@sst-provider/cloudflare5 5.2.0 → 5.16.0

package/bin/zeroTrustGatewayCertificate.d.ts

@@ -17,41 +17,45 @@ export declare class ZeroTrustGatewayCertificate extends pulumi.CustomResource {
     static isInstance(obj: any): obj is ZeroTrustGatewayCertificate;
     readonly accountId: pulumi.Output<string>;
     /**
-     * The deployment status of the certificate on Cloudflare's edge. Certificates in the 'available' (previously called
-     * 'active') state may be used for Gateway TLS interception. Available values: "pending_deployment", "available",
-     * "pending_deletion", "inactive".
+     * Whether to activate the certificate on Cloudflare's edge. When true, the certificate will be activated. When false, the certificate will be deactivated at the edge. This is a Terraform-only field and does not appear in the API response. Monitor <span pulumi-lang-nodejs="`bindingStatus`" pulumi-lang-dotnet="`BindingStatus`" pulumi-lang-go="`bindingStatus`" pulumi-lang-python="`binding_status`" pulumi-lang-yaml="`bindingStatus`" pulumi-lang-java="`bindingStatus`">`binding_status`</span> for the activation status. Once a certificate is activated, you may use the certificate to intercept traffic
+     */
+    readonly activate: pulumi.Output<boolean | undefined>;
+    /**
+     * Indicate the read-only deployment status of the certificate on Cloudflare's edge. Gateway TLS interception can use certificates in the 'available' (previously called 'active') state.
+     * Available values: <span pulumi-lang-nodejs=""pendingDeployment"" pulumi-lang-dotnet=""PendingDeployment"" pulumi-lang-go=""pendingDeployment"" pulumi-lang-python=""pending_deployment"" pulumi-lang-yaml=""pendingDeployment"" pulumi-lang-java=""pendingDeployment"">"pending_deployment"</span>, "available", <span pulumi-lang-nodejs=""pendingDeletion"" pulumi-lang-dotnet=""PendingDeletion"" pulumi-lang-go=""pendingDeletion"" pulumi-lang-python=""pending_deletion"" pulumi-lang-yaml=""pendingDeletion"" pulumi-lang-java=""pendingDeletion"">"pending_deletion"</span>, "inactive".
      */
     readonly bindingStatus: pulumi.Output<string>;
     /**
-     * The CA certificate
+     * Provide the CA certificate (read-only).
      */
     readonly certificate: pulumi.Output<string>;
     readonly createdAt: pulumi.Output<string>;
     readonly expiresOn: pulumi.Output<string>;
     /**
-     * The SHA256 fingerprint of the certificate.
+     * Provide the SHA256 fingerprint of the certificate (read-only).
      */
     readonly fingerprint: pulumi.Output<string>;
     /**
-     * Use this certificate for Gateway TLS interception
+     * Indicate whether Gateway TLS interception uses this certificate (read-only). You cannot set this value directly. To configure interception, use the Gateway configuration setting named <span pulumi-lang-nodejs="`certificate`" pulumi-lang-dotnet="`Certificate`" pulumi-lang-go="`certificate`" pulumi-lang-python="`certificate`" pulumi-lang-yaml="`certificate`" pulumi-lang-java="`certificate`">`certificate`</span> (read-only).
      */
     readonly inUse: pulumi.Output<boolean>;
     /**
-     * The organization that issued the certificate.
+     * Indicate the organization that issued the certificate (read-only).
      */
     readonly issuerOrg: pulumi.Output<string>;
     /**
-     * The entire issuer field of the certificate.
+     * Provide the entire issuer field of the certificate (read-only).
      */
     readonly issuerRaw: pulumi.Output<string>;
     /**
-     * The type of certificate, either BYO-PKI (custom) or Gateway-managed. Available values: "custom", "gateway_managed".
+     * Indicate the read-only certificate type, BYO-PKI (custom) or Gateway-managed.
+     * Available values: "custom", <span pulumi-lang-nodejs=""gatewayManaged"" pulumi-lang-dotnet=""GatewayManaged"" pulumi-lang-go=""gatewayManaged"" pulumi-lang-python=""gateway_managed"" pulumi-lang-yaml=""gatewayManaged"" pulumi-lang-java=""gatewayManaged"">"gateway_managed"</span>.
      */
     readonly type: pulumi.Output<string>;
     readonly updatedAt: pulumi.Output<string>;
     readonly uploadedOn: pulumi.Output<string>;
     /**
-     * Number of days the generated certificate will be valid, minimum 1 day and maximum 30 years. Defaults to 5 years.
+     * Sets the certificate validity period in days (range: 1-10,950 days / ~30 years). Defaults to 1,825 days (5 years). **Important**: This field is only settable during the certificate creation.  Certificates becomes immutable after creation - use the `/activate` and `/deactivate` endpoints to manage certificate lifecycle.
      */
     readonly validityPeriodDays: pulumi.Output<number | undefined>;
     /**
@@ -69,41 +73,45 @@ export declare class ZeroTrustGatewayCertificate extends pulumi.CustomResource {
 export interface ZeroTrustGatewayCertificateState {
     accountId?: pulumi.Input<string>;
     /**
-     * The deployment status of the certificate on Cloudflare's edge. Certificates in the 'available' (previously called
-     * 'active') state may be used for Gateway TLS interception. Available values: "pending_deployment", "available",
-     * "pending_deletion", "inactive".
+     * Whether to activate the certificate on Cloudflare's edge. When true, the certificate will be activated. When false, the certificate will be deactivated at the edge. This is a Terraform-only field and does not appear in the API response. Monitor <span pulumi-lang-nodejs="`bindingStatus`" pulumi-lang-dotnet="`BindingStatus`" pulumi-lang-go="`bindingStatus`" pulumi-lang-python="`binding_status`" pulumi-lang-yaml="`bindingStatus`" pulumi-lang-java="`bindingStatus`">`binding_status`</span> for the activation status. Once a certificate is activated, you may use the certificate to intercept traffic
+     */
+    activate?: pulumi.Input<boolean>;
+    /**
+     * Indicate the read-only deployment status of the certificate on Cloudflare's edge. Gateway TLS interception can use certificates in the 'available' (previously called 'active') state.
+     * Available values: <span pulumi-lang-nodejs=""pendingDeployment"" pulumi-lang-dotnet=""PendingDeployment"" pulumi-lang-go=""pendingDeployment"" pulumi-lang-python=""pending_deployment"" pulumi-lang-yaml=""pendingDeployment"" pulumi-lang-java=""pendingDeployment"">"pending_deployment"</span>, "available", <span pulumi-lang-nodejs=""pendingDeletion"" pulumi-lang-dotnet=""PendingDeletion"" pulumi-lang-go=""pendingDeletion"" pulumi-lang-python=""pending_deletion"" pulumi-lang-yaml=""pendingDeletion"" pulumi-lang-java=""pendingDeletion"">"pending_deletion"</span>, "inactive".
      */
     bindingStatus?: pulumi.Input<string>;
     /**
-     * The CA certificate
+     * Provide the CA certificate (read-only).
      */
     certificate?: pulumi.Input<string>;
     createdAt?: pulumi.Input<string>;
     expiresOn?: pulumi.Input<string>;
     /**
-     * The SHA256 fingerprint of the certificate.
+     * Provide the SHA256 fingerprint of the certificate (read-only).
      */
     fingerprint?: pulumi.Input<string>;
     /**
-     * Use this certificate for Gateway TLS interception
+     * Indicate whether Gateway TLS interception uses this certificate (read-only). You cannot set this value directly. To configure interception, use the Gateway configuration setting named <span pulumi-lang-nodejs="`certificate`" pulumi-lang-dotnet="`Certificate`" pulumi-lang-go="`certificate`" pulumi-lang-python="`certificate`" pulumi-lang-yaml="`certificate`" pulumi-lang-java="`certificate`">`certificate`</span> (read-only).
      */
     inUse?: pulumi.Input<boolean>;
     /**
-     * The organization that issued the certificate.
+     * Indicate the organization that issued the certificate (read-only).
      */
     issuerOrg?: pulumi.Input<string>;
     /**
-     * The entire issuer field of the certificate.
+     * Provide the entire issuer field of the certificate (read-only).
      */
     issuerRaw?: pulumi.Input<string>;
     /**
-     * The type of certificate, either BYO-PKI (custom) or Gateway-managed. Available values: "custom", "gateway_managed".
+     * Indicate the read-only certificate type, BYO-PKI (custom) or Gateway-managed.
+     * Available values: "custom", <span pulumi-lang-nodejs=""gatewayManaged"" pulumi-lang-dotnet=""GatewayManaged"" pulumi-lang-go=""gatewayManaged"" pulumi-lang-python=""gateway_managed"" pulumi-lang-yaml=""gatewayManaged"" pulumi-lang-java=""gatewayManaged"">"gateway_managed"</span>.
      */
     type?: pulumi.Input<string>;
     updatedAt?: pulumi.Input<string>;
     uploadedOn?: pulumi.Input<string>;
     /**
-     * Number of days the generated certificate will be valid, minimum 1 day and maximum 30 years. Defaults to 5 years.
+     * Sets the certificate validity period in days (range: 1-10,950 days / ~30 years). Defaults to 1,825 days (5 years). **Important**: This field is only settable during the certificate creation.  Certificates becomes immutable after creation - use the `/activate` and `/deactivate` endpoints to manage certificate lifecycle.
      */
     validityPeriodDays?: pulumi.Input<number>;
 }
@@ -113,7 +121,11 @@ export interface ZeroTrustGatewayCertificateState {
 export interface ZeroTrustGatewayCertificateArgs {
     accountId: pulumi.Input<string>;
     /**
-     * Number of days the generated certificate will be valid, minimum 1 day and maximum 30 years. Defaults to 5 years.
+     * Whether to activate the certificate on Cloudflare's edge. When true, the certificate will be activated. When false, the certificate will be deactivated at the edge. This is a Terraform-only field and does not appear in the API response. Monitor <span pulumi-lang-nodejs="`bindingStatus`" pulumi-lang-dotnet="`BindingStatus`" pulumi-lang-go="`bindingStatus`" pulumi-lang-python="`binding_status`" pulumi-lang-yaml="`bindingStatus`" pulumi-lang-java="`bindingStatus`">`binding_status`</span> for the activation status. Once a certificate is activated, you may use the certificate to intercept traffic
+     */
+    activate?: pulumi.Input<boolean>;
+    /**
+     * Sets the certificate validity period in days (range: 1-10,950 days / ~30 years). Defaults to 1,825 days (5 years). **Important**: This field is only settable during the certificate creation.  Certificates becomes immutable after creation - use the `/activate` and `/deactivate` endpoints to manage certificate lifecycle.
      */
     validityPeriodDays?: pulumi.Input<number>;
 }

package/bin/zeroTrustGatewayCertificate.js

@@ -16,7 +16,7 @@ class ZeroTrustGatewayCertificate extends pulumi.CustomResource {
      * @param opts Optional settings to control the behavior of the CustomResource.
      */
     static get(name, id, state, opts) {
-        return new ZeroTrustGatewayCertificate(name, state, Object.assign(Object.assign({}, opts), { id: id }));
+        return new ZeroTrustGatewayCertificate(name, state, { ...opts, id: id });
     }
     /**
      * Returns true if the given object is an instance of ZeroTrustGatewayCertificate.  This is designed to work even
@@ -33,27 +33,29 @@ class ZeroTrustGatewayCertificate extends pulumi.CustomResource {
         opts = opts || {};
         if (opts.id) {
             const state = argsOrState;
-            resourceInputs["accountId"] = state ? state.accountId : undefined;
-            resourceInputs["bindingStatus"] = state ? state.bindingStatus : undefined;
-            resourceInputs["certificate"] = state ? state.certificate : undefined;
-            resourceInputs["createdAt"] = state ? state.createdAt : undefined;
-            resourceInputs["expiresOn"] = state ? state.expiresOn : undefined;
-            resourceInputs["fingerprint"] = state ? state.fingerprint : undefined;
-            resourceInputs["inUse"] = state ? state.inUse : undefined;
-            resourceInputs["issuerOrg"] = state ? state.issuerOrg : undefined;
-            resourceInputs["issuerRaw"] = state ? state.issuerRaw : undefined;
-            resourceInputs["type"] = state ? state.type : undefined;
-            resourceInputs["updatedAt"] = state ? state.updatedAt : undefined;
-            resourceInputs["uploadedOn"] = state ? state.uploadedOn : undefined;
-            resourceInputs["validityPeriodDays"] = state ? state.validityPeriodDays : undefined;
+            resourceInputs["accountId"] = state?.accountId;
+            resourceInputs["activate"] = state?.activate;
+            resourceInputs["bindingStatus"] = state?.bindingStatus;
+            resourceInputs["certificate"] = state?.certificate;
+            resourceInputs["createdAt"] = state?.createdAt;
+            resourceInputs["expiresOn"] = state?.expiresOn;
+            resourceInputs["fingerprint"] = state?.fingerprint;
+            resourceInputs["inUse"] = state?.inUse;
+            resourceInputs["issuerOrg"] = state?.issuerOrg;
+            resourceInputs["issuerRaw"] = state?.issuerRaw;
+            resourceInputs["type"] = state?.type;
+            resourceInputs["updatedAt"] = state?.updatedAt;
+            resourceInputs["uploadedOn"] = state?.uploadedOn;
+            resourceInputs["validityPeriodDays"] = state?.validityPeriodDays;
         }
         else {
             const args = argsOrState;
-            if ((!args || args.accountId === undefined) && !opts.urn) {
+            if (args?.accountId === undefined && !opts.urn) {
                 throw new Error("Missing required property 'accountId'");
             }
-            resourceInputs["accountId"] = args ? args.accountId : undefined;
-            resourceInputs["validityPeriodDays"] = args ? args.validityPeriodDays : undefined;
+            resourceInputs["accountId"] = args?.accountId;
+            resourceInputs["activate"] = args?.activate;
+            resourceInputs["validityPeriodDays"] = args?.validityPeriodDays;
             resourceInputs["bindingStatus"] = undefined /*out*/;
             resourceInputs["certificate"] = undefined /*out*/;
             resourceInputs["createdAt"] = undefined /*out*/;

package/bin/zeroTrustGatewayCertificate.js.map

@@ -1 +1 @@
-{"version":3,"file":"zeroTrustGatewayCertificate.js","sourceRoot":"","sources":["../zeroTrustGatewayCertificate.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC,MAAa,2BAA4B,SAAQ,MAAM,CAAC,cAAc;IAClE;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAwC,EAAE,IAAmC;QACtI,OAAO,IAAI,2BAA2B,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAClF,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,2BAA2B,CAAC,YAAY,CAAC;IAC5E,CAAC;IAkDD,YAAY,IAAY,EAAE,WAAgF,EAAE,IAAmC;QAC3I,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA2D,CAAC;YAC1E,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;SACvF;aAAM;YACH,MAAM,IAAI,GAAG,WAA0D,CAAC;YACxE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACtD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,eAAe,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACpD,cAAc,CAAC,aAAa,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAClD,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAChD,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAChD,cAAc,CAAC,aAAa,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAClD,cAAc,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC5C,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAChD,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAChD,cAAc,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC3C,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAChD,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACpD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,2BAA2B,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,CAAC,cAAc,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC,CAAC;IAC9H,CAAC;;AAnHL,kEAoHC;AAtGG,gBAAgB;AACO,wCAAY,GAAG,0EAA0E,CAAC"}
+{"version":3,"file":"zeroTrustGatewayCertificate.js","sourceRoot":"","sources":["../zeroTrustGatewayCertificate.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC,MAAa,2BAA4B,SAAQ,MAAM,CAAC,cAAc;IAClE;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAwC,EAAE,IAAmC;QACtI,OAAO,IAAI,2BAA2B,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAClF,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,2BAA2B,CAAC,YAAY,CAAC;IAC5E,CAAC;IAsDD,YAAY,IAAY,EAAE,WAAgF,EAAE,IAAmC;QAC3I,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA2D,CAAC;YAC1E,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,EAAE,KAAK,CAAC;YACvC,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,EAAE,IAAI,CAAC;YACrC,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,EAAE,kBAAkB,CAAC;SACpE;aAAM;YACH,MAAM,IAAI,GAAG,WAA0D,CAAC;YACxE,IAAI,IAAI,EAAE,SAAS,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC5C,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,EAAE,kBAAkB,CAAC;YAChE,cAAc,CAAC,eAAe,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACpD,cAAc,CAAC,aAAa,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAClD,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAChD,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAChD,cAAc,CAAC,aAAa,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAClD,cAAc,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC5C,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAChD,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAChD,cAAc,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC3C,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAChD,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACpD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,2BAA2B,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,CAAC,cAAc,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC,CAAC;IAC9H,CAAC;;AAzHL,kEA0HC;AA5GG,gBAAgB;AACO,wCAAY,GAAG,0EAA0E,CAAC"}

package/bin/zeroTrustGatewayLogging.d.ts

@@ -19,12 +19,11 @@ export declare class ZeroTrustGatewayLogging extends pulumi.CustomResource {
     static isInstance(obj: any): obj is ZeroTrustGatewayLogging;
     readonly accountId: pulumi.Output<string>;
     /**
-     * Redact personally identifiable information from activity logging (PII fields are: source IP, user email, user ID, device
-     * ID, URL, referrer, user agent).
+     * Indicate whether to redact personally identifiable information from activity logging (PII fields include source IP, user email, user ID, device ID, URL, referrer, and user agent).
      */
-    readonly redactPii: pulumi.Output<boolean | undefined>;
+    readonly redactPii: pulumi.Output<boolean>;
     /**
-     * Logging settings by rule type.
+     * Configure logging settings for each rule type.
      */
     readonly settingsByRuleType: pulumi.Output<outputs.ZeroTrustGatewayLoggingSettingsByRuleType>;
     /**
@@ -42,12 +41,11 @@ export declare class ZeroTrustGatewayLogging extends pulumi.CustomResource {
 export interface ZeroTrustGatewayLoggingState {
     accountId?: pulumi.Input<string>;
     /**
-     * Redact personally identifiable information from activity logging (PII fields are: source IP, user email, user ID, device
-     * ID, URL, referrer, user agent).
+     * Indicate whether to redact personally identifiable information from activity logging (PII fields include source IP, user email, user ID, device ID, URL, referrer, and user agent).
      */
     redactPii?: pulumi.Input<boolean>;
     /**
-     * Logging settings by rule type.
+     * Configure logging settings for each rule type.
      */
     settingsByRuleType?: pulumi.Input<inputs.ZeroTrustGatewayLoggingSettingsByRuleType>;
 }
@@ -57,12 +55,11 @@ export interface ZeroTrustGatewayLoggingState {
 export interface ZeroTrustGatewayLoggingArgs {
     accountId: pulumi.Input<string>;
     /**
-     * Redact personally identifiable information from activity logging (PII fields are: source IP, user email, user ID, device
-     * ID, URL, referrer, user agent).
+     * Indicate whether to redact personally identifiable information from activity logging (PII fields include source IP, user email, user ID, device ID, URL, referrer, and user agent).
      */
     redactPii?: pulumi.Input<boolean>;
     /**
-     * Logging settings by rule type.
+     * Configure logging settings for each rule type.
      */
     settingsByRuleType?: pulumi.Input<inputs.ZeroTrustGatewayLoggingSettingsByRuleType>;
 }

package/bin/zeroTrustGatewayLogging.js

@@ -16,7 +16,7 @@ class ZeroTrustGatewayLogging extends pulumi.CustomResource {
      * @param opts Optional settings to control the behavior of the CustomResource.
      */
     static get(name, id, state, opts) {
-        return new ZeroTrustGatewayLogging(name, state, Object.assign(Object.assign({}, opts), { id: id }));
+        return new ZeroTrustGatewayLogging(name, state, { ...opts, id: id });
     }
     /**
      * Returns true if the given object is an instance of ZeroTrustGatewayLogging.  This is designed to work even
@@ -33,18 +33,18 @@ class ZeroTrustGatewayLogging extends pulumi.CustomResource {
         opts = opts || {};
         if (opts.id) {
             const state = argsOrState;
-            resourceInputs["accountId"] = state ? state.accountId : undefined;
-            resourceInputs["redactPii"] = state ? state.redactPii : undefined;
-            resourceInputs["settingsByRuleType"] = state ? state.settingsByRuleType : undefined;
+            resourceInputs["accountId"] = state?.accountId;
+            resourceInputs["redactPii"] = state?.redactPii;
+            resourceInputs["settingsByRuleType"] = state?.settingsByRuleType;
         }
         else {
             const args = argsOrState;
-            if ((!args || args.accountId === undefined) && !opts.urn) {
+            if (args?.accountId === undefined && !opts.urn) {
                 throw new Error("Missing required property 'accountId'");
             }
-            resourceInputs["accountId"] = args ? args.accountId : undefined;
-            resourceInputs["redactPii"] = args ? args.redactPii : undefined;
-            resourceInputs["settingsByRuleType"] = args ? args.settingsByRuleType : undefined;
+            resourceInputs["accountId"] = args?.accountId;
+            resourceInputs["redactPii"] = args?.redactPii;
+            resourceInputs["settingsByRuleType"] = args?.settingsByRuleType;
         }
         opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
         super(ZeroTrustGatewayLogging.__pulumiType, name, resourceInputs, opts, false /*dependency*/, utilities.getPackage());

package/bin/zeroTrustGatewayLogging.js.map

@@ -1 +1 @@
-{"version":3,"file":"zeroTrustGatewayLogging.js","sourceRoot":"","sources":["../zeroTrustGatewayLogging.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC,MAAa,uBAAwB,SAAQ,MAAM,CAAC,cAAc;IAC9D;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAoC,EAAE,IAAmC;QAClI,OAAO,IAAI,uBAAuB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC9E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,uBAAuB,CAAC,YAAY,CAAC;IACxE,CAAC;IAqBD,YAAY,IAAY,EAAE,WAAwE,EAAE,IAAmC;QACnI,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAuD,CAAC;YACtE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;SACvF;aAAM;YACH,MAAM,IAAI,GAAG,WAAsD,CAAC;YACpE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACtD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;SACrF;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,uBAAuB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,CAAC,cAAc,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC,CAAC;IAC1H,CAAC;;AAlEL,0DAmEC;AArDG,gBAAgB;AACO,oCAAY,GAAG,kEAAkE,CAAC"}
+{"version":3,"file":"zeroTrustGatewayLogging.js","sourceRoot":"","sources":["../zeroTrustGatewayLogging.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC,MAAa,uBAAwB,SAAQ,MAAM,CAAC,cAAc;IAC9D;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAoC,EAAE,IAAmC;QAClI,OAAO,IAAI,uBAAuB,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC9E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,uBAAuB,CAAC,YAAY,CAAC;IACxE,CAAC;IAoBD,YAAY,IAAY,EAAE,WAAwE,EAAE,IAAmC;QACnI,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAuD,CAAC;YACtE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,EAAE,kBAAkB,CAAC;SACpE;aAAM;YACH,MAAM,IAAI,GAAG,WAAsD,CAAC;YACpE,IAAI,IAAI,EAAE,SAAS,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC5C,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,EAAE,kBAAkB,CAAC;SACnE;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,uBAAuB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,KAAK,CAAC,cAAc,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC,CAAC;IAC1H,CAAC;;AAjEL,0DAkEC;AApDG,gBAAgB;AACO,oCAAY,GAAG,kEAAkE,CAAC"}

package/bin/zeroTrustGatewayPolicy.d.ts

@@ -19,67 +19,80 @@ export declare class ZeroTrustGatewayPolicy extends pulumi.CustomResource {
     static isInstance(obj: any): obj is ZeroTrustGatewayPolicy;
     readonly accountId: pulumi.Output<string>;
     /**
-     * The action to preform when the associated traffic, identity, and device posture expressions are either absent or
-     * evaluate to `true`. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted",
-     * "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine".
+     * Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to <span pulumi-lang-nodejs="`true`" pulumi-lang-dotnet="`True`" pulumi-lang-go="`true`" pulumi-lang-python="`true`" pulumi-lang-yaml="`true`" pulumi-lang-java="`true`">`true`</span>.
+     * Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", <span pulumi-lang-nodejs=""l4Override"" pulumi-lang-dotnet=""L4Override"" pulumi-lang-go=""l4Override"" pulumi-lang-python=""l4_override"" pulumi-lang-yaml=""l4Override"" pulumi-lang-java=""l4Override"">"l4_override"</span>, "egress", "resolve", "quarantine", "redirect".
      */
     readonly action: pulumi.Output<string>;
     readonly createdAt: pulumi.Output<string>;
     /**
-     * Date of deletion, if any.
+     * Indicate the date of deletion, if any.
      */
     readonly deletedAt: pulumi.Output<string>;
     /**
-     * The description of the rule.
+     * Specify the rule description.
      */
     readonly description: pulumi.Output<string | undefined>;
     /**
-     * The wirefilter expression used for device posture check matching.
+     * Specify the wirefilter expression used for device posture check. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response.
      */
-    readonly devicePosture: pulumi.Output<string | undefined>;
+    readonly devicePosture: pulumi.Output<string>;
     /**
-     * True if the rule is enabled.
+     * Specify whether the rule is enabled.
      */
-    readonly enabled: pulumi.Output<boolean | undefined>;
+    readonly enabled: pulumi.Output<boolean>;
     /**
-     * The expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's `schedule`
-     * configuration, if any. This does not apply to HTTP or network policies.
+     * Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's <span pulumi-lang-nodejs="`schedule`" pulumi-lang-dotnet="`Schedule`" pulumi-lang-go="`schedule`" pulumi-lang-python="`schedule`" pulumi-lang-yaml="`schedule`" pulumi-lang-java="`schedule`">`schedule`</span> configuration, if any. This  does not apply to HTTP or network policies. Settable only for <span pulumi-lang-nodejs="`dns`" pulumi-lang-dotnet="`Dns`" pulumi-lang-go="`dns`" pulumi-lang-python="`dns`" pulumi-lang-yaml="`dns`" pulumi-lang-java="`dns`">`dns`</span> rules.
      */
     readonly expiration: pulumi.Output<outputs.ZeroTrustGatewayPolicyExpiration>;
     /**
-     * The protocol or layer to evaluate the traffic, identity, and device posture expressions.
+     * Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions. Can only contain a single value.
      */
     readonly filters: pulumi.Output<string[] | undefined>;
     /**
-     * The wirefilter expression used for identity matching.
+     * Specify the wirefilter expression used for identity matching. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response.
      */
-    readonly identity: pulumi.Output<string | undefined>;
+    readonly identity: pulumi.Output<string>;
     /**
-     * The name of the rule.
+     * Specify the rule name.
      */
     readonly name: pulumi.Output<string>;
     /**
-     * Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable
-     * rules are evaluated in ascending order of this value.
+     * Set the order of your rules. Lower values indicate higher precedence. At each processing phase, evaluate applicable rules in ascending order of this value. Refer to [Order of enforcement](http://developers.cloudflare.com/learning-paths/secure-internet-traffic/understand-policies/order-of-enforcement/#manage-precedence-with-terraform) to manage precedence via Terraform.
      */
-    readonly precedence: pulumi.Output<number | undefined>;
+    readonly precedence: pulumi.Output<number>;
     /**
-     * Additional settings that modify the rule's action.
+     * Indicate that this rule is shared via the Orgs API and read only.
+     */
+    readonly readOnly: pulumi.Output<boolean>;
+    /**
+     * Defines settings for this rule. Settings apply only to specific rule types and must use compatible selectors. If Terraform detects drift, confirm the setting supports your rule type and check whether the API modifies the value. Use API-returned values in your configuration to prevent drift.
      */
     readonly ruleSettings: pulumi.Output<outputs.ZeroTrustGatewayPolicyRuleSettings>;
     /**
-     * The schedule for activating DNS policies. This does not apply to HTTP or network policies.
+     * Defines the schedule for activating DNS policies. Settable only for <span pulumi-lang-nodejs="`dns`" pulumi-lang-dotnet="`Dns`" pulumi-lang-go="`dns`" pulumi-lang-python="`dns`" pulumi-lang-yaml="`dns`" pulumi-lang-java="`dns`">`dns`</span> and <span pulumi-lang-nodejs="`dnsResolver`" pulumi-lang-dotnet="`DnsResolver`" pulumi-lang-go="`dnsResolver`" pulumi-lang-python="`dns_resolver`" pulumi-lang-yaml="`dnsResolver`" pulumi-lang-java="`dnsResolver`">`dns_resolver`</span> rules.
      */
     readonly schedule: pulumi.Output<outputs.ZeroTrustGatewayPolicySchedule>;
     /**
-     * The wirefilter expression used for traffic matching.
+     * Indicate that this rule is sharable via the Orgs API.
+     */
+    readonly sharable: pulumi.Output<boolean>;
+    /**
+     * Provide the account tag of the account that created the rule.
      */
-    readonly traffic: pulumi.Output<string | undefined>;
+    readonly sourceAccount: pulumi.Output<string>;
+    /**
+     * Specify the wirefilter expression used for traffic matching. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response.
+     */
+    readonly traffic: pulumi.Output<string>;
     readonly updatedAt: pulumi.Output<string>;
     /**
-     * version number of the rule
+     * Indicate the version number of the rule(read-only).
      */
     readonly version: pulumi.Output<number>;
+    /**
+     * Indicate a warning for a misconfigured rule, if any.
+     */
+    readonly warningStatus: pulumi.Output<string>;
     /**
      * Create a ZeroTrustGatewayPolicy resource with the given unique name, arguments, and options.
      *
@@ -95,67 +108,80 @@ export declare class ZeroTrustGatewayPolicy extends pulumi.CustomResource {
 export interface ZeroTrustGatewayPolicyState {
     accountId?: pulumi.Input<string>;
     /**
-     * The action to preform when the associated traffic, identity, and device posture expressions are either absent or
-     * evaluate to `true`. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted",
-     * "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine".
+     * Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to <span pulumi-lang-nodejs="`true`" pulumi-lang-dotnet="`True`" pulumi-lang-go="`true`" pulumi-lang-python="`true`" pulumi-lang-yaml="`true`" pulumi-lang-java="`true`">`true`</span>.
+     * Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", <span pulumi-lang-nodejs=""l4Override"" pulumi-lang-dotnet=""L4Override"" pulumi-lang-go=""l4Override"" pulumi-lang-python=""l4_override"" pulumi-lang-yaml=""l4Override"" pulumi-lang-java=""l4Override"">"l4_override"</span>, "egress", "resolve", "quarantine", "redirect".
      */
     action?: pulumi.Input<string>;
     createdAt?: pulumi.Input<string>;
     /**
-     * Date of deletion, if any.
+     * Indicate the date of deletion, if any.
      */
     deletedAt?: pulumi.Input<string>;
     /**
-     * The description of the rule.
+     * Specify the rule description.
      */
     description?: pulumi.Input<string>;
     /**
-     * The wirefilter expression used for device posture check matching.
+     * Specify the wirefilter expression used for device posture check. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response.
      */
     devicePosture?: pulumi.Input<string>;
     /**
-     * True if the rule is enabled.
+     * Specify whether the rule is enabled.
      */
     enabled?: pulumi.Input<boolean>;
     /**
-     * The expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's `schedule`
-     * configuration, if any. This does not apply to HTTP or network policies.
+     * Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's <span pulumi-lang-nodejs="`schedule`" pulumi-lang-dotnet="`Schedule`" pulumi-lang-go="`schedule`" pulumi-lang-python="`schedule`" pulumi-lang-yaml="`schedule`" pulumi-lang-java="`schedule`">`schedule`</span> configuration, if any. This  does not apply to HTTP or network policies. Settable only for <span pulumi-lang-nodejs="`dns`" pulumi-lang-dotnet="`Dns`" pulumi-lang-go="`dns`" pulumi-lang-python="`dns`" pulumi-lang-yaml="`dns`" pulumi-lang-java="`dns`">`dns`</span> rules.
      */
     expiration?: pulumi.Input<inputs.ZeroTrustGatewayPolicyExpiration>;
     /**
-     * The protocol or layer to evaluate the traffic, identity, and device posture expressions.
+     * Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions. Can only contain a single value.
      */
     filters?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * The wirefilter expression used for identity matching.
+     * Specify the wirefilter expression used for identity matching. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response.
      */
     identity?: pulumi.Input<string>;
     /**
-     * The name of the rule.
+     * Specify the rule name.
      */
     name?: pulumi.Input<string>;
     /**
-     * Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable
-     * rules are evaluated in ascending order of this value.
+     * Set the order of your rules. Lower values indicate higher precedence. At each processing phase, evaluate applicable rules in ascending order of this value. Refer to [Order of enforcement](http://developers.cloudflare.com/learning-paths/secure-internet-traffic/understand-policies/order-of-enforcement/#manage-precedence-with-terraform) to manage precedence via Terraform.
      */
     precedence?: pulumi.Input<number>;
     /**
-     * Additional settings that modify the rule's action.
+     * Indicate that this rule is shared via the Orgs API and read only.
+     */
+    readOnly?: pulumi.Input<boolean>;
+    /**
+     * Defines settings for this rule. Settings apply only to specific rule types and must use compatible selectors. If Terraform detects drift, confirm the setting supports your rule type and check whether the API modifies the value. Use API-returned values in your configuration to prevent drift.
      */
     ruleSettings?: pulumi.Input<inputs.ZeroTrustGatewayPolicyRuleSettings>;
     /**
-     * The schedule for activating DNS policies. This does not apply to HTTP or network policies.
+     * Defines the schedule for activating DNS policies. Settable only for <span pulumi-lang-nodejs="`dns`" pulumi-lang-dotnet="`Dns`" pulumi-lang-go="`dns`" pulumi-lang-python="`dns`" pulumi-lang-yaml="`dns`" pulumi-lang-java="`dns`">`dns`</span> and <span pulumi-lang-nodejs="`dnsResolver`" pulumi-lang-dotnet="`DnsResolver`" pulumi-lang-go="`dnsResolver`" pulumi-lang-python="`dns_resolver`" pulumi-lang-yaml="`dnsResolver`" pulumi-lang-java="`dnsResolver`">`dns_resolver`</span> rules.
      */
     schedule?: pulumi.Input<inputs.ZeroTrustGatewayPolicySchedule>;
     /**
-     * The wirefilter expression used for traffic matching.
+     * Indicate that this rule is sharable via the Orgs API.
+     */
+    sharable?: pulumi.Input<boolean>;
+    /**
+     * Provide the account tag of the account that created the rule.
+     */
+    sourceAccount?: pulumi.Input<string>;
+    /**
+     * Specify the wirefilter expression used for traffic matching. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response.
      */
     traffic?: pulumi.Input<string>;
     updatedAt?: pulumi.Input<string>;
     /**
-     * version number of the rule
+     * Indicate the version number of the rule(read-only).
      */
     version?: pulumi.Input<number>;
+    /**
+     * Indicate a warning for a misconfigured rule, if any.
+     */
+    warningStatus?: pulumi.Input<string>;
 }
 /**
  * The set of arguments for constructing a ZeroTrustGatewayPolicy resource.
@@ -163,55 +189,52 @@ export interface ZeroTrustGatewayPolicyState {
 export interface ZeroTrustGatewayPolicyArgs {
     accountId: pulumi.Input<string>;
     /**
-     * The action to preform when the associated traffic, identity, and device posture expressions are either absent or
-     * evaluate to `true`. Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted",
-     * "isolate", "noisolate", "override", "l4_override", "egress", "resolve", "quarantine".
+     * Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to <span pulumi-lang-nodejs="`true`" pulumi-lang-dotnet="`True`" pulumi-lang-go="`true`" pulumi-lang-python="`true`" pulumi-lang-yaml="`true`" pulumi-lang-java="`true`">`true`</span>.
+     * Available values: "on", "off", "allow", "block", "scan", "noscan", "safesearch", "ytrestricted", "isolate", "noisolate", "override", <span pulumi-lang-nodejs=""l4Override"" pulumi-lang-dotnet=""L4Override"" pulumi-lang-go=""l4Override"" pulumi-lang-python=""l4_override"" pulumi-lang-yaml=""l4Override"" pulumi-lang-java=""l4Override"">"l4_override"</span>, "egress", "resolve", "quarantine", "redirect".
      */
     action: pulumi.Input<string>;
     /**
-     * The description of the rule.
+     * Specify the rule description.
      */
     description?: pulumi.Input<string>;
     /**
-     * The wirefilter expression used for device posture check matching.
+     * Specify the wirefilter expression used for device posture check. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response.
      */
     devicePosture?: pulumi.Input<string>;
     /**
-     * True if the rule is enabled.
+     * Specify whether the rule is enabled.
      */
     enabled?: pulumi.Input<boolean>;
     /**
-     * The expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's `schedule`
-     * configuration, if any. This does not apply to HTTP or network policies.
+     * Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's <span pulumi-lang-nodejs="`schedule`" pulumi-lang-dotnet="`Schedule`" pulumi-lang-go="`schedule`" pulumi-lang-python="`schedule`" pulumi-lang-yaml="`schedule`" pulumi-lang-java="`schedule`">`schedule`</span> configuration, if any. This  does not apply to HTTP or network policies. Settable only for <span pulumi-lang-nodejs="`dns`" pulumi-lang-dotnet="`Dns`" pulumi-lang-go="`dns`" pulumi-lang-python="`dns`" pulumi-lang-yaml="`dns`" pulumi-lang-java="`dns`">`dns`</span> rules.
      */
     expiration?: pulumi.Input<inputs.ZeroTrustGatewayPolicyExpiration>;
     /**
-     * The protocol or layer to evaluate the traffic, identity, and device posture expressions.
+     * Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions. Can only contain a single value.
      */
     filters?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * The wirefilter expression used for identity matching.
+     * Specify the wirefilter expression used for identity matching. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response.
      */
     identity?: pulumi.Input<string>;
     /**
-     * The name of the rule.
+     * Specify the rule name.
      */
     name?: pulumi.Input<string>;
     /**
-     * Precedence sets the order of your rules. Lower values indicate higher precedence. At each processing phase, applicable
-     * rules are evaluated in ascending order of this value.
+     * Set the order of your rules. Lower values indicate higher precedence. At each processing phase, evaluate applicable rules in ascending order of this value. Refer to [Order of enforcement](http://developers.cloudflare.com/learning-paths/secure-internet-traffic/understand-policies/order-of-enforcement/#manage-precedence-with-terraform) to manage precedence via Terraform.
      */
     precedence?: pulumi.Input<number>;
     /**
-     * Additional settings that modify the rule's action.
+     * Defines settings for this rule. Settings apply only to specific rule types and must use compatible selectors. If Terraform detects drift, confirm the setting supports your rule type and check whether the API modifies the value. Use API-returned values in your configuration to prevent drift.
      */
     ruleSettings?: pulumi.Input<inputs.ZeroTrustGatewayPolicyRuleSettings>;
     /**
-     * The schedule for activating DNS policies. This does not apply to HTTP or network policies.
+     * Defines the schedule for activating DNS policies. Settable only for <span pulumi-lang-nodejs="`dns`" pulumi-lang-dotnet="`Dns`" pulumi-lang-go="`dns`" pulumi-lang-python="`dns`" pulumi-lang-yaml="`dns`" pulumi-lang-java="`dns`">`dns`</span> and <span pulumi-lang-nodejs="`dnsResolver`" pulumi-lang-dotnet="`DnsResolver`" pulumi-lang-go="`dnsResolver`" pulumi-lang-python="`dns_resolver`" pulumi-lang-yaml="`dnsResolver`" pulumi-lang-java="`dnsResolver`">`dns_resolver`</span> rules.
      */
     schedule?: pulumi.Input<inputs.ZeroTrustGatewayPolicySchedule>;
     /**
-     * The wirefilter expression used for traffic matching.
+     * Specify the wirefilter expression used for traffic matching. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response.
      */
     traffic?: pulumi.Input<string>;
 }