@pulumi/cloudflare 6.5.0-alpha.1753490674 → 6.5.0

package/types/input.d.ts

@@ -173,7 +173,9 @@ export interface AccessApplicationPolicyExclude {
     gsuite?: pulumi.Input<inputs.AccessApplicationPolicyExcludeGsuite>;
     ip?: pulumi.Input<inputs.AccessApplicationPolicyExcludeIp>;
     ipList?: pulumi.Input<inputs.AccessApplicationPolicyExcludeIpList>;
+    linkedAppToken?: pulumi.Input<inputs.AccessApplicationPolicyExcludeLinkedAppToken>;
     loginMethod?: pulumi.Input<inputs.AccessApplicationPolicyExcludeLoginMethod>;
+    oidc?: pulumi.Input<inputs.AccessApplicationPolicyExcludeOidc>;
     okta?: pulumi.Input<inputs.AccessApplicationPolicyExcludeOkta>;
     saml?: pulumi.Input<inputs.AccessApplicationPolicyExcludeSaml>;
     serviceToken?: pulumi.Input<inputs.AccessApplicationPolicyExcludeServiceToken>;
@@ -302,12 +304,32 @@ export interface AccessApplicationPolicyExcludeIpList {
      */
     id: pulumi.Input<string>;
 }
+export interface AccessApplicationPolicyExcludeLinkedAppToken {
+    /**
+     * The ID of an Access OIDC SaaS application
+     */
+    appUid: pulumi.Input<string>;
+}
 export interface AccessApplicationPolicyExcludeLoginMethod {
     /**
      * The ID of an identity provider.
      */
     id: pulumi.Input<string>;
 }
+export interface AccessApplicationPolicyExcludeOidc {
+    /**
+     * The name of the OIDC claim.
+     */
+    claimName: pulumi.Input<string>;
+    /**
+     * The OIDC claim value to look for.
+     */
+    claimValue: pulumi.Input<string>;
+    /**
+     * The ID of your OIDC identity provider.
+     */
+    identityProviderId: pulumi.Input<string>;
+}
 export interface AccessApplicationPolicyExcludeOkta {
     /**
      * The ID of your Okta identity provider.
@@ -363,7 +385,9 @@ export interface AccessApplicationPolicyInclude {
     gsuite?: pulumi.Input<inputs.AccessApplicationPolicyIncludeGsuite>;
     ip?: pulumi.Input<inputs.AccessApplicationPolicyIncludeIp>;
     ipList?: pulumi.Input<inputs.AccessApplicationPolicyIncludeIpList>;
+    linkedAppToken?: pulumi.Input<inputs.AccessApplicationPolicyIncludeLinkedAppToken>;
     loginMethod?: pulumi.Input<inputs.AccessApplicationPolicyIncludeLoginMethod>;
+    oidc?: pulumi.Input<inputs.AccessApplicationPolicyIncludeOidc>;
     okta?: pulumi.Input<inputs.AccessApplicationPolicyIncludeOkta>;
     saml?: pulumi.Input<inputs.AccessApplicationPolicyIncludeSaml>;
     serviceToken?: pulumi.Input<inputs.AccessApplicationPolicyIncludeServiceToken>;
@@ -492,12 +516,32 @@ export interface AccessApplicationPolicyIncludeIpList {
      */
     id: pulumi.Input<string>;
 }
+export interface AccessApplicationPolicyIncludeLinkedAppToken {
+    /**
+     * The ID of an Access OIDC SaaS application
+     */
+    appUid: pulumi.Input<string>;
+}
 export interface AccessApplicationPolicyIncludeLoginMethod {
     /**
      * The ID of an identity provider.
      */
     id: pulumi.Input<string>;
 }
+export interface AccessApplicationPolicyIncludeOidc {
+    /**
+     * The name of the OIDC claim.
+     */
+    claimName: pulumi.Input<string>;
+    /**
+     * The OIDC claim value to look for.
+     */
+    claimValue: pulumi.Input<string>;
+    /**
+     * The ID of your OIDC identity provider.
+     */
+    identityProviderId: pulumi.Input<string>;
+}
 export interface AccessApplicationPolicyIncludeOkta {
     /**
      * The ID of your Okta identity provider.
@@ -553,7 +597,9 @@ export interface AccessApplicationPolicyRequire {
     gsuite?: pulumi.Input<inputs.AccessApplicationPolicyRequireGsuite>;
     ip?: pulumi.Input<inputs.AccessApplicationPolicyRequireIp>;
     ipList?: pulumi.Input<inputs.AccessApplicationPolicyRequireIpList>;
+    linkedAppToken?: pulumi.Input<inputs.AccessApplicationPolicyRequireLinkedAppToken>;
     loginMethod?: pulumi.Input<inputs.AccessApplicationPolicyRequireLoginMethod>;
+    oidc?: pulumi.Input<inputs.AccessApplicationPolicyRequireOidc>;
     okta?: pulumi.Input<inputs.AccessApplicationPolicyRequireOkta>;
     saml?: pulumi.Input<inputs.AccessApplicationPolicyRequireSaml>;
     serviceToken?: pulumi.Input<inputs.AccessApplicationPolicyRequireServiceToken>;
@@ -682,12 +728,32 @@ export interface AccessApplicationPolicyRequireIpList {
      */
     id: pulumi.Input<string>;
 }
+export interface AccessApplicationPolicyRequireLinkedAppToken {
+    /**
+     * The ID of an Access OIDC SaaS application
+     */
+    appUid: pulumi.Input<string>;
+}
 export interface AccessApplicationPolicyRequireLoginMethod {
     /**
      * The ID of an identity provider.
      */
     id: pulumi.Input<string>;
 }
+export interface AccessApplicationPolicyRequireOidc {
+    /**
+     * The name of the OIDC claim.
+     */
+    claimName: pulumi.Input<string>;
+    /**
+     * The OIDC claim value to look for.
+     */
+    claimValue: pulumi.Input<string>;
+    /**
+     * The ID of your OIDC identity provider.
+     */
+    identityProviderId: pulumi.Input<string>;
+}
 export interface AccessApplicationPolicyRequireOkta {
     /**
      * The ID of your Okta identity provider.
@@ -1001,7 +1067,7 @@ export interface AccessApplicationTargetCriteria {
     port: pulumi.Input<number>;
     /**
      * The communication protocol your application secures.
-     * Available values: "SSH".
+     * Available values: "SSH", "RDP".
      */
     protocol: pulumi.Input<string>;
     /**
@@ -1036,7 +1102,9 @@ export interface AccessGroupExclude {
     gsuite?: pulumi.Input<inputs.AccessGroupExcludeGsuite>;
     ip?: pulumi.Input<inputs.AccessGroupExcludeIp>;
     ipList?: pulumi.Input<inputs.AccessGroupExcludeIpList>;
+    linkedAppToken?: pulumi.Input<inputs.AccessGroupExcludeLinkedAppToken>;
     loginMethod?: pulumi.Input<inputs.AccessGroupExcludeLoginMethod>;
+    oidc?: pulumi.Input<inputs.AccessGroupExcludeOidc>;
     okta?: pulumi.Input<inputs.AccessGroupExcludeOkta>;
     saml?: pulumi.Input<inputs.AccessGroupExcludeSaml>;
     serviceToken?: pulumi.Input<inputs.AccessGroupExcludeServiceToken>;
@@ -1165,12 +1233,32 @@ export interface AccessGroupExcludeIpList {
      */
     id: pulumi.Input<string>;
 }
+export interface AccessGroupExcludeLinkedAppToken {
+    /**
+     * The ID of an Access OIDC SaaS application
+     */
+    appUid: pulumi.Input<string>;
+}
 export interface AccessGroupExcludeLoginMethod {
     /**
      * The ID of an identity provider.
      */
     id: pulumi.Input<string>;
 }
+export interface AccessGroupExcludeOidc {
+    /**
+     * The name of the OIDC claim.
+     */
+    claimName: pulumi.Input<string>;
+    /**
+     * The OIDC claim value to look for.
+     */
+    claimValue: pulumi.Input<string>;
+    /**
+     * The ID of your OIDC identity provider.
+     */
+    identityProviderId: pulumi.Input<string>;
+}
 export interface AccessGroupExcludeOkta {
     /**
      * The ID of your Okta identity provider.
@@ -1226,7 +1314,9 @@ export interface AccessGroupInclude {
     gsuite?: pulumi.Input<inputs.AccessGroupIncludeGsuite>;
     ip?: pulumi.Input<inputs.AccessGroupIncludeIp>;
     ipList?: pulumi.Input<inputs.AccessGroupIncludeIpList>;
+    linkedAppToken?: pulumi.Input<inputs.AccessGroupIncludeLinkedAppToken>;
     loginMethod?: pulumi.Input<inputs.AccessGroupIncludeLoginMethod>;
+    oidc?: pulumi.Input<inputs.AccessGroupIncludeOidc>;
     okta?: pulumi.Input<inputs.AccessGroupIncludeOkta>;
     saml?: pulumi.Input<inputs.AccessGroupIncludeSaml>;
     serviceToken?: pulumi.Input<inputs.AccessGroupIncludeServiceToken>;
@@ -1355,12 +1445,32 @@ export interface AccessGroupIncludeIpList {
      */
     id: pulumi.Input<string>;
 }
+export interface AccessGroupIncludeLinkedAppToken {
+    /**
+     * The ID of an Access OIDC SaaS application
+     */
+    appUid: pulumi.Input<string>;
+}
 export interface AccessGroupIncludeLoginMethod {
     /**
      * The ID of an identity provider.
      */
     id: pulumi.Input<string>;
 }
+export interface AccessGroupIncludeOidc {
+    /**
+     * The name of the OIDC claim.
+     */
+    claimName: pulumi.Input<string>;
+    /**
+     * The OIDC claim value to look for.
+     */
+    claimValue: pulumi.Input<string>;
+    /**
+     * The ID of your OIDC identity provider.
+     */
+    identityProviderId: pulumi.Input<string>;
+}
 export interface AccessGroupIncludeOkta {
     /**
      * The ID of your Okta identity provider.
@@ -1416,7 +1526,9 @@ export interface AccessGroupRequire {
     gsuite?: pulumi.Input<inputs.AccessGroupRequireGsuite>;
     ip?: pulumi.Input<inputs.AccessGroupRequireIp>;
     ipList?: pulumi.Input<inputs.AccessGroupRequireIpList>;
+    linkedAppToken?: pulumi.Input<inputs.AccessGroupRequireLinkedAppToken>;
     loginMethod?: pulumi.Input<inputs.AccessGroupRequireLoginMethod>;
+    oidc?: pulumi.Input<inputs.AccessGroupRequireOidc>;
     okta?: pulumi.Input<inputs.AccessGroupRequireOkta>;
     saml?: pulumi.Input<inputs.AccessGroupRequireSaml>;
     serviceToken?: pulumi.Input<inputs.AccessGroupRequireServiceToken>;
@@ -1545,12 +1657,32 @@ export interface AccessGroupRequireIpList {
      */
     id: pulumi.Input<string>;
 }
+export interface AccessGroupRequireLinkedAppToken {
+    /**
+     * The ID of an Access OIDC SaaS application
+     */
+    appUid: pulumi.Input<string>;
+}
 export interface AccessGroupRequireLoginMethod {
     /**
      * The ID of an identity provider.
      */
     id: pulumi.Input<string>;
 }
+export interface AccessGroupRequireOidc {
+    /**
+     * The name of the OIDC claim.
+     */
+    claimName: pulumi.Input<string>;
+    /**
+     * The OIDC claim value to look for.
+     */
+    claimValue: pulumi.Input<string>;
+    /**
+     * The ID of your OIDC identity provider.
+     */
+    identityProviderId: pulumi.Input<string>;
+}
 export interface AccessGroupRequireOkta {
     /**
      * The ID of your Okta identity provider.
@@ -1618,6 +1750,10 @@ export interface AccessIdentityProviderConfig {
      * Your OAuth Client ID
      */
     clientId?: pulumi.Input<string>;
+    /**
+     * Your OAuth Client Secret
+     */
+    clientSecret?: pulumi.Input<string>;
     /**
      * Should Cloudflare try to load authentication contexts from your account
      */
@@ -1811,7 +1947,9 @@ export interface AccessPolicyExclude {
     gsuite?: pulumi.Input<inputs.AccessPolicyExcludeGsuite>;
     ip?: pulumi.Input<inputs.AccessPolicyExcludeIp>;
     ipList?: pulumi.Input<inputs.AccessPolicyExcludeIpList>;
+    linkedAppToken?: pulumi.Input<inputs.AccessPolicyExcludeLinkedAppToken>;
     loginMethod?: pulumi.Input<inputs.AccessPolicyExcludeLoginMethod>;
+    oidc?: pulumi.Input<inputs.AccessPolicyExcludeOidc>;
     okta?: pulumi.Input<inputs.AccessPolicyExcludeOkta>;
     saml?: pulumi.Input<inputs.AccessPolicyExcludeSaml>;
     serviceToken?: pulumi.Input<inputs.AccessPolicyExcludeServiceToken>;
@@ -1940,12 +2078,32 @@ export interface AccessPolicyExcludeIpList {
      */
     id: pulumi.Input<string>;
 }
+export interface AccessPolicyExcludeLinkedAppToken {
+    /**
+     * The ID of an Access OIDC SaaS application
+     */
+    appUid: pulumi.Input<string>;
+}
 export interface AccessPolicyExcludeLoginMethod {
     /**
      * The ID of an identity provider.
      */
     id: pulumi.Input<string>;
 }
+export interface AccessPolicyExcludeOidc {
+    /**
+     * The name of the OIDC claim.
+     */
+    claimName: pulumi.Input<string>;
+    /**
+     * The OIDC claim value to look for.
+     */
+    claimValue: pulumi.Input<string>;
+    /**
+     * The ID of your OIDC identity provider.
+     */
+    identityProviderId: pulumi.Input<string>;
+}
 export interface AccessPolicyExcludeOkta {
     /**
      * The ID of your Okta identity provider.
@@ -2001,7 +2159,9 @@ export interface AccessPolicyInclude {
     gsuite?: pulumi.Input<inputs.AccessPolicyIncludeGsuite>;
     ip?: pulumi.Input<inputs.AccessPolicyIncludeIp>;
     ipList?: pulumi.Input<inputs.AccessPolicyIncludeIpList>;
+    linkedAppToken?: pulumi.Input<inputs.AccessPolicyIncludeLinkedAppToken>;
     loginMethod?: pulumi.Input<inputs.AccessPolicyIncludeLoginMethod>;
+    oidc?: pulumi.Input<inputs.AccessPolicyIncludeOidc>;
     okta?: pulumi.Input<inputs.AccessPolicyIncludeOkta>;
     saml?: pulumi.Input<inputs.AccessPolicyIncludeSaml>;
     serviceToken?: pulumi.Input<inputs.AccessPolicyIncludeServiceToken>;
@@ -2130,12 +2290,32 @@ export interface AccessPolicyIncludeIpList {
      */
     id: pulumi.Input<string>;
 }
+export interface AccessPolicyIncludeLinkedAppToken {
+    /**
+     * The ID of an Access OIDC SaaS application
+     */
+    appUid: pulumi.Input<string>;
+}
 export interface AccessPolicyIncludeLoginMethod {
     /**
      * The ID of an identity provider.
      */
     id: pulumi.Input<string>;
 }
+export interface AccessPolicyIncludeOidc {
+    /**
+     * The name of the OIDC claim.
+     */
+    claimName: pulumi.Input<string>;
+    /**
+     * The OIDC claim value to look for.
+     */
+    claimValue: pulumi.Input<string>;
+    /**
+     * The ID of your OIDC identity provider.
+     */
+    identityProviderId: pulumi.Input<string>;
+}
 export interface AccessPolicyIncludeOkta {
     /**
      * The ID of your Okta identity provider.
@@ -2191,7 +2371,9 @@ export interface AccessPolicyRequire {
     gsuite?: pulumi.Input<inputs.AccessPolicyRequireGsuite>;
     ip?: pulumi.Input<inputs.AccessPolicyRequireIp>;
     ipList?: pulumi.Input<inputs.AccessPolicyRequireIpList>;
+    linkedAppToken?: pulumi.Input<inputs.AccessPolicyRequireLinkedAppToken>;
     loginMethod?: pulumi.Input<inputs.AccessPolicyRequireLoginMethod>;
+    oidc?: pulumi.Input<inputs.AccessPolicyRequireOidc>;
     okta?: pulumi.Input<inputs.AccessPolicyRequireOkta>;
     saml?: pulumi.Input<inputs.AccessPolicyRequireSaml>;
     serviceToken?: pulumi.Input<inputs.AccessPolicyRequireServiceToken>;
@@ -2320,12 +2502,32 @@ export interface AccessPolicyRequireIpList {
      */
     id: pulumi.Input<string>;
 }
+export interface AccessPolicyRequireLinkedAppToken {
+    /**
+     * The ID of an Access OIDC SaaS application
+     */
+    appUid: pulumi.Input<string>;
+}
 export interface AccessPolicyRequireLoginMethod {
     /**
      * The ID of an identity provider.
      */
     id: pulumi.Input<string>;
 }
+export interface AccessPolicyRequireOidc {
+    /**
+     * The name of the OIDC claim.
+     */
+    claimName: pulumi.Input<string>;
+    /**
+     * The OIDC claim value to look for.
+     */
+    claimValue: pulumi.Input<string>;
+    /**
+     * The ID of your OIDC identity provider.
+     */
+    identityProviderId: pulumi.Input<string>;
+}
 export interface AccessPolicyRequireOkta {
     /**
      * The ID of your Okta identity provider.
@@ -3413,9 +3615,9 @@ export interface DlpCustomProfileContextAwarenessSkip {
 }
 export interface DlpCustomProfileEntry {
     enabled: pulumi.Input<boolean>;
+    entryId?: pulumi.Input<string>;
     name: pulumi.Input<string>;
-    pattern?: pulumi.Input<inputs.DlpCustomProfileEntryPattern>;
-    words?: pulumi.Input<pulumi.Input<string>[]>;
+    pattern: pulumi.Input<inputs.DlpCustomProfileEntryPattern>;
 }
 export interface DlpCustomProfileEntryPattern {
     regex: pulumi.Input<string>;
@@ -3430,7 +3632,7 @@ export interface DlpCustomProfileSharedEntry {
     enabled: pulumi.Input<boolean>;
     entryId: pulumi.Input<string>;
     /**
-     * Available values: "custom", "predefined", "integration", "exactData".
+     * Available values: "custom", "predefined", "integration", "exact*data", "document*fingerprint".
      */
     entryType: pulumi.Input<string>;
 }
@@ -4861,6 +5063,7 @@ export interface GetEmailSecurityBlockSenderFilter {
      * Available values: "pattern", "createdAt".
      */
     order?: string;
+    pattern?: string;
     /**
      * Available values: "EMAIL", "DOMAIN", "IP", "UNKNOWN".
      */
@@ -4884,6 +5087,7 @@ export interface GetEmailSecurityBlockSenderFilterArgs {
      * Available values: "pattern", "createdAt".
      */
     order?: pulumi.Input<string>;
+    pattern?: pulumi.Input<string>;
     /**
      * Available values: "EMAIL", "DOMAIN", "IP", "UNKNOWN".
      */
@@ -4955,6 +5159,7 @@ export interface GetEmailSecurityTrustedDomainsFilter {
      * Available values: "pattern", "createdAt".
      */
     order?: string;
+    pattern?: string;
     /**
      * Allows searching in multiple properties of a record simultaneously.
      * This parameter is intended for human users, not automation. Its exact
@@ -4976,6 +5181,7 @@ export interface GetEmailSecurityTrustedDomainsFilterArgs {
      * Available values: "pattern", "createdAt".
      */
     order?: pulumi.Input<string>;
+    pattern?: pulumi.Input<string>;
     /**
      * Allows searching in multiple properties of a record simultaneously.
      * This parameter is intended for human users, not automation. Its exact
@@ -5124,6 +5330,34 @@ export interface GetTurnstileWidgetFilterArgs {
      */
     order?: pulumi.Input<string>;
 }
+export interface GetUserAgentBlockingRuleFilter {
+    /**
+     * A string to search for in the description of existing rules.
+     */
+    description?: string;
+    /**
+     * When true, indicates that the rule is currently paused.
+     */
+    paused?: boolean;
+    /**
+     * A string to search for in the user agent values of existing rules.
+     */
+    userAgent?: string;
+}
+export interface GetUserAgentBlockingRuleFilterArgs {
+    /**
+     * A string to search for in the description of existing rules.
+     */
+    description?: pulumi.Input<string>;
+    /**
+     * When true, indicates that the rule is currently paused.
+     */
+    paused?: pulumi.Input<boolean>;
+    /**
+     * A string to search for in the user agent values of existing rules.
+     */
+    userAgent?: pulumi.Input<string>;
+}
 export interface GetWebAnalyticsSiteFilter {
     /**
      * The property used to sort the list of results.
@@ -5215,6 +5449,10 @@ export interface GetZeroTrustAccessApplicationFilter {
      * The domain of the app.
      */
     domain?: string;
+    /**
+     * True for only exact string matches against passed name/domain query parameters.
+     */
+    exact?: boolean;
     /**
      * The name of the app.
      */
@@ -5233,6 +5471,10 @@ export interface GetZeroTrustAccessApplicationFilterArgs {
      * The domain of the app.
      */
     domain?: pulumi.Input<string>;
+    /**
+     * True for only exact string matches against passed name/domain query parameters.
+     */
+    exact?: pulumi.Input<boolean>;
     /**
      * The name of the app.
      */
@@ -5642,6 +5884,60 @@ export interface GetZeroTrustTunnelCloudflaredVirtualNetworkFilterArgs {
      */
     name?: pulumi.Input<string>;
 }
+export interface GetZeroTrustTunnelWarpConnectorFilter {
+    excludePrefix?: string;
+    /**
+     * If provided, include only resources that were created (and not deleted) before this time. URL encoded.
+     */
+    existedAt?: string;
+    includePrefix?: string;
+    /**
+     * If `true`, only include deleted tunnels. If `false`, exclude deleted tunnels. If empty, all tunnels will be included.
+     */
+    isDeleted?: boolean;
+    /**
+     * A user-friendly name for the tunnel.
+     */
+    name?: string;
+    /**
+     * The status of the tunnel. Valid values are `inactive` (tunnel has never been run), `degraded` (tunnel is active and able to serve traffic but in an unhealthy state), `healthy` (tunnel is active and able to serve traffic), or `down` (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).
+     * Available values: "inactive", "degraded", "healthy", "down".
+     */
+    status?: string;
+    /**
+     * UUID of the tunnel.
+     */
+    uuid?: string;
+    wasActiveAt?: string;
+    wasInactiveAt?: string;
+}
+export interface GetZeroTrustTunnelWarpConnectorFilterArgs {
+    excludePrefix?: pulumi.Input<string>;
+    /**
+     * If provided, include only resources that were created (and not deleted) before this time. URL encoded.
+     */
+    existedAt?: pulumi.Input<string>;
+    includePrefix?: pulumi.Input<string>;
+    /**
+     * If `true`, only include deleted tunnels. If `false`, exclude deleted tunnels. If empty, all tunnels will be included.
+     */
+    isDeleted?: pulumi.Input<boolean>;
+    /**
+     * A user-friendly name for the tunnel.
+     */
+    name?: pulumi.Input<string>;
+    /**
+     * The status of the tunnel. Valid values are `inactive` (tunnel has never been run), `degraded` (tunnel is active and able to serve traffic but in an unhealthy state), `healthy` (tunnel is active and able to serve traffic), or `down` (tunnel can not serve traffic as it has no connections to the Cloudflare Edge).
+     * Available values: "inactive", "degraded", "healthy", "down".
+     */
+    status?: pulumi.Input<string>;
+    /**
+     * UUID of the tunnel.
+     */
+    uuid?: pulumi.Input<string>;
+    wasActiveAt?: pulumi.Input<string>;
+    wasInactiveAt?: pulumi.Input<string>;
+}
 export interface GetZoneFilter {
     account?: inputs.GetZoneFilterAccount;
     /**
@@ -6033,6 +6329,10 @@ export interface KeylessCertificateTunnel {
     vnetId: pulumi.Input<string>;
 }
 export interface ListItemHostname {
+    /**
+     * Only applies to wildcard hostnames (e.g., *.example.com). When true (default), only subdomains are blocked. When false, both the root domain and subdomains are blocked.
+     */
+    excludeExactHostname?: pulumi.Input<boolean>;
     urlHostname: pulumi.Input<string>;
 }
 export interface ListItemRedirect {
@@ -6567,50 +6867,7 @@ export interface MagicTransitSiteWanStaticAddressing {
      */
     secondaryAddress?: pulumi.Input<string>;
 }
-export interface MagicWanGreTunnelGreTunnel {
-    /**
-     * The IP address assigned to the Cloudflare side of the GRE tunnel.
-     */
-    cloudflareGreEndpoint?: pulumi.Input<string>;
-    /**
-     * The date and time the tunnel was created.
-     */
-    createdOn?: pulumi.Input<string>;
-    /**
-     * The IP address assigned to the customer side of the GRE tunnel.
-     */
-    customerGreEndpoint?: pulumi.Input<string>;
-    /**
-     * An optional description of the GRE tunnel.
-     */
-    description?: pulumi.Input<string>;
-    healthCheck?: pulumi.Input<inputs.MagicWanGreTunnelGreTunnelHealthCheck>;
-    /**
-     * Identifier
-     */
-    id?: pulumi.Input<string>;
-    /**
-     * A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
-     */
-    interfaceAddress?: pulumi.Input<string>;
-    /**
-     * The date and time the tunnel was last modified.
-     */
-    modifiedOn?: pulumi.Input<string>;
-    /**
-     * Maximum Transmission Unit (MTU) in bytes for the GRE tunnel. The minimum value is 576.
-     */
-    mtu?: pulumi.Input<number>;
-    /**
-     * The name of the tunnel. The name cannot contain spaces or special characters, must be 15 characters or less, and cannot share a name with another GRE tunnel.
-     */
-    name?: pulumi.Input<string>;
-    /**
-     * Time To Live (TTL) in number of hops of the GRE tunnel.
-     */
-    ttl?: pulumi.Input<number>;
-}
-export interface MagicWanGreTunnelGreTunnelHealthCheck {
+export interface MagicWanGreTunnelHealthCheck {
     /**
      * The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel.
      * Available values: "unidirectional", "bidirectional".
@@ -6628,14 +6885,14 @@ export interface MagicWanGreTunnelGreTunnelHealthCheck {
     /**
      * The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to `customerGreEndpoint address`. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
      */
-    target?: pulumi.Input<inputs.MagicWanGreTunnelGreTunnelHealthCheckTarget>;
+    target?: pulumi.Input<inputs.MagicWanGreTunnelHealthCheckTarget>;
     /**
      * The type of healthcheck to run, reply or request. The default value is `reply`.
      * Available values: "reply", "request".
      */
     type?: pulumi.Input<string>;
 }
-export interface MagicWanGreTunnelGreTunnelHealthCheckTarget {
+export interface MagicWanGreTunnelHealthCheckTarget {
     /**
      * The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
      */
@@ -6645,7 +6902,7 @@ export interface MagicWanGreTunnelGreTunnelHealthCheckTarget {
      */
     saved?: pulumi.Input<string>;
 }
-export interface MagicWanGreTunnelHealthCheck {
+export interface MagicWanIpsecTunnelHealthCheck {
     /**
      * The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel.
      * Available values: "unidirectional", "bidirectional".
@@ -6663,14 +6920,14 @@ export interface MagicWanGreTunnelHealthCheck {
     /**
      * The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to `customerGreEndpoint address`. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
      */
-    target?: pulumi.Input<inputs.MagicWanGreTunnelHealthCheckTarget>;
+    target?: pulumi.Input<inputs.MagicWanIpsecTunnelHealthCheckTarget>;
     /**
      * The type of healthcheck to run, reply or request. The default value is `reply`.
      * Available values: "reply", "request".
      */
     type?: pulumi.Input<string>;
 }
-export interface MagicWanGreTunnelHealthCheckTarget {
+export interface MagicWanIpsecTunnelHealthCheckTarget {
     /**
      * The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
      */
@@ -6680,440 +6937,55 @@ export interface MagicWanGreTunnelHealthCheckTarget {
      */
     saved?: pulumi.Input<string>;
 }
-export interface MagicWanGreTunnelModifiedGreTunnel {
+export interface MagicWanIpsecTunnelPskMetadata {
     /**
-     * The IP address assigned to the Cloudflare side of the GRE tunnel.
+     * The date and time the tunnel was last modified.
      */
-    cloudflareGreEndpoint?: pulumi.Input<string>;
+    lastGeneratedOn?: pulumi.Input<string>;
+}
+export interface MagicWanStaticRouteScope {
     /**
-     * The date and time the tunnel was created.
+     * List of colo names for the ECMP scope.
      */
-    createdOn?: pulumi.Input<string>;
+    coloNames?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * The IP address assigned to the customer side of the GRE tunnel.
+     * List of colo regions for the ECMP scope.
      */
-    customerGreEndpoint?: pulumi.Input<string>;
+    coloRegions?: pulumi.Input<pulumi.Input<string>[]>;
+}
+export interface ManagedHeadersManagedRequestHeader {
     /**
-     * An optional description of the GRE tunnel.
+     * The Managed Transforms that this Managed Transform conflicts with.
      */
-    description?: pulumi.Input<string>;
-    healthCheck?: pulumi.Input<inputs.MagicWanGreTunnelModifiedGreTunnelHealthCheck>;
+    conflictsWiths?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * Identifier
+     * Whether the Managed Transform is enabled.
      */
-    id?: pulumi.Input<string>;
+    enabled: pulumi.Input<boolean>;
     /**
-     * A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
+     * Whether the Managed Transform conflicts with the currently-enabled Managed Transforms.
      */
-    interfaceAddress?: pulumi.Input<string>;
+    hasConflict?: pulumi.Input<boolean>;
     /**
-     * The date and time the tunnel was last modified.
+     * The human-readable identifier of the Managed Transform.
      */
-    modifiedOn?: pulumi.Input<string>;
+    id: pulumi.Input<string>;
+}
+export interface ManagedHeadersManagedResponseHeader {
     /**
-     * Maximum Transmission Unit (MTU) in bytes for the GRE tunnel. The minimum value is 576.
+     * The Managed Transforms that this Managed Transform conflicts with.
      */
-    mtu?: pulumi.Input<number>;
+    conflictsWiths?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * The name of the tunnel. The name cannot contain spaces or special characters, must be 15 characters or less, and cannot share a name with another GRE tunnel.
+     * Whether the Managed Transform is enabled.
      */
-    name?: pulumi.Input<string>;
+    enabled: pulumi.Input<boolean>;
     /**
-     * Time To Live (TTL) in number of hops of the GRE tunnel.
+     * Whether the Managed Transform conflicts with the currently-enabled Managed Transforms.
      */
-    ttl?: pulumi.Input<number>;
-}
-export interface MagicWanGreTunnelModifiedGreTunnelHealthCheck {
+    hasConflict?: pulumi.Input<boolean>;
     /**
-     * The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel.
-     * Available values: "unidirectional", "bidirectional".
-     */
-    direction?: pulumi.Input<string>;
-    /**
-     * Determines whether to run healthchecks for a tunnel.
-     */
-    enabled?: pulumi.Input<boolean>;
-    /**
-     * How frequent the health check is run. The default value is `mid`.
-     * Available values: "low", "mid", "high".
-     */
-    rate?: pulumi.Input<string>;
-    /**
-     * The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to `customerGreEndpoint address`. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
-     */
-    target?: pulumi.Input<inputs.MagicWanGreTunnelModifiedGreTunnelHealthCheckTarget>;
-    /**
-     * The type of healthcheck to run, reply or request. The default value is `reply`.
-     * Available values: "reply", "request".
-     */
-    type?: pulumi.Input<string>;
-}
-export interface MagicWanGreTunnelModifiedGreTunnelHealthCheckTarget {
-    /**
-     * The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
-     */
-    effective?: pulumi.Input<string>;
-    /**
-     * The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.
-     */
-    saved?: pulumi.Input<string>;
-}
-export interface MagicWanIpsecTunnelHealthCheck {
-    /**
-     * The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel.
-     * Available values: "unidirectional", "bidirectional".
-     */
-    direction?: pulumi.Input<string>;
-    /**
-     * Determines whether to run healthchecks for a tunnel.
-     */
-    enabled?: pulumi.Input<boolean>;
-    /**
-     * How frequent the health check is run. The default value is `mid`.
-     * Available values: "low", "mid", "high".
-     */
-    rate?: pulumi.Input<string>;
-    /**
-     * The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to `customerGreEndpoint address`. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
-     */
-    target?: pulumi.Input<inputs.MagicWanIpsecTunnelHealthCheckTarget>;
-    /**
-     * The type of healthcheck to run, reply or request. The default value is `reply`.
-     * Available values: "reply", "request".
-     */
-    type?: pulumi.Input<string>;
-}
-export interface MagicWanIpsecTunnelHealthCheckTarget {
-    /**
-     * The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
-     */
-    effective?: pulumi.Input<string>;
-    /**
-     * The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.
-     */
-    saved?: pulumi.Input<string>;
-}
-export interface MagicWanIpsecTunnelIpsecTunnel {
-    /**
-     * When `true`, the tunnel can use a null-cipher (`ENCR_NULL`) in the ESP tunnel (Phase 2).
-     */
-    allowNullCipher?: pulumi.Input<boolean>;
-    /**
-     * The IP address assigned to the Cloudflare side of the IPsec tunnel.
-     */
-    cloudflareEndpoint?: pulumi.Input<string>;
-    /**
-     * The date and time the tunnel was created.
-     */
-    createdOn?: pulumi.Input<string>;
-    /**
-     * The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
-     */
-    customerEndpoint?: pulumi.Input<string>;
-    /**
-     * An optional description forthe IPsec tunnel.
-     */
-    description?: pulumi.Input<string>;
-    healthCheck?: pulumi.Input<inputs.MagicWanIpsecTunnelIpsecTunnelHealthCheck>;
-    /**
-     * Identifier
-     */
-    id?: pulumi.Input<string>;
-    /**
-     * A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
-     */
-    interfaceAddress?: pulumi.Input<string>;
-    /**
-     * The date and time the tunnel was last modified.
-     */
-    modifiedOn?: pulumi.Input<string>;
-    /**
-     * The name of the IPsec tunnel. The name cannot share a name with other tunnels.
-     */
-    name?: pulumi.Input<string>;
-    /**
-     * The PSK metadata that includes when the PSK was generated.
-     */
-    pskMetadata?: pulumi.Input<inputs.MagicWanIpsecTunnelIpsecTunnelPskMetadata>;
-    /**
-     * If `true`, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.
-     */
-    replayProtection?: pulumi.Input<boolean>;
-}
-export interface MagicWanIpsecTunnelIpsecTunnelHealthCheck {
-    /**
-     * The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel.
-     * Available values: "unidirectional", "bidirectional".
-     */
-    direction?: pulumi.Input<string>;
-    /**
-     * Determines whether to run healthchecks for a tunnel.
-     */
-    enabled?: pulumi.Input<boolean>;
-    /**
-     * How frequent the health check is run. The default value is `mid`.
-     * Available values: "low", "mid", "high".
-     */
-    rate?: pulumi.Input<string>;
-    /**
-     * The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to `customerGreEndpoint address`. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
-     */
-    target?: pulumi.Input<inputs.MagicWanIpsecTunnelIpsecTunnelHealthCheckTarget>;
-    /**
-     * The type of healthcheck to run, reply or request. The default value is `reply`.
-     * Available values: "reply", "request".
-     */
-    type?: pulumi.Input<string>;
-}
-export interface MagicWanIpsecTunnelIpsecTunnelHealthCheckTarget {
-    /**
-     * The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
-     */
-    effective?: pulumi.Input<string>;
-    /**
-     * The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.
-     */
-    saved?: pulumi.Input<string>;
-}
-export interface MagicWanIpsecTunnelIpsecTunnelPskMetadata {
-    /**
-     * The date and time the tunnel was last modified.
-     */
-    lastGeneratedOn?: pulumi.Input<string>;
-}
-export interface MagicWanIpsecTunnelModifiedIpsecTunnel {
-    /**
-     * When `true`, the tunnel can use a null-cipher (`ENCR_NULL`) in the ESP tunnel (Phase 2).
-     */
-    allowNullCipher?: pulumi.Input<boolean>;
-    /**
-     * The IP address assigned to the Cloudflare side of the IPsec tunnel.
-     */
-    cloudflareEndpoint?: pulumi.Input<string>;
-    /**
-     * The date and time the tunnel was created.
-     */
-    createdOn?: pulumi.Input<string>;
-    /**
-     * The IP address assigned to the customer side of the IPsec tunnel. Not required, but must be set for proactive traceroutes to work.
-     */
-    customerEndpoint?: pulumi.Input<string>;
-    /**
-     * An optional description forthe IPsec tunnel.
-     */
-    description?: pulumi.Input<string>;
-    healthCheck?: pulumi.Input<inputs.MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheck>;
-    /**
-     * Identifier
-     */
-    id?: pulumi.Input<string>;
-    /**
-     * A 31-bit prefix (/31 in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space: 10.0.0.0–10.255.255.255, 172.16.0.0–172.31.255.255, 192.168.0.0–192.168.255.255.
-     */
-    interfaceAddress?: pulumi.Input<string>;
-    /**
-     * The date and time the tunnel was last modified.
-     */
-    modifiedOn?: pulumi.Input<string>;
-    /**
-     * The name of the IPsec tunnel. The name cannot share a name with other tunnels.
-     */
-    name?: pulumi.Input<string>;
-    /**
-     * The PSK metadata that includes when the PSK was generated.
-     */
-    pskMetadata?: pulumi.Input<inputs.MagicWanIpsecTunnelModifiedIpsecTunnelPskMetadata>;
-    /**
-     * If `true`, then IPsec replay protection will be supported in the Cloudflare-to-customer direction.
-     */
-    replayProtection?: pulumi.Input<boolean>;
-}
-export interface MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheck {
-    /**
-     * The direction of the flow of the healthcheck. Either unidirectional, where the probe comes to you via the tunnel and the result comes back to Cloudflare via the open Internet, or bidirectional where both the probe and result come and go via the tunnel.
-     * Available values: "unidirectional", "bidirectional".
-     */
-    direction?: pulumi.Input<string>;
-    /**
-     * Determines whether to run healthchecks for a tunnel.
-     */
-    enabled?: pulumi.Input<boolean>;
-    /**
-     * How frequent the health check is run. The default value is `mid`.
-     * Available values: "low", "mid", "high".
-     */
-    rate?: pulumi.Input<string>;
-    /**
-     * The destination address in a request type health check. After the healthcheck is decapsulated at the customer end of the tunnel, the ICMP echo will be forwarded to this address. This field defaults to `customerGreEndpoint address`. This field is ignored for bidirectional healthchecks as the interface*address (not assigned to the Cloudflare side of the tunnel) is used as the target. Must be in object form if the x-magic-new-hc-target header is set to true and string form if x-magic-new-hc-target is absent or set to false.
-     */
-    target?: pulumi.Input<inputs.MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheckTarget>;
-    /**
-     * The type of healthcheck to run, reply or request. The default value is `reply`.
-     * Available values: "reply", "request".
-     */
-    type?: pulumi.Input<string>;
-}
-export interface MagicWanIpsecTunnelModifiedIpsecTunnelHealthCheckTarget {
-    /**
-     * The effective health check target. If 'saved' is empty, then this field will be populated with the calculated default value on GET requests. Ignored in POST, PUT, and PATCH requests.
-     */
-    effective?: pulumi.Input<string>;
-    /**
-     * The saved health check target. Setting the value to the empty string indicates that the calculated default value will be used.
-     */
-    saved?: pulumi.Input<string>;
-}
-export interface MagicWanIpsecTunnelModifiedIpsecTunnelPskMetadata {
-    /**
-     * The date and time the tunnel was last modified.
-     */
-    lastGeneratedOn?: pulumi.Input<string>;
-}
-export interface MagicWanIpsecTunnelPskMetadata {
-    /**
-     * The date and time the tunnel was last modified.
-     */
-    lastGeneratedOn?: pulumi.Input<string>;
-}
-export interface MagicWanStaticRouteModifiedRoute {
-    /**
-     * When the route was created.
-     */
-    createdOn?: pulumi.Input<string>;
-    /**
-     * An optional human provided description of the static route.
-     */
-    description?: pulumi.Input<string>;
-    /**
-     * Identifier
-     */
-    id?: pulumi.Input<string>;
-    /**
-     * When the route was last modified.
-     */
-    modifiedOn?: pulumi.Input<string>;
-    /**
-     * The next-hop IP Address for the static route.
-     */
-    nexthop?: pulumi.Input<string>;
-    /**
-     * IP Prefix in Classless Inter-Domain Routing format.
-     */
-    prefix?: pulumi.Input<string>;
-    /**
-     * Priority of the static route.
-     */
-    priority?: pulumi.Input<number>;
-    /**
-     * Used only for ECMP routes.
-     */
-    scope?: pulumi.Input<inputs.MagicWanStaticRouteModifiedRouteScope>;
-    /**
-     * Optional weight of the ECMP scope - if provided.
-     */
-    weight?: pulumi.Input<number>;
-}
-export interface MagicWanStaticRouteModifiedRouteScope {
-    /**
-     * List of colo names for the ECMP scope.
-     */
-    coloNames?: pulumi.Input<pulumi.Input<string>[]>;
-    /**
-     * List of colo regions for the ECMP scope.
-     */
-    coloRegions?: pulumi.Input<pulumi.Input<string>[]>;
-}
-export interface MagicWanStaticRouteRoute {
-    /**
-     * When the route was created.
-     */
-    createdOn?: pulumi.Input<string>;
-    /**
-     * An optional human provided description of the static route.
-     */
-    description?: pulumi.Input<string>;
-    /**
-     * Identifier
-     */
-    id?: pulumi.Input<string>;
-    /**
-     * When the route was last modified.
-     */
-    modifiedOn?: pulumi.Input<string>;
-    /**
-     * The next-hop IP Address for the static route.
-     */
-    nexthop?: pulumi.Input<string>;
-    /**
-     * IP Prefix in Classless Inter-Domain Routing format.
-     */
-    prefix?: pulumi.Input<string>;
-    /**
-     * Priority of the static route.
-     */
-    priority?: pulumi.Input<number>;
-    /**
-     * Used only for ECMP routes.
-     */
-    scope?: pulumi.Input<inputs.MagicWanStaticRouteRouteScope>;
-    /**
-     * Optional weight of the ECMP scope - if provided.
-     */
-    weight?: pulumi.Input<number>;
-}
-export interface MagicWanStaticRouteRouteScope {
-    /**
-     * List of colo names for the ECMP scope.
-     */
-    coloNames?: pulumi.Input<pulumi.Input<string>[]>;
-    /**
-     * List of colo regions for the ECMP scope.
-     */
-    coloRegions?: pulumi.Input<pulumi.Input<string>[]>;
-}
-export interface MagicWanStaticRouteScope {
-    /**
-     * List of colo names for the ECMP scope.
-     */
-    coloNames?: pulumi.Input<pulumi.Input<string>[]>;
-    /**
-     * List of colo regions for the ECMP scope.
-     */
-    coloRegions?: pulumi.Input<pulumi.Input<string>[]>;
-}
-export interface ManagedHeadersManagedRequestHeader {
-    /**
-     * The Managed Transforms that this Managed Transform conflicts with.
-     */
-    conflictsWiths?: pulumi.Input<pulumi.Input<string>[]>;
-    /**
-     * Whether the Managed Transform is enabled.
-     */
-    enabled: pulumi.Input<boolean>;
-    /**
-     * Whether the Managed Transform conflicts with the currently-enabled Managed Transforms.
-     */
-    hasConflict?: pulumi.Input<boolean>;
-    /**
-     * The human-readable identifier of the Managed Transform.
-     */
-    id: pulumi.Input<string>;
-}
-export interface ManagedHeadersManagedResponseHeader {
-    /**
-     * The Managed Transforms that this Managed Transform conflicts with.
-     */
-    conflictsWiths?: pulumi.Input<pulumi.Input<string>[]>;
-    /**
-     * Whether the Managed Transform is enabled.
-     */
-    enabled: pulumi.Input<boolean>;
-    /**
-     * Whether the Managed Transform conflicts with the currently-enabled Managed Transforms.
-     */
-    hasConflict?: pulumi.Input<boolean>;
-    /**
-     * The human-readable identifier of the Managed Transform.
+     * The human-readable identifier of the Managed Transform.
      */
     id: pulumi.Input<string>;
 }
@@ -9112,6 +8984,11 @@ export interface RulesetRuleActionParameters {
      * A set of overrides to apply to the target ruleset.
      */
     overrides?: pulumi.Input<inputs.RulesetRuleActionParametersOverrides>;
+    /**
+     * A phase to skip the execution of. This property is only compatible with products.
+     * Available values: "current".
+     */
+    phase?: pulumi.Input<string>;
     /**
      * A list of phases to skip the execution of. This option is incompatible with the rulesets option.
      */
@@ -9235,7 +9112,7 @@ export interface RulesetRuleActionParametersBrowserTtl {
     default?: pulumi.Input<number>;
     /**
      * Determines which browser ttl mode to use.
-     * Available values: "respect*origin", "bypass*by*default", "override*origin".
+     * Available values: "respect*origin", "bypass*by*default", "override*origin", "bypass".
      */
     mode: pulumi.Input<string>;
 }
@@ -9677,19 +9554,36 @@ export interface RulesetRuleRatelimit {
     scoreResponseHeaderName?: pulumi.Input<string>;
 }
 export interface SnippetRulesRule {
+    /**
+     * An informative description of the rule.
+     */
     description?: pulumi.Input<string>;
+    /**
+     * Whether the rule should be executed.
+     */
     enabled?: pulumi.Input<boolean>;
-    expression?: pulumi.Input<string>;
     /**
-     * Snippet identifying name
+     * The expression defining which traffic will match the rule.
+     */
+    expression: pulumi.Input<string>;
+    /**
+     * The unique ID of the rule.
+     */
+    id?: pulumi.Input<string>;
+    /**
+     * The timestamp of when the rule was last modified.
      */
-    snippetName?: pulumi.Input<string>;
+    lastUpdated?: pulumi.Input<string>;
+    /**
+     * The identifying name of the snippet.
+     */
+    snippetName: pulumi.Input<string>;
 }
 export interface SnippetsMetadata {
     /**
-     * Main module name of uploaded snippet
+     * Name of the file that contains the main module of the snippet.
      */
-    mainModule?: pulumi.Input<string>;
+    mainModule: pulumi.Input<string>;
 }
 export interface SpectrumApplicationDns {
     /**
@@ -9733,102 +9627,6 @@ export interface SpectrumApplicationOriginDns {
      */
     type?: pulumi.Input<string>;
 }
-export interface StaticRouteModifiedRoute {
-    /**
-     * When the route was created.
-     */
-    createdOn?: pulumi.Input<string>;
-    /**
-     * An optional human provided description of the static route.
-     */
-    description?: pulumi.Input<string>;
-    /**
-     * Identifier
-     */
-    id?: pulumi.Input<string>;
-    /**
-     * When the route was last modified.
-     */
-    modifiedOn?: pulumi.Input<string>;
-    /**
-     * The next-hop IP Address for the static route.
-     */
-    nexthop?: pulumi.Input<string>;
-    /**
-     * IP Prefix in Classless Inter-Domain Routing format.
-     */
-    prefix?: pulumi.Input<string>;
-    /**
-     * Priority of the static route.
-     */
-    priority?: pulumi.Input<number>;
-    /**
-     * Used only for ECMP routes.
-     */
-    scope?: pulumi.Input<inputs.StaticRouteModifiedRouteScope>;
-    /**
-     * Optional weight of the ECMP scope - if provided.
-     */
-    weight?: pulumi.Input<number>;
-}
-export interface StaticRouteModifiedRouteScope {
-    /**
-     * List of colo names for the ECMP scope.
-     */
-    coloNames?: pulumi.Input<pulumi.Input<string>[]>;
-    /**
-     * List of colo regions for the ECMP scope.
-     */
-    coloRegions?: pulumi.Input<pulumi.Input<string>[]>;
-}
-export interface StaticRouteRoute {
-    /**
-     * When the route was created.
-     */
-    createdOn?: pulumi.Input<string>;
-    /**
-     * An optional human provided description of the static route.
-     */
-    description?: pulumi.Input<string>;
-    /**
-     * Identifier
-     */
-    id?: pulumi.Input<string>;
-    /**
-     * When the route was last modified.
-     */
-    modifiedOn?: pulumi.Input<string>;
-    /**
-     * The next-hop IP Address for the static route.
-     */
-    nexthop?: pulumi.Input<string>;
-    /**
-     * IP Prefix in Classless Inter-Domain Routing format.
-     */
-    prefix?: pulumi.Input<string>;
-    /**
-     * Priority of the static route.
-     */
-    priority?: pulumi.Input<number>;
-    /**
-     * Used only for ECMP routes.
-     */
-    scope?: pulumi.Input<inputs.StaticRouteRouteScope>;
-    /**
-     * Optional weight of the ECMP scope - if provided.
-     */
-    weight?: pulumi.Input<number>;
-}
-export interface StaticRouteRouteScope {
-    /**
-     * List of colo names for the ECMP scope.
-     */
-    coloNames?: pulumi.Input<pulumi.Input<string>[]>;
-    /**
-     * List of colo regions for the ECMP scope.
-     */
-    coloRegions?: pulumi.Input<pulumi.Input<string>[]>;
-}
 export interface StaticRouteScope {
     /**
      * List of colo names for the ECMP scope.
@@ -9957,7 +9755,7 @@ export interface StreamStatus {
     pctComplete?: pulumi.Input<string>;
     /**
      * Specifies the processing status for all quality levels for a video.
-     * Available values: "pendingupload", "downloading", "queued", "inprogress", "ready", "error".
+     * Available values: "pendingupload", "downloading", "queued", "inprogress", "ready", "error", "live-inprogress".
      */
     state?: pulumi.Input<string>;
 }
@@ -10016,10 +9814,6 @@ export interface TeamsAccountSettings {
      * Anti-virus settings.
      */
     antivirus?: pulumi.Input<inputs.TeamsAccountSettingsAntivirus>;
-    /**
-     * Setting to enable App Control
-     */
-    appControlSettings?: pulumi.Input<inputs.TeamsAccountSettingsAppControlSettings>;
     /**
      * Block page layout settings.
      */
@@ -10054,6 +9848,10 @@ export interface TeamsAccountSettings {
      * Setting to enable host selector in egress policies.
      */
     hostSelector?: pulumi.Input<inputs.TeamsAccountSettingsHostSelector>;
+    /**
+     * Setting to define inspection settings
+     */
+    inspection?: pulumi.Input<inputs.TeamsAccountSettingsInspection>;
     /**
      * Protocol Detection settings.
      */
@@ -10109,15 +9907,9 @@ export interface TeamsAccountSettingsAntivirusNotificationSettings {
      */
     supportUrl?: pulumi.Input<string>;
 }
-export interface TeamsAccountSettingsAppControlSettings {
-    /**
-     * Enable App Control
-     */
-    enabled?: pulumi.Input<boolean>;
-}
 export interface TeamsAccountSettingsBlockPage {
     /**
-     * If mode is customized*block*page: block page background color in #rrggbb format.
+     * If mode is customized_block_page: block page background color in #rrggbb format.
      */
     backgroundColor?: pulumi.Input<string>;
     /**
@@ -10125,50 +9917,63 @@ export interface TeamsAccountSettingsBlockPage {
      */
     enabled?: pulumi.Input<boolean>;
     /**
-     * If mode is customized*block*page: block page footer text.
+     * If mode is customized_block_page: block page footer text.
      */
     footerText?: pulumi.Input<string>;
     /**
-     * If mode is customized*block*page: block page header text.
+     * If mode is customized_block_page: block page header text.
      */
     headerText?: pulumi.Input<string>;
     /**
-     * If mode is redirect*uri: when enabled, context will be appended to target*uri as query parameters.
+     * If mode is redirect_uri: when enabled, context will be appended to targetUri as query parameters.
      */
     includeContext?: pulumi.Input<boolean>;
     /**
-     * If mode is customized*block*page: full URL to the logo file.
+     * If mode is customized_block_page: full URL to the logo file.
      */
     logoPath?: pulumi.Input<string>;
     /**
-     * If mode is customized*block*page: admin email for users to contact.
+     * If mode is customized_block_page: admin email for users to contact.
      */
     mailtoAddress?: pulumi.Input<string>;
     /**
-     * If mode is customized*block*page: subject line for emails created from block page.
+     * If mode is customized_block_page: subject line for emails created from block page.
      */
     mailtoSubject?: pulumi.Input<string>;
     /**
      * Controls whether the user is redirected to a Cloudflare-hosted block page or to a customer-provided URI.
-     * Available values: "customized*block*page", "redirectUri".
+     * Available values: "customizedBlockPage", "redirectUri".
      */
     mode?: pulumi.Input<string>;
     /**
-     * If mode is customized*block*page: block page title.
+     * If mode is customized_block_page: block page title.
      */
     name?: pulumi.Input<string>;
     /**
-     * If mode is customized*block*page: suppress detailed info at the bottom of the block page.
+     * This setting was shared via the Orgs API and cannot be edited by the current account
+     */
+    readOnly?: pulumi.Input<boolean>;
+    /**
+     * Account tag of account that shared this setting
+     */
+    sourceAccount?: pulumi.Input<string>;
+    /**
+     * If mode is customized_block_page: suppress detailed info at the bottom of the block page.
      */
     suppressFooter?: pulumi.Input<boolean>;
     /**
      * If mode is redirect_uri: URI to which the user should be redirected.
      */
     targetUri?: pulumi.Input<string>;
+    /**
+     * Version number of the setting
+     */
+    version?: pulumi.Input<number>;
 }
 export interface TeamsAccountSettingsBodyScanning {
     /**
      * Set the inspection mode to either `deep` or `shallow`.
+     * Available values: "deep", "shallow".
      */
     inspectionMode?: pulumi.Input<string>;
 }
@@ -10208,6 +10013,18 @@ export interface TeamsAccountSettingsExtendedEmailMatching {
      * Enable matching all variants of user emails (with + or . modifiers) used as criteria in Firewall policies.
      */
     enabled?: pulumi.Input<boolean>;
+    /**
+     * This setting was shared via the Orgs API and cannot be edited by the current account
+     */
+    readOnly?: pulumi.Input<boolean>;
+    /**
+     * Account tag of account that shared this setting
+     */
+    sourceAccount?: pulumi.Input<string>;
+    /**
+     * Version number of the setting
+     */
+    version?: pulumi.Input<number>;
 }
 export interface TeamsAccountSettingsFips {
     /**
@@ -10221,6 +10038,15 @@ export interface TeamsAccountSettingsHostSelector {
      */
     enabled?: pulumi.Input<boolean>;
 }
+export interface TeamsAccountSettingsInspection {
+    /**
+     * Defines the mode of inspection the proxy will use.
+     * - static: Gateway will use static inspection to inspect HTTP on TCP(80). If TLS decryption is on, Gateway will inspect HTTPS traffic on TCP(443) & UDP(443).
+     * - dynamic: Gateway will use protocol detection to dynamically inspect HTTP and HTTPS traffic on any port. TLS decryption must be on to inspect HTTPS traffic.
+     * Available values: "static", "dynamic".
+     */
+    mode?: pulumi.Input<string>;
+}
 export interface TeamsAccountSettingsProtocolDetection {
     /**
      * Enable detecting protocol on initial bytes of client traffic.
@@ -10245,7 +10071,6 @@ export interface TeamsAccountSettingsTlsDecrypt {
     enabled?: pulumi.Input<boolean>;
 }
 export interface TeamsListItem {
-    createdAt?: pulumi.Input<string>;
     /**
      * The description of the list item, if present
      */
@@ -10256,10 +10081,10 @@ export interface TeamsListItem {
     value?: pulumi.Input<string>;
 }
 export interface TeamsLocationEndpoints {
-    doh?: pulumi.Input<inputs.TeamsLocationEndpointsDoh>;
-    dot?: pulumi.Input<inputs.TeamsLocationEndpointsDot>;
-    ipv4?: pulumi.Input<inputs.TeamsLocationEndpointsIpv4>;
-    ipv6?: pulumi.Input<inputs.TeamsLocationEndpointsIpv6>;
+    doh: pulumi.Input<inputs.TeamsLocationEndpointsDoh>;
+    dot: pulumi.Input<inputs.TeamsLocationEndpointsDot>;
+    ipv4: pulumi.Input<inputs.TeamsLocationEndpointsIpv4>;
+    ipv6: pulumi.Input<inputs.TeamsLocationEndpointsIpv6>;
 }
 export interface TeamsLocationEndpointsDoh {
     /**
@@ -10345,7 +10170,7 @@ export interface TeamsRuleRuleSettings {
      * Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
      */
     addHeaders?: pulumi.Input<{
-        [key: string]: pulumi.Input<string>;
+        [key: string]: pulumi.Input<pulumi.Input<string>[]>;
     }>;
     /**
      * Set by parent MSP accounts to enable their children to bypass this rule.
@@ -11027,11 +10852,7 @@ export interface WorkerScriptAssetsConfig {
     /**
      * The contents of a _headers file (used to attach custom headers on asset responses)
      */
-    _headers?: pulumi.Input<string>;
-    /**
-     * The contents of a _redirects file (used to apply redirects or proxy paths ahead of asset serving)
-     */
-    _redirects?: pulumi.Input<string>;
+    headers?: pulumi.Input<string>;
     /**
      * Determines the redirects and rewrites of requests for HTML content.
      * Available values: "auto-trailing-slash", "force-trailing-slash", "drop-trailing-slash", "none".
@@ -11042,6 +10863,10 @@ export interface WorkerScriptAssetsConfig {
      * Available values: "none", "404-page", "single-page-application".
      */
     notFoundHandling?: pulumi.Input<string>;
+    /**
+     * The contents of a _redirects file (used to apply redirects or proxy paths ahead of asset serving)
+     */
+    redirects?: pulumi.Input<string>;
     /**
      * When true, requests will always invoke the Worker script. Otherwise, attempt to serve an asset matching the request, falling back to the Worker script.
      */
@@ -11149,7 +10974,7 @@ export interface WorkerScriptBinding {
     text?: pulumi.Input<string>;
     /**
      * The kind of resource that the binding provides.
-     * Available values: "ai", "analytics*engine", "assets", "browser", "d1", "dispatch*namespace", "durable*object*namespace", "hyperdrive", "json", "kv*namespace", "mtls*certificate", "plain*text", "pipelines", "queue", "r2*bucket", "secret*text", "service", "tail*consumer", "vectorize", "version*metadata", "secrets*store*secret", "secret*key".
+     * Available values: "ai", "analytics*engine", "assets", "browser", "d1", "dispatch*namespace", "durable*object*namespace", "hyperdrive", "json", "kv*namespace", "mtls*certificate", "plain*text", "pipelines", "queue", "r2*bucket", "secret*text", "service", "tail*consumer", "vectorize", "version*metadata", "secrets*store*secret", "secret*key", "workflow".
      */
     type: pulumi.Input<string>;
     /**
@@ -11157,103 +10982,29 @@ export interface WorkerScriptBinding {
      */
     usages?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * Name of the Workflow to bind to.
-     */
-    workflowName?: pulumi.Input<string>;
-}
-export interface WorkerScriptBindingOutbound {
-    /**
-     * Pass information from the Dispatch Worker to the Outbound Worker through the parameters.
-     */
-    params?: pulumi.Input<pulumi.Input<string>[]>;
-    /**
-     * Outbound worker.
-     */
-    worker?: pulumi.Input<inputs.WorkerScriptBindingOutboundWorker>;
-}
-export interface WorkerScriptBindingOutboundWorker {
-    /**
-     * Environment of the outbound worker.
-     */
-    environment?: pulumi.Input<string>;
-    /**
-     * Name of the outbound worker.
-     */
-    service?: pulumi.Input<string>;
-}
-export interface WorkerScriptMigrations {
-    /**
-     * A list of classes to delete Durable Object namespaces from.
-     */
-    deletedClasses?: pulumi.Input<pulumi.Input<string>[]>;
-    /**
-     * A list of classes to create Durable Object namespaces from.
-     */
-    newClasses?: pulumi.Input<pulumi.Input<string>[]>;
-    /**
-     * A list of classes to create Durable Object namespaces with SQLite from.
-     */
-    newSqliteClasses?: pulumi.Input<pulumi.Input<string>[]>;
-    /**
-     * Tag to set as the latest migration tag.
-     */
-    newTag?: pulumi.Input<string>;
-    /**
-     * Tag used to verify against the latest migration tag for this Worker. If they don't match, the upload is rejected.
-     */
-    oldTag?: pulumi.Input<string>;
-    /**
-     * A list of classes with Durable Object namespaces that were renamed.
-     */
-    renamedClasses?: pulumi.Input<pulumi.Input<inputs.WorkerScriptMigrationsRenamedClass>[]>;
-    /**
-     * Migrations to apply in order.
-     */
-    steps?: pulumi.Input<pulumi.Input<inputs.WorkerScriptMigrationsStep>[]>;
-    /**
-     * A list of transfers for Durable Object namespaces from a different Worker and class to a class defined in this Worker.
-     */
-    transferredClasses?: pulumi.Input<pulumi.Input<inputs.WorkerScriptMigrationsTransferredClass>[]>;
-}
-export interface WorkerScriptMigrationsRenamedClass {
-    from?: pulumi.Input<string>;
-    to?: pulumi.Input<string>;
-}
-export interface WorkerScriptMigrationsStep {
-    /**
-     * A list of classes to delete Durable Object namespaces from.
+     * Name of the Workflow to bind to.
      */
-    deletedClasses?: pulumi.Input<pulumi.Input<string>[]>;
+    workflowName?: pulumi.Input<string>;
+}
+export interface WorkerScriptBindingOutbound {
     /**
-     * A list of classes to create Durable Object namespaces from.
+     * Pass information from the Dispatch Worker to the Outbound Worker through the parameters.
      */
-    newClasses?: pulumi.Input<pulumi.Input<string>[]>;
+    params?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * A list of classes to create Durable Object namespaces with SQLite from.
+     * Outbound worker.
      */
-    newSqliteClasses?: pulumi.Input<pulumi.Input<string>[]>;
+    worker?: pulumi.Input<inputs.WorkerScriptBindingOutboundWorker>;
+}
+export interface WorkerScriptBindingOutboundWorker {
     /**
-     * A list of classes with Durable Object namespaces that were renamed.
+     * Environment of the outbound worker.
      */
-    renamedClasses?: pulumi.Input<pulumi.Input<inputs.WorkerScriptMigrationsStepRenamedClass>[]>;
+    environment?: pulumi.Input<string>;
     /**
-     * A list of transfers for Durable Object namespaces from a different Worker and class to a class defined in this Worker.
+     * Name of the outbound worker.
      */
-    transferredClasses?: pulumi.Input<pulumi.Input<inputs.WorkerScriptMigrationsStepTransferredClass>[]>;
-}
-export interface WorkerScriptMigrationsStepRenamedClass {
-    from?: pulumi.Input<string>;
-    to?: pulumi.Input<string>;
-}
-export interface WorkerScriptMigrationsStepTransferredClass {
-    from?: pulumi.Input<string>;
-    fromScript?: pulumi.Input<string>;
-    to?: pulumi.Input<string>;
-}
-export interface WorkerScriptMigrationsTransferredClass {
-    from?: pulumi.Input<string>;
-    fromScript?: pulumi.Input<string>;
-    to?: pulumi.Input<string>;
+    service?: pulumi.Input<string>;
 }
 export interface WorkerScriptObservability {
     /**
@@ -11323,28 +11074,10 @@ export interface WorkersDeploymentAnnotations {
      * Human-readable message about the deployment. Truncated to 100 bytes.
      */
     workersMessage?: pulumi.Input<string>;
-}
-export interface WorkersDeploymentDeployment {
-    annotations?: pulumi.Input<inputs.WorkersDeploymentDeploymentAnnotations>;
-    authorEmail?: pulumi.Input<string>;
-    createdOn?: pulumi.Input<string>;
-    id?: pulumi.Input<string>;
-    source?: pulumi.Input<string>;
-    /**
-     * Available values: "percentage".
-     */
-    strategy?: pulumi.Input<string>;
-    versions?: pulumi.Input<pulumi.Input<inputs.WorkersDeploymentDeploymentVersion>[]>;
-}
-export interface WorkersDeploymentDeploymentAnnotations {
     /**
-     * Human-readable message about the deployment. Truncated to 100 bytes.
+     * Operation that triggered the creation of the deployment.
      */
-    workersMessage?: pulumi.Input<string>;
-}
-export interface WorkersDeploymentDeploymentVersion {
-    percentage?: pulumi.Input<number>;
-    versionId?: pulumi.Input<string>;
+    workersTriggeredBy?: pulumi.Input<string>;
 }
 export interface WorkersDeploymentVersion {
     percentage: pulumi.Input<number>;
@@ -11364,11 +11097,7 @@ export interface WorkersScriptAssetsConfig {
     /**
      * The contents of a _headers file (used to attach custom headers on asset responses)
      */
-    _headers?: pulumi.Input<string>;
-    /**
-     * The contents of a _redirects file (used to apply redirects or proxy paths ahead of asset serving)
-     */
-    _redirects?: pulumi.Input<string>;
+    headers?: pulumi.Input<string>;
     /**
      * Determines the redirects and rewrites of requests for HTML content.
      * Available values: "auto-trailing-slash", "force-trailing-slash", "drop-trailing-slash", "none".
@@ -11379,6 +11108,10 @@ export interface WorkersScriptAssetsConfig {
      * Available values: "none", "404-page", "single-page-application".
      */
     notFoundHandling?: pulumi.Input<string>;
+    /**
+     * The contents of a _redirects file (used to apply redirects or proxy paths ahead of asset serving)
+     */
+    redirects?: pulumi.Input<string>;
     /**
      * When true, requests will always invoke the Worker script. Otherwise, attempt to serve an asset matching the request, falling back to the Worker script.
      */
@@ -11486,7 +11219,7 @@ export interface WorkersScriptBinding {
     text?: pulumi.Input<string>;
     /**
      * The kind of resource that the binding provides.
-     * Available values: "ai", "analytics*engine", "assets", "browser", "d1", "dispatch*namespace", "durable*object*namespace", "hyperdrive", "json", "kv*namespace", "mtls*certificate", "plain*text", "pipelines", "queue", "r2*bucket", "secret*text", "service", "tail*consumer", "vectorize", "version*metadata", "secrets*store*secret", "secret*key".
+     * Available values: "ai", "analytics*engine", "assets", "browser", "d1", "dispatch*namespace", "durable*object*namespace", "hyperdrive", "json", "kv*namespace", "mtls*certificate", "plain*text", "pipelines", "queue", "r2*bucket", "secret*text", "service", "tail*consumer", "vectorize", "version*metadata", "secrets*store*secret", "secret*key", "workflow".
      */
     type: pulumi.Input<string>;
     /**
@@ -11518,80 +11251,6 @@ export interface WorkersScriptBindingOutboundWorker {
      */
     service?: pulumi.Input<string>;
 }
-export interface WorkersScriptMigrations {
-    /**
-     * A list of classes to delete Durable Object namespaces from.
-     */
-    deletedClasses?: pulumi.Input<pulumi.Input<string>[]>;
-    /**
-     * A list of classes to create Durable Object namespaces from.
-     */
-    newClasses?: pulumi.Input<pulumi.Input<string>[]>;
-    /**
-     * A list of classes to create Durable Object namespaces with SQLite from.
-     */
-    newSqliteClasses?: pulumi.Input<pulumi.Input<string>[]>;
-    /**
-     * Tag to set as the latest migration tag.
-     */
-    newTag?: pulumi.Input<string>;
-    /**
-     * Tag used to verify against the latest migration tag for this Worker. If they don't match, the upload is rejected.
-     */
-    oldTag?: pulumi.Input<string>;
-    /**
-     * A list of classes with Durable Object namespaces that were renamed.
-     */
-    renamedClasses?: pulumi.Input<pulumi.Input<inputs.WorkersScriptMigrationsRenamedClass>[]>;
-    /**
-     * Migrations to apply in order.
-     */
-    steps?: pulumi.Input<pulumi.Input<inputs.WorkersScriptMigrationsStep>[]>;
-    /**
-     * A list of transfers for Durable Object namespaces from a different Worker and class to a class defined in this Worker.
-     */
-    transferredClasses?: pulumi.Input<pulumi.Input<inputs.WorkersScriptMigrationsTransferredClass>[]>;
-}
-export interface WorkersScriptMigrationsRenamedClass {
-    from?: pulumi.Input<string>;
-    to?: pulumi.Input<string>;
-}
-export interface WorkersScriptMigrationsStep {
-    /**
-     * A list of classes to delete Durable Object namespaces from.
-     */
-    deletedClasses?: pulumi.Input<pulumi.Input<string>[]>;
-    /**
-     * A list of classes to create Durable Object namespaces from.
-     */
-    newClasses?: pulumi.Input<pulumi.Input<string>[]>;
-    /**
-     * A list of classes to create Durable Object namespaces with SQLite from.
-     */
-    newSqliteClasses?: pulumi.Input<pulumi.Input<string>[]>;
-    /**
-     * A list of classes with Durable Object namespaces that were renamed.
-     */
-    renamedClasses?: pulumi.Input<pulumi.Input<inputs.WorkersScriptMigrationsStepRenamedClass>[]>;
-    /**
-     * A list of transfers for Durable Object namespaces from a different Worker and class to a class defined in this Worker.
-     */
-    transferredClasses?: pulumi.Input<pulumi.Input<inputs.WorkersScriptMigrationsStepTransferredClass>[]>;
-}
-export interface WorkersScriptMigrationsStepRenamedClass {
-    from?: pulumi.Input<string>;
-    to?: pulumi.Input<string>;
-}
-export interface WorkersScriptMigrationsStepTransferredClass {
-    from?: pulumi.Input<string>;
-    fromScript?: pulumi.Input<string>;
-    to?: pulumi.Input<string>;
-}
-export interface WorkersScriptMigrationsTransferredClass {
-    from?: pulumi.Input<string>;
-    fromScript?: pulumi.Input<string>;
-    to?: pulumi.Input<string>;
-}
 export interface WorkersScriptObservability {
     /**
      * Whether observability is enabled for the Worker.
@@ -11823,7 +11482,9 @@ export interface ZeroTrustAccessApplicationPolicyExclude {
     gsuite?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyExcludeGsuite>;
     ip?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyExcludeIp>;
     ipList?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyExcludeIpList>;
+    linkedAppToken?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyExcludeLinkedAppToken>;
     loginMethod?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyExcludeLoginMethod>;
+    oidc?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyExcludeOidc>;
     okta?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyExcludeOkta>;
     saml?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyExcludeSaml>;
     serviceToken?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyExcludeServiceToken>;
@@ -11952,12 +11613,32 @@ export interface ZeroTrustAccessApplicationPolicyExcludeIpList {
      */
     id: pulumi.Input<string>;
 }
+export interface ZeroTrustAccessApplicationPolicyExcludeLinkedAppToken {
+    /**
+     * The ID of an Access OIDC SaaS application
+     */
+    appUid: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessApplicationPolicyExcludeLoginMethod {
     /**
      * The ID of an identity provider.
      */
     id: pulumi.Input<string>;
 }
+export interface ZeroTrustAccessApplicationPolicyExcludeOidc {
+    /**
+     * The name of the OIDC claim.
+     */
+    claimName: pulumi.Input<string>;
+    /**
+     * The OIDC claim value to look for.
+     */
+    claimValue: pulumi.Input<string>;
+    /**
+     * The ID of your OIDC identity provider.
+     */
+    identityProviderId: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessApplicationPolicyExcludeOkta {
     /**
      * The ID of your Okta identity provider.
@@ -12013,7 +11694,9 @@ export interface ZeroTrustAccessApplicationPolicyInclude {
     gsuite?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyIncludeGsuite>;
     ip?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyIncludeIp>;
     ipList?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyIncludeIpList>;
+    linkedAppToken?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyIncludeLinkedAppToken>;
     loginMethod?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyIncludeLoginMethod>;
+    oidc?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyIncludeOidc>;
     okta?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyIncludeOkta>;
     saml?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyIncludeSaml>;
     serviceToken?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyIncludeServiceToken>;
@@ -12142,12 +11825,32 @@ export interface ZeroTrustAccessApplicationPolicyIncludeIpList {
      */
     id: pulumi.Input<string>;
 }
+export interface ZeroTrustAccessApplicationPolicyIncludeLinkedAppToken {
+    /**
+     * The ID of an Access OIDC SaaS application
+     */
+    appUid: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessApplicationPolicyIncludeLoginMethod {
     /**
      * The ID of an identity provider.
      */
     id: pulumi.Input<string>;
 }
+export interface ZeroTrustAccessApplicationPolicyIncludeOidc {
+    /**
+     * The name of the OIDC claim.
+     */
+    claimName: pulumi.Input<string>;
+    /**
+     * The OIDC claim value to look for.
+     */
+    claimValue: pulumi.Input<string>;
+    /**
+     * The ID of your OIDC identity provider.
+     */
+    identityProviderId: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessApplicationPolicyIncludeOkta {
     /**
      * The ID of your Okta identity provider.
@@ -12203,7 +11906,9 @@ export interface ZeroTrustAccessApplicationPolicyRequire {
     gsuite?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyRequireGsuite>;
     ip?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyRequireIp>;
     ipList?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyRequireIpList>;
+    linkedAppToken?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyRequireLinkedAppToken>;
     loginMethod?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyRequireLoginMethod>;
+    oidc?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyRequireOidc>;
     okta?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyRequireOkta>;
     saml?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyRequireSaml>;
     serviceToken?: pulumi.Input<inputs.ZeroTrustAccessApplicationPolicyRequireServiceToken>;
@@ -12332,12 +12037,32 @@ export interface ZeroTrustAccessApplicationPolicyRequireIpList {
      */
     id: pulumi.Input<string>;
 }
+export interface ZeroTrustAccessApplicationPolicyRequireLinkedAppToken {
+    /**
+     * The ID of an Access OIDC SaaS application
+     */
+    appUid: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessApplicationPolicyRequireLoginMethod {
     /**
      * The ID of an identity provider.
      */
     id: pulumi.Input<string>;
 }
+export interface ZeroTrustAccessApplicationPolicyRequireOidc {
+    /**
+     * The name of the OIDC claim.
+     */
+    claimName: pulumi.Input<string>;
+    /**
+     * The OIDC claim value to look for.
+     */
+    claimValue: pulumi.Input<string>;
+    /**
+     * The ID of your OIDC identity provider.
+     */
+    identityProviderId: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessApplicationPolicyRequireOkta {
     /**
      * The ID of your Okta identity provider.
@@ -12651,7 +12376,7 @@ export interface ZeroTrustAccessApplicationTargetCriteria {
     port: pulumi.Input<number>;
     /**
      * The communication protocol your application secures.
-     * Available values: "SSH".
+     * Available values: "SSH", "RDP".
      */
     protocol: pulumi.Input<string>;
     /**
@@ -12686,7 +12411,9 @@ export interface ZeroTrustAccessGroupExclude {
     gsuite?: pulumi.Input<inputs.ZeroTrustAccessGroupExcludeGsuite>;
     ip?: pulumi.Input<inputs.ZeroTrustAccessGroupExcludeIp>;
     ipList?: pulumi.Input<inputs.ZeroTrustAccessGroupExcludeIpList>;
+    linkedAppToken?: pulumi.Input<inputs.ZeroTrustAccessGroupExcludeLinkedAppToken>;
     loginMethod?: pulumi.Input<inputs.ZeroTrustAccessGroupExcludeLoginMethod>;
+    oidc?: pulumi.Input<inputs.ZeroTrustAccessGroupExcludeOidc>;
     okta?: pulumi.Input<inputs.ZeroTrustAccessGroupExcludeOkta>;
     saml?: pulumi.Input<inputs.ZeroTrustAccessGroupExcludeSaml>;
     serviceToken?: pulumi.Input<inputs.ZeroTrustAccessGroupExcludeServiceToken>;
@@ -12815,12 +12542,32 @@ export interface ZeroTrustAccessGroupExcludeIpList {
      */
     id: pulumi.Input<string>;
 }
+export interface ZeroTrustAccessGroupExcludeLinkedAppToken {
+    /**
+     * The ID of an Access OIDC SaaS application
+     */
+    appUid: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessGroupExcludeLoginMethod {
     /**
      * The ID of an identity provider.
      */
     id: pulumi.Input<string>;
 }
+export interface ZeroTrustAccessGroupExcludeOidc {
+    /**
+     * The name of the OIDC claim.
+     */
+    claimName: pulumi.Input<string>;
+    /**
+     * The OIDC claim value to look for.
+     */
+    claimValue: pulumi.Input<string>;
+    /**
+     * The ID of your OIDC identity provider.
+     */
+    identityProviderId: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessGroupExcludeOkta {
     /**
      * The ID of your Okta identity provider.
@@ -12876,7 +12623,9 @@ export interface ZeroTrustAccessGroupInclude {
     gsuite?: pulumi.Input<inputs.ZeroTrustAccessGroupIncludeGsuite>;
     ip?: pulumi.Input<inputs.ZeroTrustAccessGroupIncludeIp>;
     ipList?: pulumi.Input<inputs.ZeroTrustAccessGroupIncludeIpList>;
+    linkedAppToken?: pulumi.Input<inputs.ZeroTrustAccessGroupIncludeLinkedAppToken>;
     loginMethod?: pulumi.Input<inputs.ZeroTrustAccessGroupIncludeLoginMethod>;
+    oidc?: pulumi.Input<inputs.ZeroTrustAccessGroupIncludeOidc>;
     okta?: pulumi.Input<inputs.ZeroTrustAccessGroupIncludeOkta>;
     saml?: pulumi.Input<inputs.ZeroTrustAccessGroupIncludeSaml>;
     serviceToken?: pulumi.Input<inputs.ZeroTrustAccessGroupIncludeServiceToken>;
@@ -13005,12 +12754,32 @@ export interface ZeroTrustAccessGroupIncludeIpList {
      */
     id: pulumi.Input<string>;
 }
+export interface ZeroTrustAccessGroupIncludeLinkedAppToken {
+    /**
+     * The ID of an Access OIDC SaaS application
+     */
+    appUid: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessGroupIncludeLoginMethod {
     /**
      * The ID of an identity provider.
      */
     id: pulumi.Input<string>;
 }
+export interface ZeroTrustAccessGroupIncludeOidc {
+    /**
+     * The name of the OIDC claim.
+     */
+    claimName: pulumi.Input<string>;
+    /**
+     * The OIDC claim value to look for.
+     */
+    claimValue: pulumi.Input<string>;
+    /**
+     * The ID of your OIDC identity provider.
+     */
+    identityProviderId: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessGroupIncludeOkta {
     /**
      * The ID of your Okta identity provider.
@@ -13066,7 +12835,9 @@ export interface ZeroTrustAccessGroupRequire {
     gsuite?: pulumi.Input<inputs.ZeroTrustAccessGroupRequireGsuite>;
     ip?: pulumi.Input<inputs.ZeroTrustAccessGroupRequireIp>;
     ipList?: pulumi.Input<inputs.ZeroTrustAccessGroupRequireIpList>;
+    linkedAppToken?: pulumi.Input<inputs.ZeroTrustAccessGroupRequireLinkedAppToken>;
     loginMethod?: pulumi.Input<inputs.ZeroTrustAccessGroupRequireLoginMethod>;
+    oidc?: pulumi.Input<inputs.ZeroTrustAccessGroupRequireOidc>;
     okta?: pulumi.Input<inputs.ZeroTrustAccessGroupRequireOkta>;
     saml?: pulumi.Input<inputs.ZeroTrustAccessGroupRequireSaml>;
     serviceToken?: pulumi.Input<inputs.ZeroTrustAccessGroupRequireServiceToken>;
@@ -13195,12 +12966,32 @@ export interface ZeroTrustAccessGroupRequireIpList {
      */
     id: pulumi.Input<string>;
 }
+export interface ZeroTrustAccessGroupRequireLinkedAppToken {
+    /**
+     * The ID of an Access OIDC SaaS application
+     */
+    appUid: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessGroupRequireLoginMethod {
     /**
      * The ID of an identity provider.
      */
     id: pulumi.Input<string>;
 }
+export interface ZeroTrustAccessGroupRequireOidc {
+    /**
+     * The name of the OIDC claim.
+     */
+    claimName: pulumi.Input<string>;
+    /**
+     * The OIDC claim value to look for.
+     */
+    claimValue: pulumi.Input<string>;
+    /**
+     * The ID of your OIDC identity provider.
+     */
+    identityProviderId: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessGroupRequireOkta {
     /**
      * The ID of your Okta identity provider.
@@ -13268,6 +13059,10 @@ export interface ZeroTrustAccessIdentityProviderConfig {
      * Your OAuth Client ID
      */
     clientId?: pulumi.Input<string>;
+    /**
+     * Your OAuth Client Secret
+     */
+    clientSecret?: pulumi.Input<string>;
     /**
      * Should Cloudflare try to load authentication contexts from your account
      */
@@ -13459,7 +13254,9 @@ export interface ZeroTrustAccessPolicyExclude {
     gsuite?: pulumi.Input<inputs.ZeroTrustAccessPolicyExcludeGsuite>;
     ip?: pulumi.Input<inputs.ZeroTrustAccessPolicyExcludeIp>;
     ipList?: pulumi.Input<inputs.ZeroTrustAccessPolicyExcludeIpList>;
+    linkedAppToken?: pulumi.Input<inputs.ZeroTrustAccessPolicyExcludeLinkedAppToken>;
     loginMethod?: pulumi.Input<inputs.ZeroTrustAccessPolicyExcludeLoginMethod>;
+    oidc?: pulumi.Input<inputs.ZeroTrustAccessPolicyExcludeOidc>;
     okta?: pulumi.Input<inputs.ZeroTrustAccessPolicyExcludeOkta>;
     saml?: pulumi.Input<inputs.ZeroTrustAccessPolicyExcludeSaml>;
     serviceToken?: pulumi.Input<inputs.ZeroTrustAccessPolicyExcludeServiceToken>;
@@ -13588,12 +13385,32 @@ export interface ZeroTrustAccessPolicyExcludeIpList {
      */
     id: pulumi.Input<string>;
 }
+export interface ZeroTrustAccessPolicyExcludeLinkedAppToken {
+    /**
+     * The ID of an Access OIDC SaaS application
+     */
+    appUid: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessPolicyExcludeLoginMethod {
     /**
      * The ID of an identity provider.
      */
     id: pulumi.Input<string>;
 }
+export interface ZeroTrustAccessPolicyExcludeOidc {
+    /**
+     * The name of the OIDC claim.
+     */
+    claimName: pulumi.Input<string>;
+    /**
+     * The OIDC claim value to look for.
+     */
+    claimValue: pulumi.Input<string>;
+    /**
+     * The ID of your OIDC identity provider.
+     */
+    identityProviderId: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessPolicyExcludeOkta {
     /**
      * The ID of your Okta identity provider.
@@ -13649,7 +13466,9 @@ export interface ZeroTrustAccessPolicyInclude {
     gsuite?: pulumi.Input<inputs.ZeroTrustAccessPolicyIncludeGsuite>;
     ip?: pulumi.Input<inputs.ZeroTrustAccessPolicyIncludeIp>;
     ipList?: pulumi.Input<inputs.ZeroTrustAccessPolicyIncludeIpList>;
+    linkedAppToken?: pulumi.Input<inputs.ZeroTrustAccessPolicyIncludeLinkedAppToken>;
     loginMethod?: pulumi.Input<inputs.ZeroTrustAccessPolicyIncludeLoginMethod>;
+    oidc?: pulumi.Input<inputs.ZeroTrustAccessPolicyIncludeOidc>;
     okta?: pulumi.Input<inputs.ZeroTrustAccessPolicyIncludeOkta>;
     saml?: pulumi.Input<inputs.ZeroTrustAccessPolicyIncludeSaml>;
     serviceToken?: pulumi.Input<inputs.ZeroTrustAccessPolicyIncludeServiceToken>;
@@ -13778,12 +13597,32 @@ export interface ZeroTrustAccessPolicyIncludeIpList {
      */
     id: pulumi.Input<string>;
 }
+export interface ZeroTrustAccessPolicyIncludeLinkedAppToken {
+    /**
+     * The ID of an Access OIDC SaaS application
+     */
+    appUid: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessPolicyIncludeLoginMethod {
     /**
      * The ID of an identity provider.
      */
     id: pulumi.Input<string>;
 }
+export interface ZeroTrustAccessPolicyIncludeOidc {
+    /**
+     * The name of the OIDC claim.
+     */
+    claimName: pulumi.Input<string>;
+    /**
+     * The OIDC claim value to look for.
+     */
+    claimValue: pulumi.Input<string>;
+    /**
+     * The ID of your OIDC identity provider.
+     */
+    identityProviderId: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessPolicyIncludeOkta {
     /**
      * The ID of your Okta identity provider.
@@ -13839,7 +13678,9 @@ export interface ZeroTrustAccessPolicyRequire {
     gsuite?: pulumi.Input<inputs.ZeroTrustAccessPolicyRequireGsuite>;
     ip?: pulumi.Input<inputs.ZeroTrustAccessPolicyRequireIp>;
     ipList?: pulumi.Input<inputs.ZeroTrustAccessPolicyRequireIpList>;
+    linkedAppToken?: pulumi.Input<inputs.ZeroTrustAccessPolicyRequireLinkedAppToken>;
     loginMethod?: pulumi.Input<inputs.ZeroTrustAccessPolicyRequireLoginMethod>;
+    oidc?: pulumi.Input<inputs.ZeroTrustAccessPolicyRequireOidc>;
     okta?: pulumi.Input<inputs.ZeroTrustAccessPolicyRequireOkta>;
     saml?: pulumi.Input<inputs.ZeroTrustAccessPolicyRequireSaml>;
     serviceToken?: pulumi.Input<inputs.ZeroTrustAccessPolicyRequireServiceToken>;
@@ -13968,12 +13809,32 @@ export interface ZeroTrustAccessPolicyRequireIpList {
      */
     id: pulumi.Input<string>;
 }
+export interface ZeroTrustAccessPolicyRequireLinkedAppToken {
+    /**
+     * The ID of an Access OIDC SaaS application
+     */
+    appUid: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessPolicyRequireLoginMethod {
     /**
      * The ID of an identity provider.
      */
     id: pulumi.Input<string>;
 }
+export interface ZeroTrustAccessPolicyRequireOidc {
+    /**
+     * The name of the OIDC claim.
+     */
+    claimName: pulumi.Input<string>;
+    /**
+     * The OIDC claim value to look for.
+     */
+    claimValue: pulumi.Input<string>;
+    /**
+     * The ID of your OIDC identity provider.
+     */
+    identityProviderId: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessPolicyRequireOkta {
     /**
      * The ID of your Okta identity provider.
@@ -14407,6 +14268,25 @@ export interface ZeroTrustDexTestTargetPolicy {
      */
     name?: pulumi.Input<string>;
 }
+export interface ZeroTrustDlpCustomEntryConfidence {
+    /**
+     * Indicates whether this entry has AI remote service validation.
+     */
+    aiContextAvailable?: pulumi.Input<boolean>;
+    /**
+     * Indicates whether this entry has any form of validation that is not an AI remote service.
+     */
+    available?: pulumi.Input<boolean>;
+}
+export interface ZeroTrustDlpCustomEntryPattern {
+    regex: pulumi.Input<string>;
+    /**
+     * Available values: "luhn".
+     *
+     * @deprecated This attribute is deprecated.
+     */
+    validation?: pulumi.Input<string>;
+}
 export interface ZeroTrustDlpCustomProfileContextAwareness {
     /**
      * If true, scan the context of predefined entries to only return matches surrounded by keywords.
@@ -14425,9 +14305,9 @@ export interface ZeroTrustDlpCustomProfileContextAwarenessSkip {
 }
 export interface ZeroTrustDlpCustomProfileEntry {
     enabled: pulumi.Input<boolean>;
+    entryId?: pulumi.Input<string>;
     name: pulumi.Input<string>;
-    pattern?: pulumi.Input<inputs.ZeroTrustDlpCustomProfileEntryPattern>;
-    words?: pulumi.Input<pulumi.Input<string>[]>;
+    pattern: pulumi.Input<inputs.ZeroTrustDlpCustomProfileEntryPattern>;
 }
 export interface ZeroTrustDlpCustomProfileEntryPattern {
     regex: pulumi.Input<string>;
@@ -14442,7 +14322,7 @@ export interface ZeroTrustDlpCustomProfileSharedEntry {
     enabled: pulumi.Input<boolean>;
     entryId: pulumi.Input<string>;
     /**
-     * Available values: "custom", "predefined", "integration", "exactData".
+     * Available values: "custom", "predefined", "integration", "exact*data", "document*fingerprint".
      */
     entryType: pulumi.Input<string>;
 }
@@ -14451,7 +14331,7 @@ export interface ZeroTrustDlpDatasetColumn {
     headerName?: pulumi.Input<string>;
     numCells?: pulumi.Input<number>;
     /**
-     * Available values: "empty", "uploading", "processing", "failed", "complete".
+     * Available values: "empty", "uploading", "pending", "processing", "failed", "complete".
      */
     uploadStatus?: pulumi.Input<string>;
 }
@@ -14469,7 +14349,7 @@ export interface ZeroTrustDlpDatasetDataset {
     numCells?: pulumi.Input<number>;
     secret?: pulumi.Input<boolean>;
     /**
-     * Available values: "empty", "uploading", "processing", "failed", "complete".
+     * Available values: "empty", "uploading", "pending", "processing", "failed", "complete".
      */
     status?: pulumi.Input<string>;
     /**
@@ -14483,14 +14363,14 @@ export interface ZeroTrustDlpDatasetDatasetColumn {
     headerName?: pulumi.Input<string>;
     numCells?: pulumi.Input<number>;
     /**
-     * Available values: "empty", "uploading", "processing", "failed", "complete".
+     * Available values: "empty", "uploading", "pending", "processing", "failed", "complete".
      */
     uploadStatus?: pulumi.Input<string>;
 }
 export interface ZeroTrustDlpDatasetDatasetUpload {
     numCells?: pulumi.Input<number>;
     /**
-     * Available values: "empty", "uploading", "processing", "failed", "complete".
+     * Available values: "empty", "uploading", "pending", "processing", "failed", "complete".
      */
     status?: pulumi.Input<string>;
     version?: pulumi.Input<number>;
@@ -14498,7 +14378,7 @@ export interface ZeroTrustDlpDatasetDatasetUpload {
 export interface ZeroTrustDlpDatasetUpload {
     numCells?: pulumi.Input<number>;
     /**
-     * Available values: "empty", "uploading", "processing", "failed", "complete".
+     * Available values: "empty", "uploading", "pending", "processing", "failed", "complete".
      */
     status?: pulumi.Input<string>;
     version?: pulumi.Input<number>;
@@ -14522,6 +14402,16 @@ export interface ZeroTrustDlpEntryPattern {
      */
     validation?: pulumi.Input<string>;
 }
+export interface ZeroTrustDlpPredefinedEntryConfidence {
+    /**
+     * Indicates whether this entry has AI remote service validation.
+     */
+    aiContextAvailable?: pulumi.Input<boolean>;
+    /**
+     * Indicates whether this entry has any form of validation that is not an AI remote service.
+     */
+    available?: pulumi.Input<boolean>;
+}
 export interface ZeroTrustDlpPredefinedProfileContextAwareness {
     /**
      * If true, scan the context of predefined entries to only return matches surrounded by keywords.
@@ -14543,10 +14433,10 @@ export interface ZeroTrustDlpPredefinedProfileEntry {
     id: pulumi.Input<string>;
 }
 export interface ZeroTrustDnsLocationEndpoints {
-    doh?: pulumi.Input<inputs.ZeroTrustDnsLocationEndpointsDoh>;
-    dot?: pulumi.Input<inputs.ZeroTrustDnsLocationEndpointsDot>;
-    ipv4?: pulumi.Input<inputs.ZeroTrustDnsLocationEndpointsIpv4>;
-    ipv6?: pulumi.Input<inputs.ZeroTrustDnsLocationEndpointsIpv6>;
+    doh: pulumi.Input<inputs.ZeroTrustDnsLocationEndpointsDoh>;
+    dot: pulumi.Input<inputs.ZeroTrustDnsLocationEndpointsDot>;
+    ipv4: pulumi.Input<inputs.ZeroTrustDnsLocationEndpointsIpv4>;
+    ipv6: pulumi.Input<inputs.ZeroTrustDnsLocationEndpointsIpv6>;
 }
 export interface ZeroTrustDnsLocationEndpointsDoh {
     /**
@@ -14667,7 +14557,7 @@ export interface ZeroTrustGatewayPolicyRuleSettings {
      * Add custom headers to allowed requests, in the form of key-value pairs. Keys are header names, pointing to an array with its header value(s).
      */
     addHeaders?: pulumi.Input<{
-        [key: string]: pulumi.Input<string>;
+        [key: string]: pulumi.Input<pulumi.Input<string>[]>;
     }>;
     /**
      * Set by parent MSP accounts to enable their children to bypass this rule.
@@ -15018,10 +14908,6 @@ export interface ZeroTrustGatewaySettingsSettings {
      * Anti-virus settings.
      */
     antivirus?: pulumi.Input<inputs.ZeroTrustGatewaySettingsSettingsAntivirus>;
-    /**
-     * Setting to enable App Control
-     */
-    appControlSettings?: pulumi.Input<inputs.ZeroTrustGatewaySettingsSettingsAppControlSettings>;
     /**
      * Block page layout settings.
      */
@@ -15056,6 +14942,10 @@ export interface ZeroTrustGatewaySettingsSettings {
      * Setting to enable host selector in egress policies.
      */
     hostSelector?: pulumi.Input<inputs.ZeroTrustGatewaySettingsSettingsHostSelector>;
+    /**
+     * Setting to define inspection settings
+     */
+    inspection?: pulumi.Input<inputs.ZeroTrustGatewaySettingsSettingsInspection>;
     /**
      * Protocol Detection settings.
      */
@@ -15111,15 +15001,9 @@ export interface ZeroTrustGatewaySettingsSettingsAntivirusNotificationSettings {
      */
     supportUrl?: pulumi.Input<string>;
 }
-export interface ZeroTrustGatewaySettingsSettingsAppControlSettings {
-    /**
-     * Enable App Control
-     */
-    enabled?: pulumi.Input<boolean>;
-}
 export interface ZeroTrustGatewaySettingsSettingsBlockPage {
     /**
-     * If mode is customized*block*page: block page background color in #rrggbb format.
+     * If mode is customized_block_page: block page background color in #rrggbb format.
      */
     backgroundColor?: pulumi.Input<string>;
     /**
@@ -15127,50 +15011,63 @@ export interface ZeroTrustGatewaySettingsSettingsBlockPage {
      */
     enabled?: pulumi.Input<boolean>;
     /**
-     * If mode is customized*block*page: block page footer text.
+     * If mode is customized_block_page: block page footer text.
      */
     footerText?: pulumi.Input<string>;
     /**
-     * If mode is customized*block*page: block page header text.
+     * If mode is customized_block_page: block page header text.
      */
     headerText?: pulumi.Input<string>;
     /**
-     * If mode is redirect*uri: when enabled, context will be appended to target*uri as query parameters.
+     * If mode is redirect_uri: when enabled, context will be appended to targetUri as query parameters.
      */
     includeContext?: pulumi.Input<boolean>;
     /**
-     * If mode is customized*block*page: full URL to the logo file.
+     * If mode is customized_block_page: full URL to the logo file.
      */
     logoPath?: pulumi.Input<string>;
     /**
-     * If mode is customized*block*page: admin email for users to contact.
+     * If mode is customized_block_page: admin email for users to contact.
      */
     mailtoAddress?: pulumi.Input<string>;
     /**
-     * If mode is customized*block*page: subject line for emails created from block page.
+     * If mode is customized_block_page: subject line for emails created from block page.
      */
     mailtoSubject?: pulumi.Input<string>;
     /**
      * Controls whether the user is redirected to a Cloudflare-hosted block page or to a customer-provided URI.
-     * Available values: "customized*block*page", "redirectUri".
+     * Available values: "customizedBlockPage", "redirectUri".
      */
     mode?: pulumi.Input<string>;
     /**
-     * If mode is customized*block*page: block page title.
+     * If mode is customized_block_page: block page title.
      */
     name?: pulumi.Input<string>;
     /**
-     * If mode is customized*block*page: suppress detailed info at the bottom of the block page.
+     * This setting was shared via the Orgs API and cannot be edited by the current account
+     */
+    readOnly?: pulumi.Input<boolean>;
+    /**
+     * Account tag of account that shared this setting
+     */
+    sourceAccount?: pulumi.Input<string>;
+    /**
+     * If mode is customized_block_page: suppress detailed info at the bottom of the block page.
      */
     suppressFooter?: pulumi.Input<boolean>;
     /**
      * If mode is redirect_uri: URI to which the user should be redirected.
      */
     targetUri?: pulumi.Input<string>;
+    /**
+     * Version number of the setting
+     */
+    version?: pulumi.Input<number>;
 }
 export interface ZeroTrustGatewaySettingsSettingsBodyScanning {
     /**
      * Set the inspection mode to either `deep` or `shallow`.
+     * Available values: "deep", "shallow".
      */
     inspectionMode?: pulumi.Input<string>;
 }
@@ -15210,6 +15107,18 @@ export interface ZeroTrustGatewaySettingsSettingsExtendedEmailMatching {
      * Enable matching all variants of user emails (with + or . modifiers) used as criteria in Firewall policies.
      */
     enabled?: pulumi.Input<boolean>;
+    /**
+     * This setting was shared via the Orgs API and cannot be edited by the current account
+     */
+    readOnly?: pulumi.Input<boolean>;
+    /**
+     * Account tag of account that shared this setting
+     */
+    sourceAccount?: pulumi.Input<string>;
+    /**
+     * Version number of the setting
+     */
+    version?: pulumi.Input<number>;
 }
 export interface ZeroTrustGatewaySettingsSettingsFips {
     /**
@@ -15223,6 +15132,15 @@ export interface ZeroTrustGatewaySettingsSettingsHostSelector {
      */
     enabled?: pulumi.Input<boolean>;
 }
+export interface ZeroTrustGatewaySettingsSettingsInspection {
+    /**
+     * Defines the mode of inspection the proxy will use.
+     * - static: Gateway will use static inspection to inspect HTTP on TCP(80). If TLS decryption is on, Gateway will inspect HTTPS traffic on TCP(443) & UDP(443).
+     * - dynamic: Gateway will use protocol detection to dynamically inspect HTTP and HTTPS traffic on any port. TLS decryption must be on to inspect HTTPS traffic.
+     * Available values: "static", "dynamic".
+     */
+    mode?: pulumi.Input<string>;
+}
 export interface ZeroTrustGatewaySettingsSettingsProtocolDetection {
     /**
      * Enable detecting protocol on initial bytes of client traffic.
@@ -15247,7 +15165,6 @@ export interface ZeroTrustGatewaySettingsSettingsTlsDecrypt {
     enabled?: pulumi.Input<boolean>;
 }
 export interface ZeroTrustListItem {
-    createdAt?: pulumi.Input<string>;
     /**
      * The description of the list item, if present
      */
@@ -15517,6 +15434,40 @@ export interface ZeroTrustTunnelCloudflaredConnection {
      */
     uuid?: pulumi.Input<string>;
 }
+export interface ZeroTrustTunnelWarpConnectorConnection {
+    /**
+     * UUID of the Cloudflare Tunnel connector.
+     */
+    clientId?: pulumi.Input<string>;
+    /**
+     * The cloudflared version used to establish this connection.
+     */
+    clientVersion?: pulumi.Input<string>;
+    /**
+     * The Cloudflare data center used for this connection.
+     */
+    coloName?: pulumi.Input<string>;
+    /**
+     * UUID of the Cloudflare Tunnel connection.
+     */
+    id?: pulumi.Input<string>;
+    /**
+     * Cloudflare continues to track connections for several minutes after they disconnect. This is an optimization to improve latency and reliability of reconnecting.  If `true`, the connection has disconnected but is still being tracked. If `false`, the connection is actively serving traffic.
+     */
+    isPendingReconnect?: pulumi.Input<boolean>;
+    /**
+     * Timestamp of when the connection was established.
+     */
+    openedAt?: pulumi.Input<string>;
+    /**
+     * The public IP address of the host running cloudflared.
+     */
+    originIp?: pulumi.Input<string>;
+    /**
+     * UUID of the Cloudflare Tunnel connection.
+     */
+    uuid?: pulumi.Input<string>;
+}
 export interface ZoneAccount {
     /**
      * Identifier