@sst-provider/cloudflare5 5.2.0 → 5.16.0

package/bin/zeroTrustAccessAiControlsMcpServer.d.ts

@@ -0,0 +1,101 @@
+import * as pulumi from "@pulumi/pulumi";
+export declare class ZeroTrustAccessAiControlsMcpServer extends pulumi.CustomResource {
+    /**
+     * Get an existing ZeroTrustAccessAiControlsMcpServer resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ZeroTrustAccessAiControlsMcpServerState, opts?: pulumi.CustomResourceOptions): ZeroTrustAccessAiControlsMcpServer;
+    /**
+     * Returns true if the given object is an instance of ZeroTrustAccessAiControlsMcpServer.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is ZeroTrustAccessAiControlsMcpServer;
+    readonly accountId: pulumi.Output<string>;
+    readonly authCredentials: pulumi.Output<string | undefined>;
+    /**
+     * Available values: "oauth", "bearer", "unauthenticated".
+     */
+    readonly authType: pulumi.Output<string>;
+    readonly createdAt: pulumi.Output<string>;
+    readonly createdBy: pulumi.Output<string>;
+    readonly description: pulumi.Output<string | undefined>;
+    readonly error: pulumi.Output<string>;
+    readonly hostname: pulumi.Output<string>;
+    readonly lastSynced: pulumi.Output<string>;
+    readonly modifiedAt: pulumi.Output<string>;
+    readonly modifiedBy: pulumi.Output<string>;
+    readonly name: pulumi.Output<string>;
+    readonly prompts: pulumi.Output<{
+        [key: string]: string;
+    }[]>;
+    readonly status: pulumi.Output<string>;
+    readonly tools: pulumi.Output<{
+        [key: string]: string;
+    }[]>;
+    /**
+     * server id
+     */
+    readonly zeroTrustAccessAiControlsMcpServerId: pulumi.Output<string>;
+    /**
+     * Create a ZeroTrustAccessAiControlsMcpServer resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: ZeroTrustAccessAiControlsMcpServerArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering ZeroTrustAccessAiControlsMcpServer resources.
+ */
+export interface ZeroTrustAccessAiControlsMcpServerState {
+    accountId?: pulumi.Input<string>;
+    authCredentials?: pulumi.Input<string>;
+    /**
+     * Available values: "oauth", "bearer", "unauthenticated".
+     */
+    authType?: pulumi.Input<string>;
+    createdAt?: pulumi.Input<string>;
+    createdBy?: pulumi.Input<string>;
+    description?: pulumi.Input<string>;
+    error?: pulumi.Input<string>;
+    hostname?: pulumi.Input<string>;
+    lastSynced?: pulumi.Input<string>;
+    modifiedAt?: pulumi.Input<string>;
+    modifiedBy?: pulumi.Input<string>;
+    name?: pulumi.Input<string>;
+    prompts?: pulumi.Input<pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+    }>[]>;
+    status?: pulumi.Input<string>;
+    tools?: pulumi.Input<pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+    }>[]>;
+    /**
+     * server id
+     */
+    zeroTrustAccessAiControlsMcpServerId?: pulumi.Input<string>;
+}
+/**
+ * The set of arguments for constructing a ZeroTrustAccessAiControlsMcpServer resource.
+ */
+export interface ZeroTrustAccessAiControlsMcpServerArgs {
+    accountId: pulumi.Input<string>;
+    authCredentials?: pulumi.Input<string>;
+    /**
+     * Available values: "oauth", "bearer", "unauthenticated".
+     */
+    authType: pulumi.Input<string>;
+    description?: pulumi.Input<string>;
+    hostname: pulumi.Input<string>;
+    name?: pulumi.Input<string>;
+    /**
+     * server id
+     */
+    zeroTrustAccessAiControlsMcpServerId: pulumi.Input<string>;
+}

package/bin/zeroTrustAccessAiControlsMcpServer.js

@@ -0,0 +1,91 @@
+"use strict";
+// *** WARNING: this file was generated by pulumi-language-nodejs. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ZeroTrustAccessAiControlsMcpServer = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("./utilities");
+class ZeroTrustAccessAiControlsMcpServer extends pulumi.CustomResource {
+    /**
+     * Get an existing ZeroTrustAccessAiControlsMcpServer resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name, id, state, opts) {
+        return new ZeroTrustAccessAiControlsMcpServer(name, state, { ...opts, id: id });
+    }
+    /**
+     * Returns true if the given object is an instance of ZeroTrustAccessAiControlsMcpServer.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === ZeroTrustAccessAiControlsMcpServer.__pulumiType;
+    }
+    constructor(name, argsOrState, opts) {
+        let resourceInputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState;
+            resourceInputs["accountId"] = state?.accountId;
+            resourceInputs["authCredentials"] = state?.authCredentials;
+            resourceInputs["authType"] = state?.authType;
+            resourceInputs["createdAt"] = state?.createdAt;
+            resourceInputs["createdBy"] = state?.createdBy;
+            resourceInputs["description"] = state?.description;
+            resourceInputs["error"] = state?.error;
+            resourceInputs["hostname"] = state?.hostname;
+            resourceInputs["lastSynced"] = state?.lastSynced;
+            resourceInputs["modifiedAt"] = state?.modifiedAt;
+            resourceInputs["modifiedBy"] = state?.modifiedBy;
+            resourceInputs["name"] = state?.name;
+            resourceInputs["prompts"] = state?.prompts;
+            resourceInputs["status"] = state?.status;
+            resourceInputs["tools"] = state?.tools;
+            resourceInputs["zeroTrustAccessAiControlsMcpServerId"] = state?.zeroTrustAccessAiControlsMcpServerId;
+        }
+        else {
+            const args = argsOrState;
+            if (args?.accountId === undefined && !opts.urn) {
+                throw new Error("Missing required property 'accountId'");
+            }
+            if (args?.authType === undefined && !opts.urn) {
+                throw new Error("Missing required property 'authType'");
+            }
+            if (args?.hostname === undefined && !opts.urn) {
+                throw new Error("Missing required property 'hostname'");
+            }
+            if (args?.zeroTrustAccessAiControlsMcpServerId === undefined && !opts.urn) {
+                throw new Error("Missing required property 'zeroTrustAccessAiControlsMcpServerId'");
+            }
+            resourceInputs["accountId"] = args?.accountId;
+            resourceInputs["authCredentials"] = args?.authCredentials;
+            resourceInputs["authType"] = args?.authType;
+            resourceInputs["description"] = args?.description;
+            resourceInputs["hostname"] = args?.hostname;
+            resourceInputs["name"] = args?.name;
+            resourceInputs["zeroTrustAccessAiControlsMcpServerId"] = args?.zeroTrustAccessAiControlsMcpServerId;
+            resourceInputs["createdAt"] = undefined /*out*/;
+            resourceInputs["createdBy"] = undefined /*out*/;
+            resourceInputs["error"] = undefined /*out*/;
+            resourceInputs["lastSynced"] = undefined /*out*/;
+            resourceInputs["modifiedAt"] = undefined /*out*/;
+            resourceInputs["modifiedBy"] = undefined /*out*/;
+            resourceInputs["prompts"] = undefined /*out*/;
+            resourceInputs["status"] = undefined /*out*/;
+            resourceInputs["tools"] = undefined /*out*/;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        super(ZeroTrustAccessAiControlsMcpServer.__pulumiType, name, resourceInputs, opts, false /*dependency*/, utilities.getPackage());
+    }
+}
+exports.ZeroTrustAccessAiControlsMcpServer = ZeroTrustAccessAiControlsMcpServer;
+/** @internal */
+ZeroTrustAccessAiControlsMcpServer.__pulumiType = 'cloudflare:index/zeroTrustAccessAiControlsMcpServer:ZeroTrustAccessAiControlsMcpServer';
+//# sourceMappingURL=zeroTrustAccessAiControlsMcpServer.js.map

package/bin/zeroTrustAccessAiControlsMcpServer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"zeroTrustAccessAiControlsMcpServer.js","sourceRoot":"","sources":["../zeroTrustAccessAiControlsMcpServer.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC,MAAa,kCAAmC,SAAQ,MAAM,CAAC,cAAc;IACzE;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA+C,EAAE,IAAmC;QAC7I,OAAO,IAAI,kCAAkC,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IACzF,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,kCAAkC,CAAC,YAAY,CAAC;IACnF,CAAC;IAiCD,YAAY,IAAY,EAAE,WAA8F,EAAE,IAAmC;QACzJ,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAkE,CAAC;YACjF,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,EAAE,KAAK,CAAC;YACvC,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,EAAE,IAAI,CAAC;YACrC,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,EAAE,MAAM,CAAC;YACzC,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,EAAE,KAAK,CAAC;YACvC,cAAc,CAAC,sCAAsC,CAAC,GAAG,KAAK,EAAE,oCAAoC,CAAC;SACxG;aAAM;YACH,MAAM,IAAI,GAAG,WAAiE,CAAC;YAC/E,IAAI,IAAI,EAAE,SAAS,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC5C,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,IAAI,IAAI,EAAE,QAAQ,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC3C,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,IAAI,IAAI,EAAE,QAAQ,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC3C,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,IAAI,IAAI,EAAE,oCAAoC,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACvE,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;aACvF;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,IAAI,CAAC;YACpC,cAAc,CAAC,sCAAsC,CAAC,GAAG,IAAI,EAAE,oCAAoC,CAAC;YACpG,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAChD,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAChD,cAAc,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC5C,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjD,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjD,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACjD,cAAc,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC9C,cAAc,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC7C,cAAc,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SAC/C;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,kCAAkC,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,CAAC,cAAc,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC,CAAC;IACrI,CAAC;;AAjHL,gFAkHC;AApGG,gBAAgB;AACO,+CAAY,GAAG,wFAAwF,CAAC"}

package/bin/zeroTrustAccessApplication.d.ts

@@ -22,14 +22,15 @@ export declare class ZeroTrustAccessApplication extends pulumi.CustomResource {
      */
     readonly accountId: pulumi.Output<string | undefined>;
     /**
-     * When set to true, users can authenticate to this application using their WARP session. When set to false this
-     * application will always require direct IdP authentication. This setting always overrides the organization setting for
-     * WARP authentication.
+     * When set to true, users can authenticate to this application using their WARP session.  When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
      */
     readonly allowAuthenticateViaWarp: pulumi.Output<boolean | undefined>;
     /**
-     * The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in
-     * your account.
+     * Enables loading application content in an iFrame.
+     */
+    readonly allowIframe: pulumi.Output<boolean | undefined>;
+    /**
+     * The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
      */
     readonly allowedIdps: pulumi.Output<string[] | undefined>;
     /**
@@ -45,16 +46,14 @@ export declare class ZeroTrustAccessApplication extends pulumi.CustomResource {
      */
     readonly aud: pulumi.Output<string>;
     /**
-     * When set to `true`, users skip the identity provider selection step during login. You must specify only one identity
-     * provider in allowed_idps.
+     * When set to <span pulumi-lang-nodejs="`true`" pulumi-lang-dotnet="`True`" pulumi-lang-go="`true`" pulumi-lang-python="`true`" pulumi-lang-yaml="`true`" pulumi-lang-java="`true`">`true`</span>, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps.
      */
-    readonly autoRedirectToIdentity: pulumi.Output<boolean>;
+    readonly autoRedirectToIdentity: pulumi.Output<boolean | undefined>;
     /**
      * The background color of the App Launcher page.
      */
     readonly bgColor: pulumi.Output<string | undefined>;
-    readonly corsHeaders: pulumi.Output<outputs.ZeroTrustAccessApplicationCorsHeaders>;
-    readonly createdAt: pulumi.Output<string>;
+    readonly corsHeaders: pulumi.Output<outputs.ZeroTrustAccessApplicationCorsHeaders | undefined>;
     /**
      * The custom error message shown to a user when they are denied access to the application.
      */
@@ -72,23 +71,21 @@ export declare class ZeroTrustAccessApplication extends pulumi.CustomResource {
      */
     readonly customPages: pulumi.Output<string[] | undefined>;
     /**
-     * List of destinations secured by Access. This supersedes `self_hosted_domains` to allow for more flexibility in defining
-     * different types of domains. If `destinations` are provided, then `self_hosted_domains` will be ignored.
+     * List of destinations secured by Access. This supersedes <span pulumi-lang-nodejs="`selfHostedDomains`" pulumi-lang-dotnet="`SelfHostedDomains`" pulumi-lang-go="`selfHostedDomains`" pulumi-lang-python="`self_hosted_domains`" pulumi-lang-yaml="`selfHostedDomains`" pulumi-lang-java="`selfHostedDomains`">`self_hosted_domains`</span> to allow for more flexibility in defining different types of domains. If <span pulumi-lang-nodejs="`destinations`" pulumi-lang-dotnet="`Destinations`" pulumi-lang-go="`destinations`" pulumi-lang-python="`destinations`" pulumi-lang-yaml="`destinations`" pulumi-lang-java="`destinations`">`destinations`</span> are provided, then <span pulumi-lang-nodejs="`selfHostedDomains`" pulumi-lang-dotnet="`SelfHostedDomains`" pulumi-lang-go="`selfHostedDomains`" pulumi-lang-python="`self_hosted_domains`" pulumi-lang-yaml="`selfHostedDomains`" pulumi-lang-java="`selfHostedDomains`">`self_hosted_domains`</span> will be ignored.
      */
     readonly destinations: pulumi.Output<outputs.ZeroTrustAccessApplicationDestination[]>;
     /**
-     * The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App
-     * Launcher.
+     * The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
      */
-    readonly domain: pulumi.Output<string | undefined>;
+    readonly domain: pulumi.Output<string>;
     /**
      * Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks.
      */
-    readonly enableBindingCookie: pulumi.Output<boolean>;
+    readonly enableBindingCookie: pulumi.Output<boolean | undefined>;
     /**
      * The links in the App Launcher footer.
      */
-    readonly footerLinks: pulumi.Output<outputs.ZeroTrustAccessApplicationFooterLink[]>;
+    readonly footerLinks: pulumi.Output<outputs.ZeroTrustAccessApplicationFooterLink[] | undefined>;
     /**
      * The background color of the App Launcher header.
      */
@@ -100,7 +97,7 @@ export declare class ZeroTrustAccessApplication extends pulumi.CustomResource {
     /**
      * The design of the App Launcher landing page shown to users when they log in.
      */
-    readonly landingPageDesign: pulumi.Output<outputs.ZeroTrustAccessApplicationLandingPageDesign>;
+    readonly landingPageDesign: pulumi.Output<outputs.ZeroTrustAccessApplicationLandingPageDesign | undefined>;
     /**
      * The image URL for the logo shown in the App Launcher dashboard.
      */
@@ -110,21 +107,28 @@ export declare class ZeroTrustAccessApplication extends pulumi.CustomResource {
      */
     readonly name: pulumi.Output<string>;
     /**
-     * Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if
-     * cors_headers is set.
+     * Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if<span pulumi-lang-nodejs=" corsHeaders " pulumi-lang-dotnet=" CorsHeaders " pulumi-lang-go=" corsHeaders " pulumi-lang-python=" cors_headers " pulumi-lang-yaml=" corsHeaders " pulumi-lang-java=" corsHeaders "> cors_headers </span>is set.
      */
     readonly optionsPreflightBypass: pulumi.Output<boolean | undefined>;
     /**
-     * Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the
-     * hostname by default
+     * Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
+     */
+    readonly pathCookieAttribute: pulumi.Output<boolean | undefined>;
+    /**
+     * The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application.
      */
-    readonly pathCookieAttribute: pulumi.Output<boolean>;
+    readonly policies: pulumi.Output<outputs.ZeroTrustAccessApplicationPolicy[] | undefined>;
     /**
-     * The policies that Access applies to the application, in ascending order of precedence. Items can reference existing
-     * policies or create new policies exclusive to the application.
+     * Allows matching Access Service Tokens passed HTTP in a single header with this name.
+     * This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers.
+     * The header value will be interpreted as a json object similar to:
+     *   {
+     *     "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com",
+     *     "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5"
+     *   }
      */
-    readonly policies: pulumi.Output<outputs.ZeroTrustAccessApplicationPolicy[]>;
-    readonly saasApp: pulumi.Output<outputs.ZeroTrustAccessApplicationSaasApp>;
+    readonly readServiceTokensFromHeader: pulumi.Output<string | undefined>;
+    readonly saasApp: pulumi.Output<outputs.ZeroTrustAccessApplicationSaasApp | undefined>;
     /**
      * Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
      */
@@ -132,19 +136,19 @@ export declare class ZeroTrustAccessApplication extends pulumi.CustomResource {
     /**
      * Configuration for provisioning to this application via SCIM. This is currently in closed beta.
      */
-    readonly scimConfig: pulumi.Output<outputs.ZeroTrustAccessApplicationScimConfig>;
+    readonly scimConfig: pulumi.Output<outputs.ZeroTrustAccessApplicationScimConfig | undefined>;
     /**
-     * List of public domains that Access will secure. This field is deprecated in favor of `destinations` and will be
-     * supported until **November 21, 2025.** If `destinations` are provided, then `self_hosted_domains` will be ignored.
+     * List of public domains that Access will secure. This field is deprecated in favor of <span pulumi-lang-nodejs="`destinations`" pulumi-lang-dotnet="`Destinations`" pulumi-lang-go="`destinations`" pulumi-lang-python="`destinations`" pulumi-lang-yaml="`destinations`" pulumi-lang-java="`destinations`">`destinations`</span> and will be supported until **November 21, 2025.** If <span pulumi-lang-nodejs="`destinations`" pulumi-lang-dotnet="`Destinations`" pulumi-lang-go="`destinations`" pulumi-lang-python="`destinations`" pulumi-lang-yaml="`destinations`" pulumi-lang-java="`destinations`">`destinations`</span> are provided, then <span pulumi-lang-nodejs="`selfHostedDomains`" pulumi-lang-dotnet="`SelfHostedDomains`" pulumi-lang-go="`selfHostedDomains`" pulumi-lang-python="`self_hosted_domains`" pulumi-lang-yaml="`selfHostedDomains`" pulumi-lang-java="`selfHostedDomains`">`self_hosted_domains`</span> will be ignored.
+     *
+     * @deprecated Deprecated
      */
-    readonly selfHostedDomains: pulumi.Output<string[] | undefined>;
+    readonly selfHostedDomains: pulumi.Output<string[]>;
     /**
      * Returns a 401 status code when the request is blocked by a Service Auth policy.
      */
     readonly serviceAuth401Redirect: pulumi.Output<boolean | undefined>;
     /**
-     * The amount of time that tokens issued for this application will be valid. Must be in the format `300ms` or `2h45m`.
-     * Valid time units are: ns, us (or µs), ms, s, m, h.
+     * The amount of time that tokens issued for this application will be valid. Must be in the format <span pulumi-lang-nodejs="`300ms`" pulumi-lang-dotnet="`300ms`" pulumi-lang-go="`300ms`" pulumi-lang-python="`300ms`" pulumi-lang-yaml="`300ms`" pulumi-lang-java="`300ms`">`300ms`</span> or <span pulumi-lang-nodejs="`2h45m`" pulumi-lang-dotnet="`2h45m`" pulumi-lang-go="`2h45m`" pulumi-lang-python="`2h45m`" pulumi-lang-yaml="`2h45m`" pulumi-lang-java="`2h45m`">`2h45m`</span>. Valid time units are: ns, us (or µs), ms, s, m, h. Note: unsupported for infrastructure type applications.
      */
     readonly sessionDuration: pulumi.Output<string>;
     /**
@@ -159,12 +163,12 @@ export declare class ZeroTrustAccessApplication extends pulumi.CustomResource {
      * The tags you want assigned to an application. Tags are used to filter applications in the App Launcher dashboard.
      */
     readonly tags: pulumi.Output<string[] | undefined>;
-    readonly targetCriterias: pulumi.Output<outputs.ZeroTrustAccessApplicationTargetCriteria[]>;
+    readonly targetCriterias: pulumi.Output<outputs.ZeroTrustAccessApplicationTargetCriteria[] | undefined>;
     /**
      * The application type.
+     * Available values: <span pulumi-lang-nodejs=""selfHosted"" pulumi-lang-dotnet=""SelfHosted"" pulumi-lang-go=""selfHosted"" pulumi-lang-python=""self_hosted"" pulumi-lang-yaml=""selfHosted"" pulumi-lang-java=""selfHosted"">"self_hosted"</span>, "saas", "ssh", "vnc", <span pulumi-lang-nodejs=""appLauncher"" pulumi-lang-dotnet=""AppLauncher"" pulumi-lang-go=""appLauncher"" pulumi-lang-python=""app_launcher"" pulumi-lang-yaml=""appLauncher"" pulumi-lang-java=""appLauncher"">"app_launcher"</span>, "warp", "biso", "bookmark", <span pulumi-lang-nodejs=""dashSso"" pulumi-lang-dotnet=""DashSso"" pulumi-lang-go=""dashSso"" pulumi-lang-python=""dash_sso"" pulumi-lang-yaml=""dashSso"" pulumi-lang-java=""dashSso"">"dash_sso"</span>, "infrastructure", "rdp", "mcp", <span pulumi-lang-nodejs=""mcpPortal"" pulumi-lang-dotnet=""McpPortal"" pulumi-lang-go=""mcpPortal"" pulumi-lang-python=""mcp_portal"" pulumi-lang-yaml=""mcpPortal"" pulumi-lang-java=""mcpPortal"">"mcp_portal"</span>, <span pulumi-lang-nodejs=""proxyEndpoint"" pulumi-lang-dotnet=""ProxyEndpoint"" pulumi-lang-go=""proxyEndpoint"" pulumi-lang-python=""proxy_endpoint"" pulumi-lang-yaml=""proxyEndpoint"" pulumi-lang-java=""proxyEndpoint"">"proxy_endpoint"</span>.
      */
     readonly type: pulumi.Output<string | undefined>;
-    readonly updatedAt: pulumi.Output<string>;
     /**
      * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
      */
@@ -187,14 +191,15 @@ export interface ZeroTrustAccessApplicationState {
      */
     accountId?: pulumi.Input<string>;
     /**
-     * When set to true, users can authenticate to this application using their WARP session. When set to false this
-     * application will always require direct IdP authentication. This setting always overrides the organization setting for
-     * WARP authentication.
+     * When set to true, users can authenticate to this application using their WARP session.  When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
      */
     allowAuthenticateViaWarp?: pulumi.Input<boolean>;
     /**
-     * The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in
-     * your account.
+     * Enables loading application content in an iFrame.
+     */
+    allowIframe?: pulumi.Input<boolean>;
+    /**
+     * The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
      */
     allowedIdps?: pulumi.Input<pulumi.Input<string>[]>;
     /**
@@ -210,8 +215,7 @@ export interface ZeroTrustAccessApplicationState {
      */
     aud?: pulumi.Input<string>;
     /**
-     * When set to `true`, users skip the identity provider selection step during login. You must specify only one identity
-     * provider in allowed_idps.
+     * When set to <span pulumi-lang-nodejs="`true`" pulumi-lang-dotnet="`True`" pulumi-lang-go="`true`" pulumi-lang-python="`true`" pulumi-lang-yaml="`true`" pulumi-lang-java="`true`">`true`</span>, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps.
      */
     autoRedirectToIdentity?: pulumi.Input<boolean>;
     /**
@@ -219,7 +223,6 @@ export interface ZeroTrustAccessApplicationState {
      */
     bgColor?: pulumi.Input<string>;
     corsHeaders?: pulumi.Input<inputs.ZeroTrustAccessApplicationCorsHeaders>;
-    createdAt?: pulumi.Input<string>;
     /**
      * The custom error message shown to a user when they are denied access to the application.
      */
@@ -237,13 +240,11 @@ export interface ZeroTrustAccessApplicationState {
      */
     customPages?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * List of destinations secured by Access. This supersedes `self_hosted_domains` to allow for more flexibility in defining
-     * different types of domains. If `destinations` are provided, then `self_hosted_domains` will be ignored.
+     * List of destinations secured by Access. This supersedes <span pulumi-lang-nodejs="`selfHostedDomains`" pulumi-lang-dotnet="`SelfHostedDomains`" pulumi-lang-go="`selfHostedDomains`" pulumi-lang-python="`self_hosted_domains`" pulumi-lang-yaml="`selfHostedDomains`" pulumi-lang-java="`selfHostedDomains`">`self_hosted_domains`</span> to allow for more flexibility in defining different types of domains. If <span pulumi-lang-nodejs="`destinations`" pulumi-lang-dotnet="`Destinations`" pulumi-lang-go="`destinations`" pulumi-lang-python="`destinations`" pulumi-lang-yaml="`destinations`" pulumi-lang-java="`destinations`">`destinations`</span> are provided, then <span pulumi-lang-nodejs="`selfHostedDomains`" pulumi-lang-dotnet="`SelfHostedDomains`" pulumi-lang-go="`selfHostedDomains`" pulumi-lang-python="`self_hosted_domains`" pulumi-lang-yaml="`selfHostedDomains`" pulumi-lang-java="`selfHostedDomains`">`self_hosted_domains`</span> will be ignored.
      */
     destinations?: pulumi.Input<pulumi.Input<inputs.ZeroTrustAccessApplicationDestination>[]>;
     /**
-     * The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App
-     * Launcher.
+     * The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
      */
     domain?: pulumi.Input<string>;
     /**
@@ -275,20 +276,27 @@ export interface ZeroTrustAccessApplicationState {
      */
     name?: pulumi.Input<string>;
     /**
-     * Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if
-     * cors_headers is set.
+     * Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if<span pulumi-lang-nodejs=" corsHeaders " pulumi-lang-dotnet=" CorsHeaders " pulumi-lang-go=" corsHeaders " pulumi-lang-python=" cors_headers " pulumi-lang-yaml=" corsHeaders " pulumi-lang-java=" corsHeaders "> cors_headers </span>is set.
      */
     optionsPreflightBypass?: pulumi.Input<boolean>;
     /**
-     * Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the
-     * hostname by default
+     * Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
      */
     pathCookieAttribute?: pulumi.Input<boolean>;
     /**
-     * The policies that Access applies to the application, in ascending order of precedence. Items can reference existing
-     * policies or create new policies exclusive to the application.
+     * The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application.
      */
     policies?: pulumi.Input<pulumi.Input<inputs.ZeroTrustAccessApplicationPolicy>[]>;
+    /**
+     * Allows matching Access Service Tokens passed HTTP in a single header with this name.
+     * This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers.
+     * The header value will be interpreted as a json object similar to:
+     *   {
+     *     "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com",
+     *     "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5"
+     *   }
+     */
+    readServiceTokensFromHeader?: pulumi.Input<string>;
     saasApp?: pulumi.Input<inputs.ZeroTrustAccessApplicationSaasApp>;
     /**
      * Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
@@ -299,8 +307,9 @@ export interface ZeroTrustAccessApplicationState {
      */
     scimConfig?: pulumi.Input<inputs.ZeroTrustAccessApplicationScimConfig>;
     /**
-     * List of public domains that Access will secure. This field is deprecated in favor of `destinations` and will be
-     * supported until **November 21, 2025.** If `destinations` are provided, then `self_hosted_domains` will be ignored.
+     * List of public domains that Access will secure. This field is deprecated in favor of <span pulumi-lang-nodejs="`destinations`" pulumi-lang-dotnet="`Destinations`" pulumi-lang-go="`destinations`" pulumi-lang-python="`destinations`" pulumi-lang-yaml="`destinations`" pulumi-lang-java="`destinations`">`destinations`</span> and will be supported until **November 21, 2025.** If <span pulumi-lang-nodejs="`destinations`" pulumi-lang-dotnet="`Destinations`" pulumi-lang-go="`destinations`" pulumi-lang-python="`destinations`" pulumi-lang-yaml="`destinations`" pulumi-lang-java="`destinations`">`destinations`</span> are provided, then <span pulumi-lang-nodejs="`selfHostedDomains`" pulumi-lang-dotnet="`SelfHostedDomains`" pulumi-lang-go="`selfHostedDomains`" pulumi-lang-python="`self_hosted_domains`" pulumi-lang-yaml="`selfHostedDomains`" pulumi-lang-java="`selfHostedDomains`">`self_hosted_domains`</span> will be ignored.
+     *
+     * @deprecated Deprecated
      */
     selfHostedDomains?: pulumi.Input<pulumi.Input<string>[]>;
     /**
@@ -308,8 +317,7 @@ export interface ZeroTrustAccessApplicationState {
      */
     serviceAuth401Redirect?: pulumi.Input<boolean>;
     /**
-     * The amount of time that tokens issued for this application will be valid. Must be in the format `300ms` or `2h45m`.
-     * Valid time units are: ns, us (or µs), ms, s, m, h.
+     * The amount of time that tokens issued for this application will be valid. Must be in the format <span pulumi-lang-nodejs="`300ms`" pulumi-lang-dotnet="`300ms`" pulumi-lang-go="`300ms`" pulumi-lang-python="`300ms`" pulumi-lang-yaml="`300ms`" pulumi-lang-java="`300ms`">`300ms`</span> or <span pulumi-lang-nodejs="`2h45m`" pulumi-lang-dotnet="`2h45m`" pulumi-lang-go="`2h45m`" pulumi-lang-python="`2h45m`" pulumi-lang-yaml="`2h45m`" pulumi-lang-java="`2h45m`">`2h45m`</span>. Valid time units are: ns, us (or µs), ms, s, m, h. Note: unsupported for infrastructure type applications.
      */
     sessionDuration?: pulumi.Input<string>;
     /**
@@ -327,9 +335,9 @@ export interface ZeroTrustAccessApplicationState {
     targetCriterias?: pulumi.Input<pulumi.Input<inputs.ZeroTrustAccessApplicationTargetCriteria>[]>;
     /**
      * The application type.
+     * Available values: <span pulumi-lang-nodejs=""selfHosted"" pulumi-lang-dotnet=""SelfHosted"" pulumi-lang-go=""selfHosted"" pulumi-lang-python=""self_hosted"" pulumi-lang-yaml=""selfHosted"" pulumi-lang-java=""selfHosted"">"self_hosted"</span>, "saas", "ssh", "vnc", <span pulumi-lang-nodejs=""appLauncher"" pulumi-lang-dotnet=""AppLauncher"" pulumi-lang-go=""appLauncher"" pulumi-lang-python=""app_launcher"" pulumi-lang-yaml=""appLauncher"" pulumi-lang-java=""appLauncher"">"app_launcher"</span>, "warp", "biso", "bookmark", <span pulumi-lang-nodejs=""dashSso"" pulumi-lang-dotnet=""DashSso"" pulumi-lang-go=""dashSso"" pulumi-lang-python=""dash_sso"" pulumi-lang-yaml=""dashSso"" pulumi-lang-java=""dashSso"">"dash_sso"</span>, "infrastructure", "rdp", "mcp", <span pulumi-lang-nodejs=""mcpPortal"" pulumi-lang-dotnet=""McpPortal"" pulumi-lang-go=""mcpPortal"" pulumi-lang-python=""mcp_portal"" pulumi-lang-yaml=""mcpPortal"" pulumi-lang-java=""mcpPortal"">"mcp_portal"</span>, <span pulumi-lang-nodejs=""proxyEndpoint"" pulumi-lang-dotnet=""ProxyEndpoint"" pulumi-lang-go=""proxyEndpoint"" pulumi-lang-python=""proxy_endpoint"" pulumi-lang-yaml=""proxyEndpoint"" pulumi-lang-java=""proxyEndpoint"">"proxy_endpoint"</span>.
      */
     type?: pulumi.Input<string>;
-    updatedAt?: pulumi.Input<string>;
     /**
      * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
      */
@@ -344,14 +352,15 @@ export interface ZeroTrustAccessApplicationArgs {
      */
     accountId?: pulumi.Input<string>;
     /**
-     * When set to true, users can authenticate to this application using their WARP session. When set to false this
-     * application will always require direct IdP authentication. This setting always overrides the organization setting for
-     * WARP authentication.
+     * When set to true, users can authenticate to this application using their WARP session.  When set to false this application will always require direct IdP authentication. This setting always overrides the organization setting for WARP authentication.
      */
     allowAuthenticateViaWarp?: pulumi.Input<boolean>;
     /**
-     * The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in
-     * your account.
+     * Enables loading application content in an iFrame.
+     */
+    allowIframe?: pulumi.Input<boolean>;
+    /**
+     * The identity providers your users can select when connecting to this application. Defaults to all IdPs configured in your account.
      */
     allowedIdps?: pulumi.Input<pulumi.Input<string>[]>;
     /**
@@ -363,8 +372,7 @@ export interface ZeroTrustAccessApplicationArgs {
      */
     appLauncherVisible?: pulumi.Input<boolean>;
     /**
-     * When set to `true`, users skip the identity provider selection step during login. You must specify only one identity
-     * provider in allowed_idps.
+     * When set to <span pulumi-lang-nodejs="`true`" pulumi-lang-dotnet="`True`" pulumi-lang-go="`true`" pulumi-lang-python="`true`" pulumi-lang-yaml="`true`" pulumi-lang-java="`true`">`true`</span>, users skip the identity provider selection step during login. You must specify only one identity provider in allowed_idps.
      */
     autoRedirectToIdentity?: pulumi.Input<boolean>;
     /**
@@ -389,13 +397,11 @@ export interface ZeroTrustAccessApplicationArgs {
      */
     customPages?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * List of destinations secured by Access. This supersedes `self_hosted_domains` to allow for more flexibility in defining
-     * different types of domains. If `destinations` are provided, then `self_hosted_domains` will be ignored.
+     * List of destinations secured by Access. This supersedes <span pulumi-lang-nodejs="`selfHostedDomains`" pulumi-lang-dotnet="`SelfHostedDomains`" pulumi-lang-go="`selfHostedDomains`" pulumi-lang-python="`self_hosted_domains`" pulumi-lang-yaml="`selfHostedDomains`" pulumi-lang-java="`selfHostedDomains`">`self_hosted_domains`</span> to allow for more flexibility in defining different types of domains. If <span pulumi-lang-nodejs="`destinations`" pulumi-lang-dotnet="`Destinations`" pulumi-lang-go="`destinations`" pulumi-lang-python="`destinations`" pulumi-lang-yaml="`destinations`" pulumi-lang-java="`destinations`">`destinations`</span> are provided, then <span pulumi-lang-nodejs="`selfHostedDomains`" pulumi-lang-dotnet="`SelfHostedDomains`" pulumi-lang-go="`selfHostedDomains`" pulumi-lang-python="`self_hosted_domains`" pulumi-lang-yaml="`selfHostedDomains`" pulumi-lang-java="`selfHostedDomains`">`self_hosted_domains`</span> will be ignored.
      */
     destinations?: pulumi.Input<pulumi.Input<inputs.ZeroTrustAccessApplicationDestination>[]>;
     /**
-     * The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App
-     * Launcher.
+     * The primary hostname and path secured by Access. This domain will be displayed if the app is visible in the App Launcher.
      */
     domain?: pulumi.Input<string>;
     /**
@@ -427,20 +433,27 @@ export interface ZeroTrustAccessApplicationArgs {
      */
     name?: pulumi.Input<string>;
     /**
-     * Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if
-     * cors_headers is set.
+     * Allows options preflight requests to bypass Access authentication and go directly to the origin. Cannot turn on if<span pulumi-lang-nodejs=" corsHeaders " pulumi-lang-dotnet=" CorsHeaders " pulumi-lang-go=" corsHeaders " pulumi-lang-python=" cors_headers " pulumi-lang-yaml=" corsHeaders " pulumi-lang-java=" corsHeaders "> cors_headers </span>is set.
      */
     optionsPreflightBypass?: pulumi.Input<boolean>;
     /**
-     * Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the
-     * hostname by default
+     * Enables cookie paths to scope an application's JWT to the application path. If disabled, the JWT will scope to the hostname by default
      */
     pathCookieAttribute?: pulumi.Input<boolean>;
     /**
-     * The policies that Access applies to the application, in ascending order of precedence. Items can reference existing
-     * policies or create new policies exclusive to the application.
+     * The policies that Access applies to the application, in ascending order of precedence. Items can reference existing policies or create new policies exclusive to the application.
      */
     policies?: pulumi.Input<pulumi.Input<inputs.ZeroTrustAccessApplicationPolicy>[]>;
+    /**
+     * Allows matching Access Service Tokens passed HTTP in a single header with this name.
+     * This works as an alternative to the (CF-Access-Client-Id, CF-Access-Client-Secret) pair of headers.
+     * The header value will be interpreted as a json object similar to:
+     *   {
+     *     "cf-access-client-id": "88bf3b6d86161464f6509f7219099e57.access.example.com",
+     *     "cf-access-client-secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5"
+     *   }
+     */
+    readServiceTokensFromHeader?: pulumi.Input<string>;
     saasApp?: pulumi.Input<inputs.ZeroTrustAccessApplicationSaasApp>;
     /**
      * Sets the SameSite cookie setting, which provides increased security against CSRF attacks.
@@ -451,8 +464,9 @@ export interface ZeroTrustAccessApplicationArgs {
      */
     scimConfig?: pulumi.Input<inputs.ZeroTrustAccessApplicationScimConfig>;
     /**
-     * List of public domains that Access will secure. This field is deprecated in favor of `destinations` and will be
-     * supported until **November 21, 2025.** If `destinations` are provided, then `self_hosted_domains` will be ignored.
+     * List of public domains that Access will secure. This field is deprecated in favor of <span pulumi-lang-nodejs="`destinations`" pulumi-lang-dotnet="`Destinations`" pulumi-lang-go="`destinations`" pulumi-lang-python="`destinations`" pulumi-lang-yaml="`destinations`" pulumi-lang-java="`destinations`">`destinations`</span> and will be supported until **November 21, 2025.** If <span pulumi-lang-nodejs="`destinations`" pulumi-lang-dotnet="`Destinations`" pulumi-lang-go="`destinations`" pulumi-lang-python="`destinations`" pulumi-lang-yaml="`destinations`" pulumi-lang-java="`destinations`">`destinations`</span> are provided, then <span pulumi-lang-nodejs="`selfHostedDomains`" pulumi-lang-dotnet="`SelfHostedDomains`" pulumi-lang-go="`selfHostedDomains`" pulumi-lang-python="`self_hosted_domains`" pulumi-lang-yaml="`selfHostedDomains`" pulumi-lang-java="`selfHostedDomains`">`self_hosted_domains`</span> will be ignored.
+     *
+     * @deprecated Deprecated
      */
     selfHostedDomains?: pulumi.Input<pulumi.Input<string>[]>;
     /**
@@ -460,8 +474,7 @@ export interface ZeroTrustAccessApplicationArgs {
      */
     serviceAuth401Redirect?: pulumi.Input<boolean>;
     /**
-     * The amount of time that tokens issued for this application will be valid. Must be in the format `300ms` or `2h45m`.
-     * Valid time units are: ns, us (or µs), ms, s, m, h.
+     * The amount of time that tokens issued for this application will be valid. Must be in the format <span pulumi-lang-nodejs="`300ms`" pulumi-lang-dotnet="`300ms`" pulumi-lang-go="`300ms`" pulumi-lang-python="`300ms`" pulumi-lang-yaml="`300ms`" pulumi-lang-java="`300ms`">`300ms`</span> or <span pulumi-lang-nodejs="`2h45m`" pulumi-lang-dotnet="`2h45m`" pulumi-lang-go="`2h45m`" pulumi-lang-python="`2h45m`" pulumi-lang-yaml="`2h45m`" pulumi-lang-java="`2h45m`">`2h45m`</span>. Valid time units are: ns, us (or µs), ms, s, m, h. Note: unsupported for infrastructure type applications.
      */
     sessionDuration?: pulumi.Input<string>;
     /**
@@ -479,6 +492,7 @@ export interface ZeroTrustAccessApplicationArgs {
     targetCriterias?: pulumi.Input<pulumi.Input<inputs.ZeroTrustAccessApplicationTargetCriteria>[]>;
     /**
      * The application type.
+     * Available values: <span pulumi-lang-nodejs=""selfHosted"" pulumi-lang-dotnet=""SelfHosted"" pulumi-lang-go=""selfHosted"" pulumi-lang-python=""self_hosted"" pulumi-lang-yaml=""selfHosted"" pulumi-lang-java=""selfHosted"">"self_hosted"</span>, "saas", "ssh", "vnc", <span pulumi-lang-nodejs=""appLauncher"" pulumi-lang-dotnet=""AppLauncher"" pulumi-lang-go=""appLauncher"" pulumi-lang-python=""app_launcher"" pulumi-lang-yaml=""appLauncher"" pulumi-lang-java=""appLauncher"">"app_launcher"</span>, "warp", "biso", "bookmark", <span pulumi-lang-nodejs=""dashSso"" pulumi-lang-dotnet=""DashSso"" pulumi-lang-go=""dashSso"" pulumi-lang-python=""dash_sso"" pulumi-lang-yaml=""dashSso"" pulumi-lang-java=""dashSso"">"dash_sso"</span>, "infrastructure", "rdp", "mcp", <span pulumi-lang-nodejs=""mcpPortal"" pulumi-lang-dotnet=""McpPortal"" pulumi-lang-go=""mcpPortal"" pulumi-lang-python=""mcp_portal"" pulumi-lang-yaml=""mcpPortal"" pulumi-lang-java=""mcpPortal"">"mcp_portal"</span>, <span pulumi-lang-nodejs=""proxyEndpoint"" pulumi-lang-dotnet=""ProxyEndpoint"" pulumi-lang-go=""proxyEndpoint"" pulumi-lang-python=""proxy_endpoint"" pulumi-lang-yaml=""proxyEndpoint"" pulumi-lang-java=""proxyEndpoint"">"proxy_endpoint"</span>.
      */
     type?: pulumi.Input<string>;
     /**