@sst-provider/cloudflare5 5.0.0-alpha1 → 5.0.0-alpha1-1

package/bin/zeroTrustAccessApplication.d.ts

@@ -18,9 +18,9 @@ export declare class ZeroTrustAccessApplication extends pulumi.CustomResource {
      */
     static isInstance(obj: any): obj is ZeroTrustAccessApplication;
     /**
-     * The account identifier to target for the resource. Conflicts with `zone_id`.
+     * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
      */
-    readonly accountId: pulumi.Output<string>;
+    readonly accountId: pulumi.Output<string | undefined>;
     /**
      * When set to true, users can authenticate to this application using their WARP session. When set to false this
      * application will always require direct IdP authentication. This setting always overrides the organization setting for
@@ -28,100 +28,95 @@ export declare class ZeroTrustAccessApplication extends pulumi.CustomResource {
      */
     readonly allowAuthenticateViaWarp: pulumi.Output<boolean | undefined>;
     /**
-     * The identity providers selected for the application.
+     * The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in
+     * your account.
      */
     readonly allowedIdps: pulumi.Output<string[] | undefined>;
     /**
-     * The logo URL of the app launcher.
+     * The image URL of the logo shown in the App Launcher header.
      */
     readonly appLauncherLogoUrl: pulumi.Output<string | undefined>;
     /**
-     * Option to show/hide applications in App Launcher. Defaults to `true`.
+     * Displays the application in the App Launcher.
      */
-    readonly appLauncherVisible: pulumi.Output<boolean | undefined>;
+    readonly appLauncherVisible: pulumi.Output<boolean>;
     /**
-     * Application Audience (AUD) Tag of the application.
+     * When set to `true`, users skip the identity provider selection step during login. You must specify only one identity
+     * provider in allowed_idps.
      */
-    readonly aud: pulumi.Output<string>;
+    readonly autoRedirectToIdentity: pulumi.Output<boolean>;
     /**
-     * Option to skip identity provider selection if only one is configured in `allowed_idps`. Defaults to `false`.
-     */
-    readonly autoRedirectToIdentity: pulumi.Output<boolean | undefined>;
-    /**
-     * The background color of the app launcher.
+     * The background color of the App Launcher page.
      */
     readonly bgColor: pulumi.Output<string | undefined>;
+    readonly corsHeaders: pulumi.Output<outputs.ZeroTrustAccessApplicationCorsHeaders | undefined>;
     /**
-     * CORS configuration for the Access Application. See below for reference structure.
-     */
-    readonly corsHeaders: pulumi.Output<outputs.ZeroTrustAccessApplicationCorsHeader[] | undefined>;
-    /**
-     * Option that returns a custom error message when a user is denied access to the application.
+     * The custom error message shown to a user when they are denied access to the application.
      */
     readonly customDenyMessage: pulumi.Output<string | undefined>;
     /**
-     * Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
+     * The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
      */
     readonly customDenyUrl: pulumi.Output<string | undefined>;
     /**
-     * Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
+     * The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
      */
     readonly customNonIdentityDenyUrl: pulumi.Output<string | undefined>;
     /**
-     * The custom pages selected for the application.
+     * The custom pages that will be displayed when applicable for this application
      */
     readonly customPages: pulumi.Output<string[] | undefined>;
     /**
      * The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the
      * domain that will be displayed.
      */
-    readonly domain: pulumi.Output<string>;
+    readonly domain: pulumi.Output<string | undefined>;
     /**
-     * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an
-     * additional "binding" cookie on requests. Defaults to `false`.
+     * Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
      */
-    readonly enableBindingCookie: pulumi.Output<boolean | undefined>;
+    readonly enableBindingCookie: pulumi.Output<boolean>;
     /**
-     * The footer links of the app launcher.
+     * The links in the App Launcher footer.
      */
     readonly footerLinks: pulumi.Output<outputs.ZeroTrustAccessApplicationFooterLink[] | undefined>;
     /**
-     * The background color of the header bar in the app launcher.
+     * The background color of the App Launcher header.
      */
     readonly headerBgColor: pulumi.Output<string | undefined>;
     /**
-     * Option to add the `HttpOnly` cookie flag to access tokens.
+     * Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
      */
-    readonly httpOnlyCookieAttribute: pulumi.Output<boolean | undefined>;
+    readonly httpOnlyCookieAttribute: pulumi.Output<boolean>;
     /**
-     * The landing page design of the app launcher.
+     * The design of the App Launcher landing page shown to users when they log in.
      */
     readonly landingPageDesign: pulumi.Output<outputs.ZeroTrustAccessApplicationLandingPageDesign | undefined>;
     /**
-     * Image URL for the logo shown in the app launcher dashboard.
+     * The image URL for the logo shown in the App Launcher dashboard.
      */
     readonly logoUrl: pulumi.Output<string | undefined>;
     /**
-     * Friendly name of the Access Application.
+     * The name of the application.
      */
     readonly name: pulumi.Output<string>;
     /**
      * Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if
-     * cors_headers is set. Defaults to `false`.
+     * cors_headers is set.
      */
     readonly optionsPreflightBypass: pulumi.Output<boolean | undefined>;
     /**
-     * The policies associated with the application, in ascending order of precedence. Warning: Do not use this field while you
-     * still have this application ID referenced as `application_id` in any `cloudflare.AccessPolicy` resource, as it can
-     * result in an inconsistent state.
+     * Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the
+     * hostname by default
      */
-    readonly policies: pulumi.Output<string[] | undefined>;
+    readonly pathCookieAttribute: pulumi.Output<boolean>;
     /**
-     * SaaS configuration for the Access Application.
+     * The policies that will apply to the application, in ascending order of precedence. Items can reference existing policies
+     * or create new policies exclusive to the application.
      */
+    readonly policies: pulumi.Output<outputs.ZeroTrustAccessApplicationPolicy[] | undefined>;
     readonly saasApp: pulumi.Output<outputs.ZeroTrustAccessApplicationSaasApp | undefined>;
     /**
-     * Defines the same-site cookie setting for access tokens. Available values: `none`, `lax`, `strict`.
+     * Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
      */
     readonly sameSiteCookieAttribute: pulumi.Output<string | undefined>;
     /**
@@ -129,45 +124,38 @@ export declare class ZeroTrustAccessApplication extends pulumi.CustomResource {
      */
     readonly scimConfig: pulumi.Output<outputs.ZeroTrustAccessApplicationScimConfig | undefined>;
     /**
-     * List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the
-     * value set as `domain`.
+     * List of domains that Access will secure.
      */
     readonly selfHostedDomains: pulumi.Output<string[] | undefined>;
     /**
-     * Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`.
+     * Returns a 401 status code when the request is blocked by a Service Auth policy.
      */
     readonly serviceAuth401Redirect: pulumi.Output<boolean | undefined>;
     /**
-     * How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`. Defaults to `24h`.
+     * The amount of time that tokens issued for this application will be valid. Must be in the format `300ms` or `2h45m`.
+     * Valid time units are: ns, us (or µs), ms, s, m, h.
      */
-    readonly sessionDuration: pulumi.Output<string | undefined>;
+    readonly sessionDuration: pulumi.Output<string>;
     /**
-     * Option to skip the App Launcher landing page. Defaults to `false`.
+     * Determines when to skip the App Launcher landing page.
      */
-    readonly skipAppLauncherLoginPage: pulumi.Output<boolean | undefined>;
+    readonly skipAppLauncherLoginPage: pulumi.Output<boolean>;
     /**
-     * Option to skip the authorization interstitial when using the CLI. Defaults to `false`.
+     * Enables automatic authentication through cloudflared.
      */
     readonly skipInterstitial: pulumi.Output<boolean | undefined>;
     /**
-     * The itags associated with the application.
+     * The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
      */
     readonly tags: pulumi.Output<string[] | undefined>;
     /**
-     * A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or
-     * filter the resources to be provisioned.
-     */
-    readonly targetCriterias: pulumi.Output<outputs.ZeroTrustAccessApplicationTargetCriteria[] | undefined>;
-    /**
-     * The application type. Available values: `app_launcher`, `bookmark`, `biso`, `dash_sso`, `saas`, `self_hosted`, `ssh`,
-     * `vnc`, `warp`, `infrastructure`. Defaults to `self_hosted`.
+     * The application type.
      */
     readonly type: pulumi.Output<string | undefined>;
-    readonly zeroTrustAccessApplicationId: pulumi.Output<string>;
     /**
-     * The zone identifier to target for the resource. Conflicts with `account_id`.
+     * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
      */
-    readonly zoneId: pulumi.Output<string>;
+    readonly zoneId: pulumi.Output<string | undefined>;
     /**
      * Create a ZeroTrustAccessApplication resource with the given unique name, arguments, and options.
      *
@@ -182,7 +170,7 @@ export declare class ZeroTrustAccessApplication extends pulumi.CustomResource {
  */
 export interface ZeroTrustAccessApplicationState {
     /**
-     * The account identifier to target for the resource. Conflicts with `zone_id`.
+     * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
      */
     accountId?: pulumi.Input<string>;
     /**
@@ -192,47 +180,42 @@ export interface ZeroTrustAccessApplicationState {
      */
     allowAuthenticateViaWarp?: pulumi.Input<boolean>;
     /**
-     * The identity providers selected for the application.
+     * The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in
+     * your account.
      */
     allowedIdps?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * The logo URL of the app launcher.
+     * The image URL of the logo shown in the App Launcher header.
      */
     appLauncherLogoUrl?: pulumi.Input<string>;
     /**
-     * Option to show/hide applications in App Launcher. Defaults to `true`.
+     * Displays the application in the App Launcher.
      */
     appLauncherVisible?: pulumi.Input<boolean>;
     /**
-     * Application Audience (AUD) Tag of the application.
-     */
-    aud?: pulumi.Input<string>;
-    /**
-     * Option to skip identity provider selection if only one is configured in `allowed_idps`. Defaults to `false`.
+     * When set to `true`, users skip the identity provider selection step during login. You must specify only one identity
+     * provider in allowed_idps.
      */
     autoRedirectToIdentity?: pulumi.Input<boolean>;
     /**
-     * The background color of the app launcher.
+     * The background color of the App Launcher page.
      */
     bgColor?: pulumi.Input<string>;
+    corsHeaders?: pulumi.Input<inputs.ZeroTrustAccessApplicationCorsHeaders>;
     /**
-     * CORS configuration for the Access Application. See below for reference structure.
-     */
-    corsHeaders?: pulumi.Input<pulumi.Input<inputs.ZeroTrustAccessApplicationCorsHeader>[]>;
-    /**
-     * Option that returns a custom error message when a user is denied access to the application.
+     * The custom error message shown to a user when they are denied access to the application.
      */
     customDenyMessage?: pulumi.Input<string>;
     /**
-     * Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
+     * The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
      */
     customDenyUrl?: pulumi.Input<string>;
     /**
-     * Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
+     * The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
      */
     customNonIdentityDenyUrl?: pulumi.Input<string>;
     /**
-     * The custom pages selected for the application.
+     * The custom pages that will be displayed when applicable for this application
      */
     customPages?: pulumi.Input<pulumi.Input<string>[]>;
     /**
@@ -241,51 +224,51 @@ export interface ZeroTrustAccessApplicationState {
      */
     domain?: pulumi.Input<string>;
     /**
-     * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an
-     * additional "binding" cookie on requests. Defaults to `false`.
+     * Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
      */
     enableBindingCookie?: pulumi.Input<boolean>;
     /**
-     * The footer links of the app launcher.
+     * The links in the App Launcher footer.
      */
     footerLinks?: pulumi.Input<pulumi.Input<inputs.ZeroTrustAccessApplicationFooterLink>[]>;
     /**
-     * The background color of the header bar in the app launcher.
+     * The background color of the App Launcher header.
      */
     headerBgColor?: pulumi.Input<string>;
     /**
-     * Option to add the `HttpOnly` cookie flag to access tokens.
+     * Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
      */
     httpOnlyCookieAttribute?: pulumi.Input<boolean>;
     /**
-     * The landing page design of the app launcher.
+     * The design of the App Launcher landing page shown to users when they log in.
      */
     landingPageDesign?: pulumi.Input<inputs.ZeroTrustAccessApplicationLandingPageDesign>;
     /**
-     * Image URL for the logo shown in the app launcher dashboard.
+     * The image URL for the logo shown in the App Launcher dashboard.
      */
     logoUrl?: pulumi.Input<string>;
     /**
-     * Friendly name of the Access Application.
+     * The name of the application.
      */
     name?: pulumi.Input<string>;
     /**
      * Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if
-     * cors_headers is set. Defaults to `false`.
+     * cors_headers is set.
      */
     optionsPreflightBypass?: pulumi.Input<boolean>;
     /**
-     * The policies associated with the application, in ascending order of precedence. Warning: Do not use this field while you
-     * still have this application ID referenced as `application_id` in any `cloudflare.AccessPolicy` resource, as it can
-     * result in an inconsistent state.
+     * Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the
+     * hostname by default
      */
-    policies?: pulumi.Input<pulumi.Input<string>[]>;
+    pathCookieAttribute?: pulumi.Input<boolean>;
     /**
-     * SaaS configuration for the Access Application.
+     * The policies that will apply to the application, in ascending order of precedence. Items can reference existing policies
+     * or create new policies exclusive to the application.
      */
+    policies?: pulumi.Input<pulumi.Input<inputs.ZeroTrustAccessApplicationPolicy>[]>;
     saasApp?: pulumi.Input<inputs.ZeroTrustAccessApplicationSaasApp>;
     /**
-     * Defines the same-site cookie setting for access tokens. Available values: `none`, `lax`, `strict`.
+     * Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
      */
     sameSiteCookieAttribute?: pulumi.Input<string>;
     /**
@@ -293,43 +276,36 @@ export interface ZeroTrustAccessApplicationState {
      */
     scimConfig?: pulumi.Input<inputs.ZeroTrustAccessApplicationScimConfig>;
     /**
-     * List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the
-     * value set as `domain`.
+     * List of domains that Access will secure.
      */
     selfHostedDomains?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`.
+     * Returns a 401 status code when the request is blocked by a Service Auth policy.
      */
     serviceAuth401Redirect?: pulumi.Input<boolean>;
     /**
-     * How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`. Defaults to `24h`.
+     * The amount of time that tokens issued for this application will be valid. Must be in the format `300ms` or `2h45m`.
+     * Valid time units are: ns, us (or µs), ms, s, m, h.
      */
     sessionDuration?: pulumi.Input<string>;
     /**
-     * Option to skip the App Launcher landing page. Defaults to `false`.
+     * Determines when to skip the App Launcher landing page.
      */
     skipAppLauncherLoginPage?: pulumi.Input<boolean>;
     /**
-     * Option to skip the authorization interstitial when using the CLI. Defaults to `false`.
+     * Enables automatic authentication through cloudflared.
      */
     skipInterstitial?: pulumi.Input<boolean>;
     /**
-     * The itags associated with the application.
+     * The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
      */
     tags?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or
-     * filter the resources to be provisioned.
-     */
-    targetCriterias?: pulumi.Input<pulumi.Input<inputs.ZeroTrustAccessApplicationTargetCriteria>[]>;
-    /**
-     * The application type. Available values: `app_launcher`, `bookmark`, `biso`, `dash_sso`, `saas`, `self_hosted`, `ssh`,
-     * `vnc`, `warp`, `infrastructure`. Defaults to `self_hosted`.
+     * The application type.
      */
     type?: pulumi.Input<string>;
-    zeroTrustAccessApplicationId?: pulumi.Input<string>;
     /**
-     * The zone identifier to target for the resource. Conflicts with `account_id`.
+     * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
      */
     zoneId?: pulumi.Input<string>;
 }
@@ -338,7 +314,7 @@ export interface ZeroTrustAccessApplicationState {
  */
 export interface ZeroTrustAccessApplicationArgs {
     /**
-     * The account identifier to target for the resource. Conflicts with `zone_id`.
+     * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
      */
     accountId?: pulumi.Input<string>;
     /**
@@ -348,43 +324,42 @@ export interface ZeroTrustAccessApplicationArgs {
      */
     allowAuthenticateViaWarp?: pulumi.Input<boolean>;
     /**
-     * The identity providers selected for the application.
+     * The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in
+     * your account.
      */
     allowedIdps?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * The logo URL of the app launcher.
+     * The image URL of the logo shown in the App Launcher header.
      */
     appLauncherLogoUrl?: pulumi.Input<string>;
     /**
-     * Option to show/hide applications in App Launcher. Defaults to `true`.
+     * Displays the application in the App Launcher.
      */
     appLauncherVisible?: pulumi.Input<boolean>;
     /**
-     * Option to skip identity provider selection if only one is configured in `allowed_idps`. Defaults to `false`.
+     * When set to `true`, users skip the identity provider selection step during login. You must specify only one identity
+     * provider in allowed_idps.
      */
     autoRedirectToIdentity?: pulumi.Input<boolean>;
     /**
-     * The background color of the app launcher.
+     * The background color of the App Launcher page.
      */
     bgColor?: pulumi.Input<string>;
+    corsHeaders?: pulumi.Input<inputs.ZeroTrustAccessApplicationCorsHeaders>;
     /**
-     * CORS configuration for the Access Application. See below for reference structure.
-     */
-    corsHeaders?: pulumi.Input<pulumi.Input<inputs.ZeroTrustAccessApplicationCorsHeader>[]>;
-    /**
-     * Option that returns a custom error message when a user is denied access to the application.
+     * The custom error message shown to a user when they are denied access to the application.
      */
     customDenyMessage?: pulumi.Input<string>;
     /**
-     * Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
+     * The custom URL a user is redirected to when they are denied access to the application when failing identity-based rules.
      */
     customDenyUrl?: pulumi.Input<string>;
     /**
-     * Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
+     * The custom URL a user is redirected to when they are denied access to the application when failing non-identity rules.
      */
     customNonIdentityDenyUrl?: pulumi.Input<string>;
     /**
-     * The custom pages selected for the application.
+     * The custom pages that will be displayed when applicable for this application
      */
     customPages?: pulumi.Input<pulumi.Input<string>[]>;
     /**
@@ -393,51 +368,51 @@ export interface ZeroTrustAccessApplicationArgs {
      */
     domain?: pulumi.Input<string>;
     /**
-     * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an
-     * additional "binding" cookie on requests. Defaults to `false`.
+     * Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
      */
     enableBindingCookie?: pulumi.Input<boolean>;
     /**
-     * The footer links of the app launcher.
+     * The links in the App Launcher footer.
      */
     footerLinks?: pulumi.Input<pulumi.Input<inputs.ZeroTrustAccessApplicationFooterLink>[]>;
     /**
-     * The background color of the header bar in the app launcher.
+     * The background color of the App Launcher header.
      */
     headerBgColor?: pulumi.Input<string>;
     /**
-     * Option to add the `HttpOnly` cookie flag to access tokens.
+     * Enables the HttpOnly cookie attribute, which increases security against XSS attacks.
      */
     httpOnlyCookieAttribute?: pulumi.Input<boolean>;
     /**
-     * The landing page design of the app launcher.
+     * The design of the App Launcher landing page shown to users when they log in.
      */
     landingPageDesign?: pulumi.Input<inputs.ZeroTrustAccessApplicationLandingPageDesign>;
     /**
-     * Image URL for the logo shown in the app launcher dashboard.
+     * The image URL for the logo shown in the App Launcher dashboard.
      */
     logoUrl?: pulumi.Input<string>;
     /**
-     * Friendly name of the Access Application.
+     * The name of the application.
      */
     name?: pulumi.Input<string>;
     /**
      * Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if
-     * cors_headers is set. Defaults to `false`.
+     * cors_headers is set.
      */
     optionsPreflightBypass?: pulumi.Input<boolean>;
     /**
-     * The policies associated with the application, in ascending order of precedence. Warning: Do not use this field while you
-     * still have this application ID referenced as `application_id` in any `cloudflare.AccessPolicy` resource, as it can
-     * result in an inconsistent state.
+     * Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the
+     * hostname by default
      */
-    policies?: pulumi.Input<pulumi.Input<string>[]>;
+    pathCookieAttribute?: pulumi.Input<boolean>;
     /**
-     * SaaS configuration for the Access Application.
+     * The policies that will apply to the application, in ascending order of precedence. Items can reference existing policies
+     * or create new policies exclusive to the application.
      */
+    policies?: pulumi.Input<pulumi.Input<inputs.ZeroTrustAccessApplicationPolicy>[]>;
     saasApp?: pulumi.Input<inputs.ZeroTrustAccessApplicationSaasApp>;
     /**
-     * Defines the same-site cookie setting for access tokens. Available values: `none`, `lax`, `strict`.
+     * Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
      */
     sameSiteCookieAttribute?: pulumi.Input<string>;
     /**
@@ -445,43 +420,36 @@ export interface ZeroTrustAccessApplicationArgs {
      */
     scimConfig?: pulumi.Input<inputs.ZeroTrustAccessApplicationScimConfig>;
     /**
-     * List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the
-     * value set as `domain`.
+     * List of domains that Access will secure.
      */
     selfHostedDomains?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`.
+     * Returns a 401 status code when the request is blocked by a Service Auth policy.
      */
     serviceAuth401Redirect?: pulumi.Input<boolean>;
     /**
-     * How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`. Defaults to `24h`.
+     * The amount of time that tokens issued for this application will be valid. Must be in the format `300ms` or `2h45m`.
+     * Valid time units are: ns, us (or µs), ms, s, m, h.
      */
     sessionDuration?: pulumi.Input<string>;
     /**
-     * Option to skip the App Launcher landing page. Defaults to `false`.
+     * Determines when to skip the App Launcher landing page.
      */
     skipAppLauncherLoginPage?: pulumi.Input<boolean>;
     /**
-     * Option to skip the authorization interstitial when using the CLI. Defaults to `false`.
+     * Enables automatic authentication through cloudflared.
      */
     skipInterstitial?: pulumi.Input<boolean>;
     /**
-     * The itags associated with the application.
+     * The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
      */
     tags?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * A list of mappings to apply to SCIM resources before provisioning them in this application. These can transform or
-     * filter the resources to be provisioned.
-     */
-    targetCriterias?: pulumi.Input<pulumi.Input<inputs.ZeroTrustAccessApplicationTargetCriteria>[]>;
-    /**
-     * The application type. Available values: `app_launcher`, `bookmark`, `biso`, `dash_sso`, `saas`, `self_hosted`, `ssh`,
-     * `vnc`, `warp`, `infrastructure`. Defaults to `self_hosted`.
+     * The application type.
      */
     type?: pulumi.Input<string>;
-    zeroTrustAccessApplicationId?: pulumi.Input<string>;
     /**
-     * The zone identifier to target for the resource. Conflicts with `account_id`.
+     * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
      */
     zoneId?: pulumi.Input<string>;
 }

package/bin/zeroTrustAccessApplication.js

@@ -38,7 +38,6 @@ class ZeroTrustAccessApplication extends pulumi.CustomResource {
             resourceInputs["allowedIdps"] = state ? state.allowedIdps : undefined;
             resourceInputs["appLauncherLogoUrl"] = state ? state.appLauncherLogoUrl : undefined;
             resourceInputs["appLauncherVisible"] = state ? state.appLauncherVisible : undefined;
-            resourceInputs["aud"] = state ? state.aud : undefined;
             resourceInputs["autoRedirectToIdentity"] = state ? state.autoRedirectToIdentity : undefined;
             resourceInputs["bgColor"] = state ? state.bgColor : undefined;
             resourceInputs["corsHeaders"] = state ? state.corsHeaders : undefined;
@@ -55,6 +54,7 @@ class ZeroTrustAccessApplication extends pulumi.CustomResource {
             resourceInputs["logoUrl"] = state ? state.logoUrl : undefined;
             resourceInputs["name"] = state ? state.name : undefined;
             resourceInputs["optionsPreflightBypass"] = state ? state.optionsPreflightBypass : undefined;
+            resourceInputs["pathCookieAttribute"] = state ? state.pathCookieAttribute : undefined;
             resourceInputs["policies"] = state ? state.policies : undefined;
             resourceInputs["saasApp"] = state ? state.saasApp : undefined;
             resourceInputs["sameSiteCookieAttribute"] = state ? state.sameSiteCookieAttribute : undefined;
@@ -65,9 +65,7 @@ class ZeroTrustAccessApplication extends pulumi.CustomResource {
             resourceInputs["skipAppLauncherLoginPage"] = state ? state.skipAppLauncherLoginPage : undefined;
             resourceInputs["skipInterstitial"] = state ? state.skipInterstitial : undefined;
             resourceInputs["tags"] = state ? state.tags : undefined;
-            resourceInputs["targetCriterias"] = state ? state.targetCriterias : undefined;
             resourceInputs["type"] = state ? state.type : undefined;
-            resourceInputs["zeroTrustAccessApplicationId"] = state ? state.zeroTrustAccessApplicationId : undefined;
             resourceInputs["zoneId"] = state ? state.zoneId : undefined;
         }
         else {
@@ -93,6 +91,7 @@ class ZeroTrustAccessApplication extends pulumi.CustomResource {
             resourceInputs["logoUrl"] = args ? args.logoUrl : undefined;
             resourceInputs["name"] = args ? args.name : undefined;
             resourceInputs["optionsPreflightBypass"] = args ? args.optionsPreflightBypass : undefined;
+            resourceInputs["pathCookieAttribute"] = args ? args.pathCookieAttribute : undefined;
             resourceInputs["policies"] = args ? args.policies : undefined;
             resourceInputs["saasApp"] = args ? args.saasApp : undefined;
             resourceInputs["sameSiteCookieAttribute"] = args ? args.sameSiteCookieAttribute : undefined;
@@ -103,11 +102,8 @@ class ZeroTrustAccessApplication extends pulumi.CustomResource {
             resourceInputs["skipAppLauncherLoginPage"] = args ? args.skipAppLauncherLoginPage : undefined;
             resourceInputs["skipInterstitial"] = args ? args.skipInterstitial : undefined;
             resourceInputs["tags"] = args ? args.tags : undefined;
-            resourceInputs["targetCriterias"] = args ? args.targetCriterias : undefined;
             resourceInputs["type"] = args ? args.type : undefined;
-            resourceInputs["zeroTrustAccessApplicationId"] = args ? args.zeroTrustAccessApplicationId : undefined;
             resourceInputs["zoneId"] = args ? args.zoneId : undefined;
-            resourceInputs["aud"] = undefined /*out*/;
         }
         opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
         super(ZeroTrustAccessApplication.__pulumiType, name, resourceInputs, opts, false /*dependency*/, utilities.getPackage());