    resolved: boolean;
 }
 export interface PageRuleActionsCacheKeyFieldsQueryString {
     excludes: string[];
     includes: string[];
 }
 export interface PageRuleActionsCacheKeyFieldsUser {
-    deviceType?: boolean;
-    geo?: boolean;
-    lang?: boolean;
+    deviceType: boolean;
+    geo: boolean;
+    lang: boolean;
 }
 export interface PageRuleActionsForwardingUrl {
     statusCode: number;
@@ -25371,7 +25614,7 @@ export interface PagesProjectCanonicalDeploymentDeploymentTriggerMetadata {
 }
 export interface PagesProjectCanonicalDeploymentEnvVars {
     /**
-     * Available values: "plainText".
+     * Available values: "plain*text", "secret*text".
      */
     type: string;
     /**
@@ -25566,7 +25809,7 @@ export interface PagesProjectDeploymentConfigsPreviewDurableObjectNamespaces {
 }
 export interface PagesProjectDeploymentConfigsPreviewEnvVars {
     /**
-     * Available values: "plainText".
+     * Available values: "plain*text", "secret*text".
      */
     type: string;
     /**
@@ -25742,7 +25985,7 @@ export interface PagesProjectDeploymentConfigsProductionDurableObjectNamespaces
 }
 export interface PagesProjectDeploymentConfigsProductionEnvVars {
     /**
-     * Available values: "plainText".
+     * Available values: "plain*text", "secret*text".
      */
     type: string;
     /**
@@ -25920,7 +26163,7 @@ export interface PagesProjectLatestDeploymentDeploymentTriggerMetadata {
 }
 export interface PagesProjectLatestDeploymentEnvVars {
     /**
-     * Available values: "plainText".
+     * Available values: "plain*text", "secret*text".
      */
     type: string;
     /**
@@ -26028,7 +26271,7 @@ export interface QueueConsumer {
     scriptName: string;
     settings: outputs.QueueConsumerSettings;
     /**
-     * Available values: "worker".
+     * Available values: "worker", "httpPull".
      */
     type: string;
 }
@@ -26062,7 +26305,7 @@ export interface QueueProducer {
     bucketName: string;
     script: string;
     /**
-     * Available values: "worker".
+     * Available values: "worker", "r2Bucket".
      */
     type: string;
 }
@@ -26222,7 +26465,7 @@ export interface R2BucketLifecycleRuleDeleteObjectsTransitionCondition {
     date?: string;
     maxAge?: number;
     /**
-     * Available values: "Age".
+     * Available values: "Age", "Date".
      */
     type: string;
 }
@@ -26240,7 +26483,7 @@ export interface R2BucketLifecycleRuleStorageClassTransitionCondition {
     date?: string;
     maxAge?: number;
     /**
-     * Available values: "Age".
+     * Available values: "Age", "Date".
      */
     type: string;
 }
@@ -26266,7 +26509,7 @@ export interface R2BucketLockRuleCondition {
     date?: string;
     maxAgeSeconds?: number;
     /**
-     * Available values: "Age".
+     * Available values: "Age", "Date", "Indefinite".
      */
     type: string;
 }
@@ -26305,7 +26548,7 @@ export interface R2BucketSippySource {
      */
     clientEmail?: string;
     /**
-     * Available values: "aws".
+     * Available values: "aws", "gcs".
      */
     cloudProvider?: string;
     /**
@@ -26583,7 +26826,7 @@ export interface RiskBehaviorBehaviors {
 export interface RulesetRule {
     /**
      * The action to perform when the rule matches.
-     * Available values: "block".
+     * Available values: "block", "challenge", "compress*response", "execute", "js*challenge", "log", "managed*challenge", "redirect", "rewrite", "route", "score", "serve*error", "set*config", "skip", "set*cache*settings", "log*custom*field", "ddos*dynamic", "force*connection*close".
      */
     action?: string;
     /**
@@ -26760,7 +27003,7 @@ export interface RulesetRuleActionParameters {
      */
     overrides?: outputs.RulesetRuleActionParametersOverrides;
     /**
-     * A list of phases to skip the execution of. This option is incompatible with the rulesets options.
+     * A list of phases to skip the execution of. This option is incompatible with the rulesets option.
      */
     phases?: string[];
     /**
@@ -26807,7 +27050,7 @@ export interface RulesetRuleActionParameters {
         [key: string]: string[];
     };
     /**
-     * A ruleset to skip the execution of. This option is incompatible with the rulesets, rules. It can be incompatible with phases options base on the phase of the ruleset.
+     * A ruleset to skip the execution of. This option is incompatible with the rulesets option.
      * Available values: "current".
      */
     ruleset?: string;
@@ -27096,7 +27339,7 @@ export interface RulesetRuleActionParametersHeaders {
      */
     expression?: string;
     /**
-     * Available values: "remove".
+     * Available values: "remove", "add", "set".
      */
     operation: string;
     /**
@@ -27304,7 +27547,6 @@ export interface RulesetRuleRatelimit {
     mitigationTimeout?: number;
     /**
      * Period in seconds over which the counter is being incremented.
-     * Available values: 10, 60, 600, 3600.
      */
     period: number;
     /**
@@ -27362,7 +27604,7 @@ export interface SpectrumApplicationEdgeIps {
     ips?: string[];
     /**
      * The type of edge IP configuration specified. Dynamically allocated edge IPs use Spectrum anycast IPs in accordance with the connectivity you specify. Only valid with CNAME DNS names.
-     * Available values: "dynamic".
+     * Available values: "dynamic", "static".
      */
     type?: string;
 }
@@ -27659,11 +27901,11 @@ export interface TeamsAccountSettings {
     /**
      * Activity log settings.
      */
-    activityLog: outputs.TeamsAccountSettingsActivityLog;
+    activityLog?: outputs.TeamsAccountSettingsActivityLog;
     /**
      * Anti-virus settings.
      */
-    antivirus: outputs.TeamsAccountSettingsAntivirus;
+    antivirus?: outputs.TeamsAccountSettingsAntivirus;
     /**
      * Block page layout settings.
      */
@@ -27675,7 +27917,7 @@ export interface TeamsAccountSettings {
     /**
      * Browser isolation settings.
      */
-    browserIsolation: outputs.TeamsAccountSettingsBrowserIsolation;
+    browserIsolation?: outputs.TeamsAccountSettingsBrowserIsolation;
     /**
      * Certificate settings for Gateway TLS interception. If not specified, the Cloudflare Root CA will be used.
      */
@@ -27689,11 +27931,11 @@ export interface TeamsAccountSettings {
     /**
      * Extended e-mail matching settings.
      */
-    extendedEmailMatching: outputs.TeamsAccountSettingsExtendedEmailMatching;
+    extendedEmailMatching?: outputs.TeamsAccountSettingsExtendedEmailMatching;
     /**
      * FIPS settings.
      */
-    fips: outputs.TeamsAccountSettingsFips;
+    fips?: outputs.TeamsAccountSettingsFips;
     /**
      * Setting to enable host selector in egress policies.
      */
@@ -27701,49 +27943,49 @@ export interface TeamsAccountSettings {
     /**
      * Protocol Detection settings.
      */
-    protocolDetection: outputs.TeamsAccountSettingsProtocolDetection;
+    protocolDetection?: outputs.TeamsAccountSettingsProtocolDetection;
     /**
      * Sandbox settings.
      */
-    sandbox: outputs.TeamsAccountSettingsSandbox;
+    sandbox?: outputs.TeamsAccountSettingsSandbox;
     /**
      * TLS interception settings.
      */
-    tlsDecrypt: outputs.TeamsAccountSettingsTlsDecrypt;
+    tlsDecrypt?: outputs.TeamsAccountSettingsTlsDecrypt;
 }
 export interface TeamsAccountSettingsActivityLog {
     /**
      * Enable activity logging.
      */
-    enabled: boolean;
+    enabled?: boolean;
 }
 export interface TeamsAccountSettingsAntivirus {
     /**
      * Enable anti-virus scanning on downloads.
      */
-    enabledDownloadPhase: boolean;
+    enabledDownloadPhase?: boolean;
     /**
      * Enable anti-virus scanning on uploads.
      */
-    enabledUploadPhase: boolean;
+    enabledUploadPhase?: boolean;
     /**
      * Block requests for files that cannot be scanned.
      */
-    failClosed: boolean;
+    failClosed?: boolean;
     /**
      * Configure a message to display on the user's device when an antivirus search is performed.
      */
-    notificationSettings: outputs.TeamsAccountSettingsAntivirusNotificationSettings;
+    notificationSettings?: outputs.TeamsAccountSettingsAntivirusNotificationSettings;
 }
 export interface TeamsAccountSettingsAntivirusNotificationSettings {
     /**
      * Set notification on
      */
-    enabled: boolean;
+    enabled?: boolean;
     /**
      * If true, context information will be passed as query parameters
      */
-    includeContext: boolean;
+    includeContext?: boolean;
     /**
      * Customize the message shown in the notification.
      */
@@ -27757,35 +27999,35 @@ export interface TeamsAccountSettingsBlockPage {
     /**
      * If mode is customized*block*page: block page background color in #rrggbb format.
      */
-    backgroundColor: string;
+    backgroundColor?: string;
     /**
      * Enable only cipher suites and TLS versions compliant with FIPS 140-2.
      */
-    enabled: boolean;
+    enabled?: boolean;
     /**
      * If mode is customized*block*page: block page footer text.
      */
-    footerText: string;
+    footerText?: string;
     /**
      * If mode is customized*block*page: block page header text.
      */
-    headerText: string;
+    headerText?: string;
     /**
      * If mode is redirect*uri: when enabled, context will be appended to target*uri as query parameters.
      */
-    includeContext: boolean;
+    includeContext?: boolean;
     /**
      * If mode is customized*block*page: full URL to the logo file.
      */
-    logoPath: string;
+    logoPath?: string;
     /**
      * If mode is customized*block*page: admin email for users to contact.
      */
-    mailtoAddress: string;
+    mailtoAddress?: string;
     /**
      * If mode is customized*block*page: subject line for emails created from block page.
      */
-    mailtoSubject: string;
+    mailtoSubject?: string;
     /**
      * Controls whether the user is redirected to a Cloudflare-hosted block page or to a customer-provided URI.
      * Available values: "customized*block*page", "redirectUri".
@@ -27814,11 +28056,11 @@ export interface TeamsAccountSettingsBrowserIsolation {
     /**
      * Enable non-identity onramp support for Browser Isolation.
      */
-    nonIdentityEnabled: boolean;
+    nonIdentityEnabled?: boolean;
     /**
      * Enable Clientless Browser Isolation.
      */
-    urlBrowserIsolationEnabled: boolean;
+    urlBrowserIsolationEnabled?: boolean;
 }
 export interface TeamsAccountSettingsCertificate {
     /**
@@ -27845,13 +28087,13 @@ export interface TeamsAccountSettingsExtendedEmailMatching {
     /**
      * Enable matching all variants of user emails (with + or . modifiers) used as criteria in Firewall policies.
      */
-    enabled: boolean;
+    enabled?: boolean;
 }
 export interface TeamsAccountSettingsFips {
     /**
      * Enable only cipher suites and TLS versions compliant with FIPS 140-2.
      */
-    tls: boolean;
+    tls?: boolean;
 }
 export interface TeamsAccountSettingsHostSelector {
     /**
@@ -27863,13 +28105,13 @@ export interface TeamsAccountSettingsProtocolDetection {
     /**
      * Enable detecting protocol on initial bytes of client traffic.
      */
-    enabled: boolean;
+    enabled?: boolean;
 }
 export interface TeamsAccountSettingsSandbox {
     /**
      * Enable sandbox.
      */
-    enabled: boolean;
+    enabled?: boolean;
     /**
      * Action to take when the file cannot be scanned.
      * Available values: "allow", "block".
@@ -27880,7 +28122,7 @@ export interface TeamsAccountSettingsTlsDecrypt {
     /**
      * Enable inspecting encrypted HTTP traffic.
      */
-    enabled: boolean;
+    enabled?: boolean;
 }
 export interface TeamsListItem {
     createdAt: string;
@@ -27992,7 +28234,7 @@ export interface TeamsRuleRuleSettings {
     /**
      * Settings for the Audit SSH action.
      */
-    auditSsh: outputs.TeamsRuleRuleSettingsAuditSsh;
+    auditSsh?: outputs.TeamsRuleRuleSettingsAuditSsh;
     /**
      * Configure how browser isolation behaves.
      */
@@ -28000,15 +28242,15 @@ export interface TeamsRuleRuleSettings {
     /**
      * Custom block page settings. If missing/null, blocking will use the the account settings.
      */
-    blockPage: outputs.TeamsRuleRuleSettingsBlockPage;
+    blockPage?: outputs.TeamsRuleRuleSettingsBlockPage;
     /**
      * Enable the custom block page.
      */
-    blockPageEnabled: boolean;
+    blockPageEnabled?: boolean;
     /**
      * The text describing why this block occurred, displayed on the custom block page (if enabled).
      */
-    blockReason: string;
+    blockReason?: string;
     /**
      * Set by children MSP accounts to bypass their parent's rules.
      */
@@ -28016,7 +28258,7 @@ export interface TeamsRuleRuleSettings {
     /**
      * Configure how session check behaves.
      */
-    checkSession: outputs.TeamsRuleRuleSettingsCheckSession;
+    checkSession?: outputs.TeamsRuleRuleSettingsCheckSession;
     /**
      * Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolve*dns*through*cloudflare' or 'resolve*dns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
      */
@@ -28028,19 +28270,19 @@ export interface TeamsRuleRuleSettings {
     /**
      * Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
      */
-    ignoreCnameCategoryMatches: boolean;
+    ignoreCnameCategoryMatches?: boolean;
     /**
      * INSECURE - disable DNSSEC validation (for Allow actions).
      */
-    insecureDisableDnssecValidation: boolean;
+    insecureDisableDnssecValidation?: boolean;
     /**
      * Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
      */
-    ipCategories: boolean;
+    ipCategories?: boolean;
     /**
      * Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
      */
-    ipIndicatorFeeds: boolean;
+    ipIndicatorFeeds?: boolean;
     /**
      * Send matching traffic to the supplied destination IP address and port.
      */
@@ -28048,11 +28290,11 @@ export interface TeamsRuleRuleSettings {
     /**
      * Configure a notification to display on the user's device when this rule is matched.
      */
-    notificationSettings: outputs.TeamsRuleRuleSettingsNotificationSettings;
+    notificationSettings?: outputs.TeamsRuleRuleSettingsNotificationSettings;
     /**
      * Override matching DNS queries with a hostname.
      */
-    overrideHost: string;
+    overrideHost?: string;
     /**
      * Override matching DNS queries with an IP or set of IPs.
      */
@@ -28060,7 +28302,7 @@ export interface TeamsRuleRuleSettings {
     /**
      * Configure DLP payload logging.
      */
-    payloadLog: outputs.TeamsRuleRuleSettingsPayloadLog;
+    payloadLog?: outputs.TeamsRuleRuleSettingsPayloadLog;
     /**
      * Settings that apply to quarantine rules
      */
@@ -28068,15 +28310,15 @@ export interface TeamsRuleRuleSettings {
     /**
      * Settings that apply to redirect rules
      */
-    redirect: outputs.TeamsRuleRuleSettingsRedirect;
+    redirect?: outputs.TeamsRuleRuleSettingsRedirect;
     /**
      * Configure to forward the query to the internal DNS service, passing the specified 'view*id' as input. Cannot be set when 'dns*resolvers' are specified or 'resolve*dns*through*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
      */
-    resolveDnsInternally: outputs.TeamsRuleRuleSettingsResolveDnsInternally;
+    resolveDnsInternally?: outputs.TeamsRuleRuleSettingsResolveDnsInternally;
     /**
      * Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dns*resolvers' are specified or 'resolve*dns_internally' is set. Only valid when a rule's action is set to 'resolve'.
      */
-    resolveDnsThroughCloudflare: boolean;
+    resolveDnsThroughCloudflare?: boolean;
     /**
      * Configure behavior when an upstream cert is invalid or an SSL error occurs.
      */
@@ -28086,7 +28328,7 @@ export interface TeamsRuleRuleSettingsAuditSsh {
     /**
      * Enable to turn on SSH command logging.
      */
-    commandLogging: boolean;
+    commandLogging?: boolean;
 }
 export interface TeamsRuleRuleSettingsBisoAdminControls {
     /**
@@ -28149,7 +28391,7 @@ export interface TeamsRuleRuleSettingsBlockPage {
     /**
      * If true, context information will be passed as query parameters
      */
-    includeContext: boolean;
+    includeContext?: boolean;
     /**
      * URI to which the user will be redirected
      */
@@ -28163,7 +28405,7 @@ export interface TeamsRuleRuleSettingsCheckSession {
     /**
      * Set to true to enable session enforcement.
      */
-    enforce: boolean;
+    enforce?: boolean;
 }
 export interface TeamsRuleRuleSettingsDnsResolvers {
     ipv4s?: outputs.TeamsRuleRuleSettingsDnsResolversIpv4[];
@@ -28233,7 +28475,7 @@ export interface TeamsRuleRuleSettingsNotificationSettings {
     /**
      * Set notification on
      */
-    enabled: boolean;
+    enabled?: boolean;
     /**
      * If true, context information will be passed as query parameters
      */
@@ -28251,7 +28493,7 @@ export interface TeamsRuleRuleSettingsPayloadLog {
     /**
      * Set to true to enable DLP payload logging for this rule.
      */
-    enabled: boolean;
+    enabled?: boolean;
 }
 export interface TeamsRuleRuleSettingsQuarantine {
     /**
@@ -28263,11 +28505,11 @@ export interface TeamsRuleRuleSettingsRedirect {
     /**
      * If true, context information will be passed as query parameters
      */
-    includeContext: boolean;
+    includeContext?: boolean;
     /**
      * If true, the path and query parameters from the original request will be appended to target_uri
      */
-    preservePathAndQuery: boolean;
+    preservePathAndQuery?: boolean;
     /**
      * URI to which the user will be redirected
      */
@@ -28278,7 +28520,7 @@ export interface TeamsRuleRuleSettingsResolveDnsInternally {
      * The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries.
      * Available values: "none", "publicDns".
      */
-    fallback: string;
+    fallback?: string;
     /**
      * The internal DNS view identifier that's passed to the internal DNS service.
      */
@@ -28496,7 +28738,7 @@ export interface TunnelConfigConfigOriginRequestAccess {
     teamName: string;
 }
 export interface TunnelConfigConfigWarpRouting {
-    enabled: boolean;
+    enabled?: boolean;
 }
 export interface TunnelConnection {
     /**
@@ -28535,7 +28777,7 @@ export interface TunnelConnection {
 export interface UserAgentBlockingRuleConfiguration {
     /**
      * The configuration target. You must set the target to `ip` when specifying an IP address in the rule.
-     * Available values: "ip".
+     * Available values: "ip", "ip6", "ipRange", "asn", "country".
      */
     target?: string;
     /**
@@ -28624,7 +28866,9 @@ export interface WebAnalyticsSiteRuleset {
     zoneTag: string;
 }
 export interface WorkerCronTriggerSchedule {
+    createdOn: string;
     cron: string;
+    modifiedOn: string;
 }
 export interface WorkerScriptAssets {
     /**
@@ -28727,7 +28971,7 @@ export interface WorkerScriptBinding {
     /**
      * Namespace identifier tag.
      */
-    namespaceId?: string;
+    namespaceId: string;
     /**
      * Outbound worker.
      */
@@ -28762,7 +29006,7 @@ export interface WorkerScriptBinding {
     text?: string;
     /**
      * The kind of resource that the binding provides.
-     * Available values: "ai".
+     * Available values: "ai", "analytics*engine", "assets", "browser", "d1", "dispatch*namespace", "durable*object*namespace", "hyperdrive", "json", "kv*namespace", "mtls*certificate", "plain*text", "pipelines", "queue", "r2*bucket", "secret*text", "service", "tail*consumer", "vectorize", "version*metadata", "secrets*store*secret", "secret*key".
      */
     type: string;
     /**
@@ -28873,6 +29117,24 @@ export interface WorkerScriptObservability {
      * The sampling rate for incoming requests. From 0 to 1 (1 = 100%, 0.1 = 10%). Default is 1.
      */
     headSamplingRate?: number;
+    /**
+     * Log settings for the Worker.
+     */
+    logs?: outputs.WorkerScriptObservabilityLogs;
+}
+export interface WorkerScriptObservabilityLogs {
+    /**
+     * Whether logs are enabled for the Worker.
+     */
+    enabled: boolean;
+    /**
+     * The sampling rate for logs. From 0 to 1 (1 = 100%, 0.1 = 10%). Default is 1.
+     */
+    headSamplingRate?: number;
+    /**
+     * Whether [invocation logs](https://developers.cloudflare.com/workers/observability/logs/workers-logs/#invocation-logs) are enabled for the Worker.
+     */
+    invocationLogs: boolean;
 }
 export interface WorkerScriptPlacement {
     /**
@@ -28905,7 +29167,9 @@ export interface WorkerScriptTailConsumer {
     service: string;
 }
 export interface WorkersCronTriggerSchedule {
+    createdOn: string;
     cron: string;
+    modifiedOn: string;
 }
 export interface WorkersDeploymentAnnotations {
     /**
@@ -29040,7 +29304,7 @@ export interface WorkersScriptBinding {
     /**
      * Namespace identifier tag.
      */
-    namespaceId?: string;
+    namespaceId: string;
     /**
      * Outbound worker.
      */
@@ -29075,7 +29339,7 @@ export interface WorkersScriptBinding {
     text?: string;
     /**
      * The kind of resource that the binding provides.
-     * Available values: "ai".
+     * Available values: "ai", "analytics*engine", "assets", "browser", "d1", "dispatch*namespace", "durable*object*namespace", "hyperdrive", "json", "kv*namespace", "mtls*certificate", "plain*text", "pipelines", "queue", "r2*bucket", "secret*text", "service", "tail*consumer", "vectorize", "version*metadata", "secrets*store*secret", "secret*key".
      */
     type: string;
     /**
@@ -29186,6 +29450,24 @@ export interface WorkersScriptObservability {
      * The sampling rate for incoming requests. From 0 to 1 (1 = 100%, 0.1 = 10%). Default is 1.
      */
     headSamplingRate?: number;
+    /**
+     * Log settings for the Worker.
+     */
+    logs?: outputs.WorkersScriptObservabilityLogs;
+}
+export interface WorkersScriptObservabilityLogs {
+    /**
+     * Whether logs are enabled for the Worker.
+     */
+    enabled: boolean;
+    /**
+     * The sampling rate for logs. From 0 to 1 (1 = 100%, 0.1 = 10%). Default is 1.
+     */
+    headSamplingRate?: number;
+    /**
+     * Whether [invocation logs](https://developers.cloudflare.com/workers/observability/logs/workers-logs/#invocation-logs) are enabled for the Worker.
+     */
+    invocationLogs: boolean;
 }
 export interface WorkersScriptPlacement {
     /**
@@ -29270,7 +29552,7 @@ export interface ZeroTrustAccessApplicationDestination {
      */
     portRange?: string;
     /**
-     * Available values: "public".
+     * Available values: "public", "private".
      */
     type?: string;
     /**
@@ -29327,7 +29609,7 @@ export interface ZeroTrustAccessApplicationPolicy {
     /**
      * Rules evaluated with a NOT logical operator. To match the policy, a user cannot meet any of the Exclude rules.
      */
-    excludes?: outputs.ZeroTrustAccessApplicationPolicyExclude[];
+    excludes: outputs.ZeroTrustAccessApplicationPolicyExclude[];
     /**
      * The UUID of the policy
      */
@@ -29335,7 +29617,7 @@ export interface ZeroTrustAccessApplicationPolicy {
     /**
      * Rules evaluated with an OR logical operator. A user needs to meet only one of the Include rules.
      */
-    includes?: outputs.ZeroTrustAccessApplicationPolicyInclude[];
+    includes: outputs.ZeroTrustAccessApplicationPolicyInclude[];
     /**
      * The name of the Access policy.
      */
@@ -29347,7 +29629,7 @@ export interface ZeroTrustAccessApplicationPolicy {
     /**
      * Rules evaluated with an AND logical operator. To match the policy, a user must meet all of the Require rules.
      */
-    requires?: outputs.ZeroTrustAccessApplicationPolicyRequire[];
+    requires: outputs.ZeroTrustAccessApplicationPolicyRequire[];
 }
 export interface ZeroTrustAccessApplicationPolicyConnectionRules {
     /**
@@ -30150,7 +30432,7 @@ export interface ZeroTrustAccessApplicationScimConfigAuthentication {
     password?: string;
     /**
      * The authentication scheme to use when making SCIM requests to this application.
-     * Available values: "httpbasic".
+     * Available values: "httpbasic", "oauthbearertoken", "oauth2", "access*service*token".
      */
     scheme: string;
     /**
@@ -30896,7 +31178,7 @@ export interface ZeroTrustAccessIdentityProviderConfig {
     /**
      * Sign the SAML authentication request with Access credentials. To verify the signature, use the public key from the Access certs endpoints.
      */
-    signRequest?: boolean;
+    signRequest: boolean;
     /**
      * URL to send the SAML authentication requests to
      */
@@ -31643,11 +31925,11 @@ export interface ZeroTrustDeviceCustomProfileServiceModeV2 {
 }
 export interface ZeroTrustDeviceCustomProfileTargetTest {
     /**
-     * The id of the DEX test targeting this policy
+     * The id of the DEX test targeting this policy.
      */
     id: string;
     /**
-     * The name of the DEX test targeting this policy
+     * The name of the DEX test targeting this policy.
      */
     name: string;
 }
@@ -31729,11 +32011,11 @@ export interface ZeroTrustDeviceManagedNetworksConfig {
 }
 export interface ZeroTrustDevicePostureIntegrationConfig {
     /**
-     * If present, this id will be passed in the `CF-Access-Client-ID` header when hitting the `apiUrl`
+     * If present, this id will be passed in the `CF-Access-Client-ID` header when hitting the `apiUrl`.
      */
     accessClientId?: string;
     /**
-     * If present, this secret will be passed in the `CF-Access-Client-Secret` header when hitting the `apiUrl`
+     * If present, this secret will be passed in the `CF-Access-Client-Secret` header when hitting the `apiUrl`.
      */
     accessClientSecret?: string;
     /**
@@ -31779,12 +32061,12 @@ export interface ZeroTrustDevicePostureRuleInput {
      */
     checkPrivateKey?: boolean;
     /**
-     * Common Name that is protected by the certificate
+     * Common Name that is protected by the certificate.
      */
     cn?: string;
     /**
-     * Compliance Status
-     * Available values: "compliant", "noncompliant", "unknown".
+     * Compliance Status.
+     * Available values: "compliant", "noncompliant", "unknown", "notapplicable", "ingraceperiod", "error".
      */
     complianceStatus?: string;
     /**
@@ -31792,12 +32074,12 @@ export interface ZeroTrustDevicePostureRuleInput {
      */
     connectionId?: string;
     /**
-     * Count Operator
+     * Count Operator.
      * Available values: "<", "<=", ">", ">=", "==".
      */
     countOperator?: string;
     /**
-     * Domain
+     * Domain.
      */
     domain?: string;
     /**
@@ -31805,15 +32087,15 @@ export interface ZeroTrustDevicePostureRuleInput {
      */
     eidLastSeen?: string;
     /**
-     * Enabled
+     * Enabled.
      */
     enabled?: boolean;
     /**
-     * Whether or not file exists
+     * Whether or not file exists.
      */
     exists?: boolean;
     /**
-     * List of values indicating purposes for which the certificate public key can be used
+     * List of values indicating purposes for which the certificate public key can be used.
      */
     extendedKeyUsages?: string[];
     /**
@@ -31843,8 +32125,8 @@ export interface ZeroTrustDevicePostureRuleInput {
      */
     networkStatus?: string;
     /**
-     * Operating system
-     * Available values: "windows", "linux", "mac".
+     * Operating system.
+     * Available values: "windows", "linux", "mac", "android", "ios", "chromeos".
      */
     operatingSystem?: string;
     /**
@@ -31853,28 +32135,28 @@ export interface ZeroTrustDevicePostureRuleInput {
      */
     operationalState?: string;
     /**
-     * operator
+     * Operator.
      * Available values: "<", "<=", ">", ">=", "==".
      */
     operator?: string;
     /**
-     * Os Version
+     * Os Version.
      */
     os?: string;
     /**
-     * Operating System Distribution Name (linux only)
+     * Operating System Distribution Name (linux only).
      */
     osDistroName?: string;
     /**
-     * Version of OS Distribution (linux only)
+     * Version of OS Distribution (linux only).
      */
     osDistroRevision?: string;
     /**
-     * Additional version data. For Mac or iOS, the Product Version Extra. For Linux, the kernel release version. (Mac, iOS, and Linux only)
+     * Additional version data. For Mac or iOS, the Product Version Extra. For Linux, the kernel release version. (Mac, iOS, and Linux only).
      */
     osVersionExtra?: string;
     /**
-     * overall
+     * Overall.
      */
     overall?: string;
     /**
@@ -31895,12 +32177,12 @@ export interface ZeroTrustDevicePostureRuleInput {
      */
     score?: number;
     /**
-     * Score Operator
+     * Score Operator.
      * Available values: "<", "<=", ">", ">=", "==".
      */
     scoreOperator?: string;
     /**
-     * SensorConfig
+     * SensorConfig.
      */
     sensorConfig?: string;
     /**
@@ -31921,11 +32203,11 @@ export interface ZeroTrustDevicePostureRuleInput {
      */
     totalScore?: number;
     /**
-     * Version of OS
+     * Version of OS.
      */
     version?: string;
     /**
-     * Version Operator
+     * Version Operator.
      * Available values: "<", "<=", ">", ">=", "==".
      */
     versionOperator?: string;
@@ -31946,6 +32228,34 @@ export interface ZeroTrustDevicePostureRuleMatch {
      */
     platform?: string;
 }
+export interface ZeroTrustDexTestData {
+    /**
+     * The desired endpoint to test.
+     */
+    host?: string;
+    /**
+     * The type of test.
+     */
+    kind?: string;
+    /**
+     * The HTTP request method type.
+     */
+    method?: string;
+}
+export interface ZeroTrustDexTestTargetPolicy {
+    /**
+     * Whether the DEX rule is the account default
+     */
+    default?: boolean;
+    /**
+     * The id of the DEX rule
+     */
+    id?: string;
+    /**
+     * The name of the DEX rule
+     */
+    name?: string;
+}
 export interface ZeroTrustDlpCustomProfileContextAwareness {
     /**
      * If true, scan the context of predefined entries to only return matches surrounded by keywords.
@@ -32035,7 +32345,7 @@ export interface ZeroTrustDlpCustomProfileProfileSharedEntry {
     enabled: boolean;
     entryId: string;
     /**
-     * Available values: "custom".
+     * Available values: "custom", "predefined", "integration", "exactData".
      */
     entryType: string;
 }
@@ -32043,7 +32353,7 @@ export interface ZeroTrustDlpCustomProfileSharedEntry {
     enabled: boolean;
     entryId: string;
     /**
-     * Available values: "custom".
+     * Available values: "custom", "predefined", "integration", "exactData".
      */
     entryType: string;
 }
@@ -32277,7 +32587,7 @@ export interface ZeroTrustGatewayPolicyRuleSettings {
     /**
      * Settings for the Audit SSH action.
      */
-    auditSsh: outputs.ZeroTrustGatewayPolicyRuleSettingsAuditSsh;
+    auditSsh?: outputs.ZeroTrustGatewayPolicyRuleSettingsAuditSsh;
     /**
      * Configure how browser isolation behaves.
      */
@@ -32285,15 +32595,15 @@ export interface ZeroTrustGatewayPolicyRuleSettings {
     /**
      * Custom block page settings. If missing/null, blocking will use the the account settings.
      */
-    blockPage: outputs.ZeroTrustGatewayPolicyRuleSettingsBlockPage;
+    blockPage?: outputs.ZeroTrustGatewayPolicyRuleSettingsBlockPage;
     /**
      * Enable the custom block page.
      */
-    blockPageEnabled: boolean;
+    blockPageEnabled?: boolean;
     /**
      * The text describing why this block occurred, displayed on the custom block page (if enabled).
      */
-    blockReason: string;
+    blockReason?: string;
     /**
      * Set by children MSP accounts to bypass their parent's rules.
      */
@@ -32301,7 +32611,7 @@ export interface ZeroTrustGatewayPolicyRuleSettings {
     /**
      * Configure how session check behaves.
      */
-    checkSession: outputs.ZeroTrustGatewayPolicyRuleSettingsCheckSession;
+    checkSession?: outputs.ZeroTrustGatewayPolicyRuleSettingsCheckSession;
     /**
      * Add your own custom resolvers to route queries that match the resolver policy. Cannot be used when 'resolve*dns*through*cloudflare' or 'resolve*dns*internally' are set. DNS queries will route to the address closest to their origin. Only valid when a rule's action is set to 'resolve'.
      */
@@ -32313,19 +32623,19 @@ export interface ZeroTrustGatewayPolicyRuleSettings {
     /**
      * Set to true, to ignore the category matches at CNAME domains in a response. If unchecked, the categories in this rule will be checked against all the CNAME domain categories in a response.
      */
-    ignoreCnameCategoryMatches: boolean;
+    ignoreCnameCategoryMatches?: boolean;
     /**
      * INSECURE - disable DNSSEC validation (for Allow actions).
      */
-    insecureDisableDnssecValidation: boolean;
+    insecureDisableDnssecValidation?: boolean;
     /**
      * Set to true to enable IPs in DNS resolver category blocks. By default categories only block based on domain names.
      */
-    ipCategories: boolean;
+    ipCategories?: boolean;
     /**
      * Set to true to include IPs in DNS resolver indicator feed blocks. By default indicator feeds only block based on domain names.
      */
-    ipIndicatorFeeds: boolean;
+    ipIndicatorFeeds?: boolean;
     /**
      * Send matching traffic to the supplied destination IP address and port.
      */
@@ -32333,11 +32643,11 @@ export interface ZeroTrustGatewayPolicyRuleSettings {
     /**
      * Configure a notification to display on the user's device when this rule is matched.
      */
-    notificationSettings: outputs.ZeroTrustGatewayPolicyRuleSettingsNotificationSettings;
+    notificationSettings?: outputs.ZeroTrustGatewayPolicyRuleSettingsNotificationSettings;
     /**
      * Override matching DNS queries with a hostname.
      */
-    overrideHost: string;
+    overrideHost?: string;
     /**
      * Override matching DNS queries with an IP or set of IPs.
      */
@@ -32345,7 +32655,7 @@ export interface ZeroTrustGatewayPolicyRuleSettings {
     /**
      * Configure DLP payload logging.
      */
-    payloadLog: outputs.ZeroTrustGatewayPolicyRuleSettingsPayloadLog;
+    payloadLog?: outputs.ZeroTrustGatewayPolicyRuleSettingsPayloadLog;
     /**
      * Settings that apply to quarantine rules
      */
@@ -32353,15 +32663,15 @@ export interface ZeroTrustGatewayPolicyRuleSettings {
     /**
      * Settings that apply to redirect rules
      */
-    redirect: outputs.ZeroTrustGatewayPolicyRuleSettingsRedirect;
+    redirect?: outputs.ZeroTrustGatewayPolicyRuleSettingsRedirect;
     /**
      * Configure to forward the query to the internal DNS service, passing the specified 'view*id' as input. Cannot be set when 'dns*resolvers' are specified or 'resolve*dns*through*cloudflare' is set. Only valid when a rule's action is set to 'resolve'.
      */
-    resolveDnsInternally: outputs.ZeroTrustGatewayPolicyRuleSettingsResolveDnsInternally;
+    resolveDnsInternally?: outputs.ZeroTrustGatewayPolicyRuleSettingsResolveDnsInternally;
     /**
      * Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot be set when 'dns*resolvers' are specified or 'resolve*dns_internally' is set. Only valid when a rule's action is set to 'resolve'.
      */
-    resolveDnsThroughCloudflare: boolean;
+    resolveDnsThroughCloudflare?: boolean;
     /**
      * Configure behavior when an upstream cert is invalid or an SSL error occurs.
      */
@@ -32371,7 +32681,7 @@ export interface ZeroTrustGatewayPolicyRuleSettingsAuditSsh {
     /**
      * Enable to turn on SSH command logging.
      */
-    commandLogging: boolean;
+    commandLogging?: boolean;
 }
 export interface ZeroTrustGatewayPolicyRuleSettingsBisoAdminControls {
     /**
@@ -32434,7 +32744,7 @@ export interface ZeroTrustGatewayPolicyRuleSettingsBlockPage {
     /**
      * If true, context information will be passed as query parameters
      */
-    includeContext: boolean;
+    includeContext?: boolean;
     /**
      * URI to which the user will be redirected
      */
@@ -32448,7 +32758,7 @@ export interface ZeroTrustGatewayPolicyRuleSettingsCheckSession {
     /**
      * Set to true to enable session enforcement.
      */
-    enforce: boolean;
+    enforce?: boolean;
 }
 export interface ZeroTrustGatewayPolicyRuleSettingsDnsResolvers {
     ipv4s?: outputs.ZeroTrustGatewayPolicyRuleSettingsDnsResolversIpv4[];
@@ -32518,7 +32828,7 @@ export interface ZeroTrustGatewayPolicyRuleSettingsNotificationSettings {
     /**
      * Set notification on
      */
-    enabled: boolean;
+    enabled?: boolean;
     /**
      * If true, context information will be passed as query parameters
      */
@@ -32536,7 +32846,7 @@ export interface ZeroTrustGatewayPolicyRuleSettingsPayloadLog {
     /**
      * Set to true to enable DLP payload logging for this rule.
      */
-    enabled: boolean;
+    enabled?: boolean;
 }
 export interface ZeroTrustGatewayPolicyRuleSettingsQuarantine {
     /**
@@ -32548,11 +32858,11 @@ export interface ZeroTrustGatewayPolicyRuleSettingsRedirect {
     /**
      * If true, context information will be passed as query parameters
      */
-    includeContext: boolean;
+    includeContext?: boolean;
     /**
      * If true, the path and query parameters from the original request will be appended to target_uri
      */
-    preservePathAndQuery: boolean;
+    preservePathAndQuery?: boolean;
     /**
      * URI to which the user will be redirected
      */
@@ -32563,7 +32873,7 @@ export interface ZeroTrustGatewayPolicyRuleSettingsResolveDnsInternally {
      * The fallback behavior to apply when the internal DNS response code is different from 'NOERROR' or when the response data only contains CNAME records for 'A' or 'AAAA' queries.
      * Available values: "none", "publicDns".
      */
-    fallback: string;
+    fallback?: string;
     /**
      * The internal DNS view identifier that's passed to the internal DNS service.
      */
@@ -32614,11 +32924,11 @@ export interface ZeroTrustGatewaySettingsSettings {
     /**
      * Activity log settings.
      */
-    activityLog: outputs.ZeroTrustGatewaySettingsSettingsActivityLog;
+    activityLog?: outputs.ZeroTrustGatewaySettingsSettingsActivityLog;
     /**
      * Anti-virus settings.
      */
-    antivirus: outputs.ZeroTrustGatewaySettingsSettingsAntivirus;
+    antivirus?: outputs.ZeroTrustGatewaySettingsSettingsAntivirus;
     /**
      * Block page layout settings.
      */
@@ -32630,7 +32940,7 @@ export interface ZeroTrustGatewaySettingsSettings {
     /**
      * Browser isolation settings.
      */
-    browserIsolation: outputs.ZeroTrustGatewaySettingsSettingsBrowserIsolation;
+    browserIsolation?: outputs.ZeroTrustGatewaySettingsSettingsBrowserIsolation;
     /**
      * Certificate settings for Gateway TLS interception. If not specified, the Cloudflare Root CA will be used.
      */
@@ -32644,11 +32954,11 @@ export interface ZeroTrustGatewaySettingsSettings {
     /**
      * Extended e-mail matching settings.
      */
-    extendedEmailMatching: outputs.ZeroTrustGatewaySettingsSettingsExtendedEmailMatching;
+    extendedEmailMatching?: outputs.ZeroTrustGatewaySettingsSettingsExtendedEmailMatching;
     /**
      * FIPS settings.
      */
-    fips: outputs.ZeroTrustGatewaySettingsSettingsFips;
+    fips?: outputs.ZeroTrustGatewaySettingsSettingsFips;
     /**
      * Setting to enable host selector in egress policies.
      */
@@ -32656,49 +32966,49 @@ export interface ZeroTrustGatewaySettingsSettings {
     /**
      * Protocol Detection settings.
      */
-    protocolDetection: outputs.ZeroTrustGatewaySettingsSettingsProtocolDetection;
+    protocolDetection?: outputs.ZeroTrustGatewaySettingsSettingsProtocolDetection;
     /**
      * Sandbox settings.
      */
-    sandbox: outputs.ZeroTrustGatewaySettingsSettingsSandbox;
+    sandbox?: outputs.ZeroTrustGatewaySettingsSettingsSandbox;
     /**
      * TLS interception settings.
      */
-    tlsDecrypt: outputs.ZeroTrustGatewaySettingsSettingsTlsDecrypt;
+    tlsDecrypt?: outputs.ZeroTrustGatewaySettingsSettingsTlsDecrypt;
 }
 export interface ZeroTrustGatewaySettingsSettingsActivityLog {
     /**
      * Enable activity logging.
      */
-    enabled: boolean;
+    enabled?: boolean;
 }
 export interface ZeroTrustGatewaySettingsSettingsAntivirus {
     /**
      * Enable anti-virus scanning on downloads.
      */
-    enabledDownloadPhase: boolean;
+    enabledDownloadPhase?: boolean;
     /**
      * Enable anti-virus scanning on uploads.
      */
-    enabledUploadPhase: boolean;
+    enabledUploadPhase?: boolean;
     /**
      * Block requests for files that cannot be scanned.
      */
-    failClosed: boolean;
+    failClosed?: boolean;
     /**
      * Configure a message to display on the user's device when an antivirus search is performed.
      */
-    notificationSettings: outputs.ZeroTrustGatewaySettingsSettingsAntivirusNotificationSettings;
+    notificationSettings?: outputs.ZeroTrustGatewaySettingsSettingsAntivirusNotificationSettings;
 }
 export interface ZeroTrustGatewaySettingsSettingsAntivirusNotificationSettings {
     /**
      * Set notification on
      */
-    enabled: boolean;
+    enabled?: boolean;
     /**
      * If true, context information will be passed as query parameters
      */
-    includeContext: boolean;
+    includeContext?: boolean;
     /**
      * Customize the message shown in the notification.
      */
@@ -32712,35 +33022,35 @@ export interface ZeroTrustGatewaySettingsSettingsBlockPage {
     /**
      * If mode is customized*block*page: block page background color in #rrggbb format.
      */
-    backgroundColor: string;
+    backgroundColor?: string;
     /**
      * Enable only cipher suites and TLS versions compliant with FIPS 140-2.
      */
-    enabled: boolean;
+    enabled?: boolean;
     /**
      * If mode is customized*block*page: block page footer text.
      */
-    footerText: string;
+    footerText?: string;
     /**
      * If mode is customized*block*page: block page header text.
      */
-    headerText: string;
+    headerText?: string;
     /**
      * If mode is redirect*uri: when enabled, context will be appended to target*uri as query parameters.
      */
-    includeContext: boolean;
+    includeContext?: boolean;
     /**
      * If mode is customized*block*page: full URL to the logo file.
      */
-    logoPath: string;
+    logoPath?: string;
     /**
      * If mode is customized*block*page: admin email for users to contact.
      */
-    mailtoAddress: string;
+    mailtoAddress?: string;
     /**
      * If mode is customized*block*page: subject line for emails created from block page.
      */
-    mailtoSubject: string;
+    mailtoSubject?: string;
     /**
      * Controls whether the user is redirected to a Cloudflare-hosted block page or to a customer-provided URI.
      * Available values: "customized*block*page", "redirectUri".
@@ -32769,11 +33079,11 @@ export interface ZeroTrustGatewaySettingsSettingsBrowserIsolation {
     /**
      * Enable non-identity onramp support for Browser Isolation.
      */
-    nonIdentityEnabled: boolean;
+    nonIdentityEnabled?: boolean;
     /**
      * Enable Clientless Browser Isolation.
      */
-    urlBrowserIsolationEnabled: boolean;
+    urlBrowserIsolationEnabled?: boolean;
 }
 export interface ZeroTrustGatewaySettingsSettingsCertificate {
     /**
@@ -32800,13 +33110,13 @@ export interface ZeroTrustGatewaySettingsSettingsExtendedEmailMatching {
     /**
      * Enable matching all variants of user emails (with + or . modifiers) used as criteria in Firewall policies.
      */
-    enabled: boolean;
+    enabled?: boolean;
 }
 export interface ZeroTrustGatewaySettingsSettingsFips {
     /**
      * Enable only cipher suites and TLS versions compliant with FIPS 140-2.
      */
-    tls: boolean;
+    tls?: boolean;
 }
 export interface ZeroTrustGatewaySettingsSettingsHostSelector {
     /**
@@ -32818,13 +33128,13 @@ export interface ZeroTrustGatewaySettingsSettingsProtocolDetection {
     /**
      * Enable detecting protocol on initial bytes of client traffic.
      */
-    enabled: boolean;
+    enabled?: boolean;
 }
 export interface ZeroTrustGatewaySettingsSettingsSandbox {
     /**
      * Enable sandbox.
      */
-    enabled: boolean;
+    enabled?: boolean;
     /**
      * Action to take when the file cannot be scanned.
      * Available values: "allow", "block".
@@ -32835,7 +33145,7 @@ export interface ZeroTrustGatewaySettingsSettingsTlsDecrypt {
     /**
      * Enable inspecting encrypted HTTP traffic.
      */
-    enabled: boolean;
+    enabled?: boolean;
 }
 export interface ZeroTrustListItem {
     createdAt: string;
@@ -33072,7 +33382,7 @@ export interface ZeroTrustTunnelCloudflaredConfigConfigOriginRequestAccess {
     teamName: string;
 }
 export interface ZeroTrustTunnelCloudflaredConfigConfigWarpRouting {
-    enabled: boolean;
+    enabled?: boolean;
 }
 export interface ZeroTrustTunnelCloudflaredConnection {
     /**
@@ -33210,7 +33520,7 @@ export interface ZoneDnsSettingsSoa {
 export interface ZoneLockdownConfiguration {
     /**
      * The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule.
-     * Available values: "ip".
+     * Available values: "ip", "ipRange".
      */
     target?: string;
     /**
@@ -33259,6 +33569,48 @@ export interface ZoneOwner {
      */
     type: string;
 }
+export interface ZonePlan {
+    /**
+     * States if the subscription can be activated.
+     */
+    canSubscribe: boolean;
+    /**
+     * The denomination of the customer.
+     */
+    currency: string;
+    /**
+     * If this Zone is managed by another company.
+     */
+    externallyManaged: boolean;
+    /**
+     * How often the customer is billed.
+     */
+    frequency: string;
+    /**
+     * Identifier
+     */
+    id: string;
+    /**
+     * States if the subscription active.
+     */
+    isSubscribed: boolean;
+    /**
+     * If the legacy discount applies to this Zone.
+     */
+    legacyDiscount: boolean;
+    /**
+     * The legacy name of the plan.
+     */
+    legacyId: string;
+    /**
+     * Name of the owner
+     */
+    name: string;
+    /**
+     * How much the customer is paying.
+     */
+    price: number;
+}
 export interface ZoneSubscriptionRatePlan {
     /**
      * The currency applied to the rate plan subscription.
@@ -33290,3 +33642,19 @@ export interface ZoneSubscriptionRatePlan {
      */
     sets?: string[];
 }
+export interface ZoneTenant {
+    /**
+     * Identifier
+     */
+    id: string;
+    /**
+     * The name of the Tenant account.
+     */
+    name: string;
+}
+export interface ZoneTenantUnit {
+    /**
+     * Identifier
+     */
+    id: string;
+}