diff --git a/.stats.yml b/.stats.yml index 26b763d67c5..72b7f7f18cd 100644 --- a/.stats.yml +++ b/.stats.yml @@ -1,2 +1,2 @@ configured_endpoints: 1449 -openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-f3bf5786ed274253519d4c0cf9abb19fb072872380a2c0bf90917f78f16cfaa6.yml +openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-1c6fe7515b7879a7cd51bbe9433aeee5d3d30feaf519f42d0d81c64b19f45875.yml diff --git a/src/cloudflare/resources/zero_trust/access/applications/applications.py b/src/cloudflare/resources/zero_trust/access/applications/applications.py index f285c7f9c6c..fbf653c4ace 100644 --- a/src/cloudflare/resources/zero_trust/access/applications/applications.py +++ b/src/cloudflare/resources/zero_trust/access/applications/applications.py @@ -130,6 +130,7 @@ def create( custom_deny_url: str | NotGiven = NOT_GIVEN, custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_create_params.SelfHostedApplicationDestination] | NotGiven = NOT_GIVEN, enable_binding_cookie: bool | NotGiven = NOT_GIVEN, http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, logo_url: str | NotGiven = NOT_GIVEN, @@ -155,8 +156,8 @@ def create( Adds a new application to Access. Args: - domain: The primary hostname and path that Access will secure. If the app is visible in - the App Launcher dashboard, this is the domain that will be displayed. + domain: The primary hostname and path secured by Access. This domain will be displayed + if the app is visible in the App Launcher. type: The application type. @@ -188,6 +189,10 @@ def create( custom_pages: The custom pages that will be displayed when applicable for this application + destinations: List of destinations secured by Access. This supersedes `self_hosted_domains` to + allow for more flexibility in defining different types of domains. If + `destinations` are provided, then `self_hosted_domains` will be ignored. + enable_binding_cookie: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. @@ -214,7 +219,9 @@ def create( scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta. - self_hosted_domains: List of domains that Access will secure. + self_hosted_domains: List of public domains that Access will secure. This field is deprecated in + favor of `destinations` and will be supported until **November 21, 2025.** If + `destinations` are provided, then `self_hosted_domains` will be ignored. service_auth_401_redirect: Returns a 401 status code when the request is blocked by a Service Auth policy. @@ -322,6 +329,7 @@ def create( custom_deny_url: str | NotGiven = NOT_GIVEN, custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_create_params.BrowserSSHApplicationDestination] | NotGiven = NOT_GIVEN, enable_binding_cookie: bool | NotGiven = NOT_GIVEN, http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, logo_url: str | NotGiven = NOT_GIVEN, @@ -347,8 +355,8 @@ def create( Adds a new application to Access. Args: - domain: The primary hostname and path that Access will secure. If the app is visible in - the App Launcher dashboard, this is the domain that will be displayed. + domain: The primary hostname and path secured by Access. This domain will be displayed + if the app is visible in the App Launcher. type: The application type. @@ -380,6 +388,10 @@ def create( custom_pages: The custom pages that will be displayed when applicable for this application + destinations: List of destinations secured by Access. This supersedes `self_hosted_domains` to + allow for more flexibility in defining different types of domains. If + `destinations` are provided, then `self_hosted_domains` will be ignored. + enable_binding_cookie: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. @@ -406,7 +418,9 @@ def create( scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta. - self_hosted_domains: List of domains that Access will secure. + self_hosted_domains: List of public domains that Access will secure. This field is deprecated in + favor of `destinations` and will be supported until **November 21, 2025.** If + `destinations` are provided, then `self_hosted_domains` will be ignored. service_auth_401_redirect: Returns a 401 status code when the request is blocked by a Service Auth policy. @@ -446,6 +460,7 @@ def create( custom_deny_url: str | NotGiven = NOT_GIVEN, custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_create_params.BrowserVNCApplicationDestination] | NotGiven = NOT_GIVEN, enable_binding_cookie: bool | NotGiven = NOT_GIVEN, http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, logo_url: str | NotGiven = NOT_GIVEN, @@ -471,8 +486,8 @@ def create( Adds a new application to Access. Args: - domain: The primary hostname and path that Access will secure. If the app is visible in - the App Launcher dashboard, this is the domain that will be displayed. + domain: The primary hostname and path secured by Access. This domain will be displayed + if the app is visible in the App Launcher. type: The application type. @@ -504,6 +519,10 @@ def create( custom_pages: The custom pages that will be displayed when applicable for this application + destinations: List of destinations secured by Access. This supersedes `self_hosted_domains` to + allow for more flexibility in defining different types of domains. If + `destinations` are provided, then `self_hosted_domains` will be ignored. + enable_binding_cookie: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. @@ -530,7 +549,9 @@ def create( scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta. - self_hosted_domains: List of domains that Access will secure. + self_hosted_domains: List of public domains that Access will secure. This field is deprecated in + favor of `destinations` and will be supported until **November 21, 2025.** If + `destinations` are provided, then `self_hosted_domains` will be ignored. service_auth_401_redirect: Returns a 401 status code when the request is blocked by a Service Auth policy. @@ -890,6 +911,7 @@ def create( custom_deny_url: str | NotGiven = NOT_GIVEN, custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_create_params.SelfHostedApplicationDestination] | NotGiven = NOT_GIVEN, enable_binding_cookie: bool | NotGiven = NOT_GIVEN, http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, logo_url: str | NotGiven = NOT_GIVEN, @@ -951,6 +973,7 @@ def create( "custom_deny_url": custom_deny_url, "custom_non_identity_deny_url": custom_non_identity_deny_url, "custom_pages": custom_pages, + "destinations": destinations, "enable_binding_cookie": enable_binding_cookie, "http_only_cookie_attribute": http_only_cookie_attribute, "logo_url": logo_url, @@ -1007,6 +1030,7 @@ def update( custom_deny_url: str | NotGiven = NOT_GIVEN, custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_update_params.SelfHostedApplicationDestination] | NotGiven = NOT_GIVEN, enable_binding_cookie: bool | NotGiven = NOT_GIVEN, http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, logo_url: str | NotGiven = NOT_GIVEN, @@ -1034,8 +1058,8 @@ def update( Args: app_id: Identifier - domain: The primary hostname and path that Access will secure. If the app is visible in - the App Launcher dashboard, this is the domain that will be displayed. + domain: The primary hostname and path secured by Access. This domain will be displayed + if the app is visible in the App Launcher. type: The application type. @@ -1067,6 +1091,10 @@ def update( custom_pages: The custom pages that will be displayed when applicable for this application + destinations: List of destinations secured by Access. This supersedes `self_hosted_domains` to + allow for more flexibility in defining different types of domains. If + `destinations` are provided, then `self_hosted_domains` will be ignored. + enable_binding_cookie: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. @@ -1093,7 +1121,9 @@ def update( scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta. - self_hosted_domains: List of domains that Access will secure. + self_hosted_domains: List of public domains that Access will secure. This field is deprecated in + favor of `destinations` and will be supported until **November 21, 2025.** If + `destinations` are provided, then `self_hosted_domains` will be ignored. service_auth_401_redirect: Returns a 401 status code when the request is blocked by a Service Auth policy. @@ -1205,6 +1235,7 @@ def update( custom_deny_url: str | NotGiven = NOT_GIVEN, custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_update_params.BrowserSSHApplicationDestination] | NotGiven = NOT_GIVEN, enable_binding_cookie: bool | NotGiven = NOT_GIVEN, http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, logo_url: str | NotGiven = NOT_GIVEN, @@ -1232,8 +1263,8 @@ def update( Args: app_id: Identifier - domain: The primary hostname and path that Access will secure. If the app is visible in - the App Launcher dashboard, this is the domain that will be displayed. + domain: The primary hostname and path secured by Access. This domain will be displayed + if the app is visible in the App Launcher. type: The application type. @@ -1265,6 +1296,10 @@ def update( custom_pages: The custom pages that will be displayed when applicable for this application + destinations: List of destinations secured by Access. This supersedes `self_hosted_domains` to + allow for more flexibility in defining different types of domains. If + `destinations` are provided, then `self_hosted_domains` will be ignored. + enable_binding_cookie: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. @@ -1291,7 +1326,9 @@ def update( scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta. - self_hosted_domains: List of domains that Access will secure. + self_hosted_domains: List of public domains that Access will secure. This field is deprecated in + favor of `destinations` and will be supported until **November 21, 2025.** If + `destinations` are provided, then `self_hosted_domains` will be ignored. service_auth_401_redirect: Returns a 401 status code when the request is blocked by a Service Auth policy. @@ -1332,6 +1369,7 @@ def update( custom_deny_url: str | NotGiven = NOT_GIVEN, custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_update_params.BrowserVNCApplicationDestination] | NotGiven = NOT_GIVEN, enable_binding_cookie: bool | NotGiven = NOT_GIVEN, http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, logo_url: str | NotGiven = NOT_GIVEN, @@ -1359,8 +1397,8 @@ def update( Args: app_id: Identifier - domain: The primary hostname and path that Access will secure. If the app is visible in - the App Launcher dashboard, this is the domain that will be displayed. + domain: The primary hostname and path secured by Access. This domain will be displayed + if the app is visible in the App Launcher. type: The application type. @@ -1392,6 +1430,10 @@ def update( custom_pages: The custom pages that will be displayed when applicable for this application + destinations: List of destinations secured by Access. This supersedes `self_hosted_domains` to + allow for more flexibility in defining different types of domains. If + `destinations` are provided, then `self_hosted_domains` will be ignored. + enable_binding_cookie: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. @@ -1418,7 +1460,9 @@ def update( scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta. - self_hosted_domains: List of domains that Access will secure. + self_hosted_domains: List of public domains that Access will secure. This field is deprecated in + favor of `destinations` and will be supported until **November 21, 2025.** If + `destinations` are provided, then `self_hosted_domains` will be ignored. service_auth_401_redirect: Returns a 401 status code when the request is blocked by a Service Auth policy. @@ -1794,6 +1838,7 @@ def update( custom_deny_url: str | NotGiven = NOT_GIVEN, custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_update_params.SelfHostedApplicationDestination] | NotGiven = NOT_GIVEN, enable_binding_cookie: bool | NotGiven = NOT_GIVEN, http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, logo_url: str | NotGiven = NOT_GIVEN, @@ -1857,6 +1902,7 @@ def update( "custom_deny_url": custom_deny_url, "custom_non_identity_deny_url": custom_non_identity_deny_url, "custom_pages": custom_pages, + "destinations": destinations, "enable_binding_cookie": enable_binding_cookie, "http_only_cookie_attribute": http_only_cookie_attribute, "logo_url": logo_url, @@ -2198,6 +2244,7 @@ async def create( custom_deny_url: str | NotGiven = NOT_GIVEN, custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_create_params.SelfHostedApplicationDestination] | NotGiven = NOT_GIVEN, enable_binding_cookie: bool | NotGiven = NOT_GIVEN, http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, logo_url: str | NotGiven = NOT_GIVEN, @@ -2223,8 +2270,8 @@ async def create( Adds a new application to Access. Args: - domain: The primary hostname and path that Access will secure. If the app is visible in - the App Launcher dashboard, this is the domain that will be displayed. + domain: The primary hostname and path secured by Access. This domain will be displayed + if the app is visible in the App Launcher. type: The application type. @@ -2256,6 +2303,10 @@ async def create( custom_pages: The custom pages that will be displayed when applicable for this application + destinations: List of destinations secured by Access. This supersedes `self_hosted_domains` to + allow for more flexibility in defining different types of domains. If + `destinations` are provided, then `self_hosted_domains` will be ignored. + enable_binding_cookie: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. @@ -2282,7 +2333,9 @@ async def create( scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta. - self_hosted_domains: List of domains that Access will secure. + self_hosted_domains: List of public domains that Access will secure. This field is deprecated in + favor of `destinations` and will be supported until **November 21, 2025.** If + `destinations` are provided, then `self_hosted_domains` will be ignored. service_auth_401_redirect: Returns a 401 status code when the request is blocked by a Service Auth policy. @@ -2390,6 +2443,7 @@ async def create( custom_deny_url: str | NotGiven = NOT_GIVEN, custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_create_params.BrowserSSHApplicationDestination] | NotGiven = NOT_GIVEN, enable_binding_cookie: bool | NotGiven = NOT_GIVEN, http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, logo_url: str | NotGiven = NOT_GIVEN, @@ -2415,8 +2469,8 @@ async def create( Adds a new application to Access. Args: - domain: The primary hostname and path that Access will secure. If the app is visible in - the App Launcher dashboard, this is the domain that will be displayed. + domain: The primary hostname and path secured by Access. This domain will be displayed + if the app is visible in the App Launcher. type: The application type. @@ -2448,6 +2502,10 @@ async def create( custom_pages: The custom pages that will be displayed when applicable for this application + destinations: List of destinations secured by Access. This supersedes `self_hosted_domains` to + allow for more flexibility in defining different types of domains. If + `destinations` are provided, then `self_hosted_domains` will be ignored. + enable_binding_cookie: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. @@ -2474,7 +2532,9 @@ async def create( scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta. - self_hosted_domains: List of domains that Access will secure. + self_hosted_domains: List of public domains that Access will secure. This field is deprecated in + favor of `destinations` and will be supported until **November 21, 2025.** If + `destinations` are provided, then `self_hosted_domains` will be ignored. service_auth_401_redirect: Returns a 401 status code when the request is blocked by a Service Auth policy. @@ -2514,6 +2574,7 @@ async def create( custom_deny_url: str | NotGiven = NOT_GIVEN, custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_create_params.BrowserVNCApplicationDestination] | NotGiven = NOT_GIVEN, enable_binding_cookie: bool | NotGiven = NOT_GIVEN, http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, logo_url: str | NotGiven = NOT_GIVEN, @@ -2539,8 +2600,8 @@ async def create( Adds a new application to Access. Args: - domain: The primary hostname and path that Access will secure. If the app is visible in - the App Launcher dashboard, this is the domain that will be displayed. + domain: The primary hostname and path secured by Access. This domain will be displayed + if the app is visible in the App Launcher. type: The application type. @@ -2572,6 +2633,10 @@ async def create( custom_pages: The custom pages that will be displayed when applicable for this application + destinations: List of destinations secured by Access. This supersedes `self_hosted_domains` to + allow for more flexibility in defining different types of domains. If + `destinations` are provided, then `self_hosted_domains` will be ignored. + enable_binding_cookie: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. @@ -2598,7 +2663,9 @@ async def create( scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta. - self_hosted_domains: List of domains that Access will secure. + self_hosted_domains: List of public domains that Access will secure. This field is deprecated in + favor of `destinations` and will be supported until **November 21, 2025.** If + `destinations` are provided, then `self_hosted_domains` will be ignored. service_auth_401_redirect: Returns a 401 status code when the request is blocked by a Service Auth policy. @@ -2958,6 +3025,7 @@ async def create( custom_deny_url: str | NotGiven = NOT_GIVEN, custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_create_params.SelfHostedApplicationDestination] | NotGiven = NOT_GIVEN, enable_binding_cookie: bool | NotGiven = NOT_GIVEN, http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, logo_url: str | NotGiven = NOT_GIVEN, @@ -3019,6 +3087,7 @@ async def create( "custom_deny_url": custom_deny_url, "custom_non_identity_deny_url": custom_non_identity_deny_url, "custom_pages": custom_pages, + "destinations": destinations, "enable_binding_cookie": enable_binding_cookie, "http_only_cookie_attribute": http_only_cookie_attribute, "logo_url": logo_url, @@ -3075,6 +3144,7 @@ async def update( custom_deny_url: str | NotGiven = NOT_GIVEN, custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_update_params.SelfHostedApplicationDestination] | NotGiven = NOT_GIVEN, enable_binding_cookie: bool | NotGiven = NOT_GIVEN, http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, logo_url: str | NotGiven = NOT_GIVEN, @@ -3102,8 +3172,8 @@ async def update( Args: app_id: Identifier - domain: The primary hostname and path that Access will secure. If the app is visible in - the App Launcher dashboard, this is the domain that will be displayed. + domain: The primary hostname and path secured by Access. This domain will be displayed + if the app is visible in the App Launcher. type: The application type. @@ -3135,6 +3205,10 @@ async def update( custom_pages: The custom pages that will be displayed when applicable for this application + destinations: List of destinations secured by Access. This supersedes `self_hosted_domains` to + allow for more flexibility in defining different types of domains. If + `destinations` are provided, then `self_hosted_domains` will be ignored. + enable_binding_cookie: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. @@ -3161,7 +3235,9 @@ async def update( scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta. - self_hosted_domains: List of domains that Access will secure. + self_hosted_domains: List of public domains that Access will secure. This field is deprecated in + favor of `destinations` and will be supported until **November 21, 2025.** If + `destinations` are provided, then `self_hosted_domains` will be ignored. service_auth_401_redirect: Returns a 401 status code when the request is blocked by a Service Auth policy. @@ -3273,6 +3349,7 @@ async def update( custom_deny_url: str | NotGiven = NOT_GIVEN, custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_update_params.BrowserSSHApplicationDestination] | NotGiven = NOT_GIVEN, enable_binding_cookie: bool | NotGiven = NOT_GIVEN, http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, logo_url: str | NotGiven = NOT_GIVEN, @@ -3300,8 +3377,8 @@ async def update( Args: app_id: Identifier - domain: The primary hostname and path that Access will secure. If the app is visible in - the App Launcher dashboard, this is the domain that will be displayed. + domain: The primary hostname and path secured by Access. This domain will be displayed + if the app is visible in the App Launcher. type: The application type. @@ -3333,6 +3410,10 @@ async def update( custom_pages: The custom pages that will be displayed when applicable for this application + destinations: List of destinations secured by Access. This supersedes `self_hosted_domains` to + allow for more flexibility in defining different types of domains. If + `destinations` are provided, then `self_hosted_domains` will be ignored. + enable_binding_cookie: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. @@ -3359,7 +3440,9 @@ async def update( scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta. - self_hosted_domains: List of domains that Access will secure. + self_hosted_domains: List of public domains that Access will secure. This field is deprecated in + favor of `destinations` and will be supported until **November 21, 2025.** If + `destinations` are provided, then `self_hosted_domains` will be ignored. service_auth_401_redirect: Returns a 401 status code when the request is blocked by a Service Auth policy. @@ -3400,6 +3483,7 @@ async def update( custom_deny_url: str | NotGiven = NOT_GIVEN, custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_update_params.BrowserVNCApplicationDestination] | NotGiven = NOT_GIVEN, enable_binding_cookie: bool | NotGiven = NOT_GIVEN, http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, logo_url: str | NotGiven = NOT_GIVEN, @@ -3427,8 +3511,8 @@ async def update( Args: app_id: Identifier - domain: The primary hostname and path that Access will secure. If the app is visible in - the App Launcher dashboard, this is the domain that will be displayed. + domain: The primary hostname and path secured by Access. This domain will be displayed + if the app is visible in the App Launcher. type: The application type. @@ -3460,6 +3544,10 @@ async def update( custom_pages: The custom pages that will be displayed when applicable for this application + destinations: List of destinations secured by Access. This supersedes `self_hosted_domains` to + allow for more flexibility in defining different types of domains. If + `destinations` are provided, then `self_hosted_domains` will be ignored. + enable_binding_cookie: Enables the binding cookie, which increases security against compromised authorization tokens and CSRF attacks. @@ -3486,7 +3574,9 @@ async def update( scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta. - self_hosted_domains: List of domains that Access will secure. + self_hosted_domains: List of public domains that Access will secure. This field is deprecated in + favor of `destinations` and will be supported until **November 21, 2025.** If + `destinations` are provided, then `self_hosted_domains` will be ignored. service_auth_401_redirect: Returns a 401 status code when the request is blocked by a Service Auth policy. @@ -3862,6 +3952,7 @@ async def update( custom_deny_url: str | NotGiven = NOT_GIVEN, custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_update_params.SelfHostedApplicationDestination] | NotGiven = NOT_GIVEN, enable_binding_cookie: bool | NotGiven = NOT_GIVEN, http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, logo_url: str | NotGiven = NOT_GIVEN, @@ -3925,6 +4016,7 @@ async def update( "custom_deny_url": custom_deny_url, "custom_non_identity_deny_url": custom_non_identity_deny_url, "custom_pages": custom_pages, + "destinations": destinations, "enable_binding_cookie": enable_binding_cookie, "http_only_cookie_attribute": http_only_cookie_attribute, "logo_url": logo_url, diff --git a/src/cloudflare/resources/zero_trust/organizations/organizations.py b/src/cloudflare/resources/zero_trust/organizations/organizations.py index 1889f704ada..8590795d427 100644 --- a/src/cloudflare/resources/zero_trust/organizations/organizations.py +++ b/src/cloudflare/resources/zero_trust/organizations/organizations.py @@ -335,6 +335,10 @@ def revoke_users( email: str, account_id: str | NotGiven = NOT_GIVEN, zone_id: str | NotGiven = NOT_GIVEN, + query_devices: bool | NotGiven = NOT_GIVEN, + body_devices: bool | NotGiven = NOT_GIVEN, + user_uid: str | NotGiven = NOT_GIVEN, + warp_session_reauth: bool | NotGiven = NOT_GIVEN, # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs. # The extra values given here take precedence over values defined on the client or passed to this method. extra_headers: Headers | None = None, @@ -352,6 +356,16 @@ def revoke_users( zone_id: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. + query_devices: When set to `true`, all devices associated with the user will be revoked. + + body_devices: When set to `true`, all devices associated with the user will be revoked. + + user_uid: The uuid of the user to revoke. + + warp_session_reauth: When set to `true`, the user will be required to re-authenticate to WARP for all + Gateway policies that enforce a WARP client session duration. When `false`, the + user’s WARP session will remain active + extra_headers: Send extra headers extra_query: Add additional query parameters to the request @@ -374,12 +388,23 @@ def revoke_users( account_or_zone_id = zone_id return self._post( f"/{account_or_zone}/{account_or_zone_id}/access/organizations/revoke_user", - body=maybe_transform({"email": email}, organization_revoke_users_params.OrganizationRevokeUsersParams), + body=maybe_transform( + { + "email": email, + "body_devices": body_devices, + "user_uid": user_uid, + "warp_session_reauth": warp_session_reauth, + }, + organization_revoke_users_params.OrganizationRevokeUsersParams, + ), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout, + query=maybe_transform( + {"query_devices": query_devices}, organization_revoke_users_params.OrganizationRevokeUsersParams + ), post_parser=ResultWrapper[Optional[OrganizationRevokeUsersResponse]]._unwrapper, ), cast_to=cast( @@ -682,6 +707,10 @@ async def revoke_users( email: str, account_id: str | NotGiven = NOT_GIVEN, zone_id: str | NotGiven = NOT_GIVEN, + query_devices: bool | NotGiven = NOT_GIVEN, + body_devices: bool | NotGiven = NOT_GIVEN, + user_uid: str | NotGiven = NOT_GIVEN, + warp_session_reauth: bool | NotGiven = NOT_GIVEN, # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs. # The extra values given here take precedence over values defined on the client or passed to this method. extra_headers: Headers | None = None, @@ -699,6 +728,16 @@ async def revoke_users( zone_id: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. + query_devices: When set to `true`, all devices associated with the user will be revoked. + + body_devices: When set to `true`, all devices associated with the user will be revoked. + + user_uid: The uuid of the user to revoke. + + warp_session_reauth: When set to `true`, the user will be required to re-authenticate to WARP for all + Gateway policies that enforce a WARP client session duration. When `false`, the + user’s WARP session will remain active + extra_headers: Send extra headers extra_query: Add additional query parameters to the request @@ -722,13 +761,22 @@ async def revoke_users( return await self._post( f"/{account_or_zone}/{account_or_zone_id}/access/organizations/revoke_user", body=await async_maybe_transform( - {"email": email}, organization_revoke_users_params.OrganizationRevokeUsersParams + { + "email": email, + "body_devices": body_devices, + "user_uid": user_uid, + "warp_session_reauth": warp_session_reauth, + }, + organization_revoke_users_params.OrganizationRevokeUsersParams, ), options=make_request_options( extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout, + query=await async_maybe_transform( + {"query_devices": query_devices}, organization_revoke_users_params.OrganizationRevokeUsersParams + ), post_parser=ResultWrapper[Optional[OrganizationRevokeUsersResponse]]._unwrapper, ), cast_to=cast( diff --git a/src/cloudflare/types/zero_trust/access/application_create_params.py b/src/cloudflare/types/zero_trust/access/application_create_params.py index 05b4af4fdd0..5e7ff63435e 100644 --- a/src/cloudflare/types/zero_trust/access/application_create_params.py +++ b/src/cloudflare/types/zero_trust/access/application_create_params.py @@ -22,6 +22,7 @@ __all__ = [ "ApplicationCreateParams", "SelfHostedApplication", + "SelfHostedApplicationDestination", "SelfHostedApplicationPolicy", "SelfHostedApplicationPolicyAccessAppPolicyLink", "SelfHostedApplicationPolicyUnionMember2", @@ -35,12 +36,14 @@ "SaaSApplicationSCIMConfig", "SaaSApplicationSCIMConfigAuthentication", "BrowserSSHApplication", + "BrowserSSHApplicationDestination", "BrowserSSHApplicationPolicy", "BrowserSSHApplicationPolicyAccessAppPolicyLink", "BrowserSSHApplicationPolicyUnionMember2", "BrowserSSHApplicationSCIMConfig", "BrowserSSHApplicationSCIMConfigAuthentication", "BrowserVNCApplication", + "BrowserVNCApplicationDestination", "BrowserVNCApplicationPolicy", "BrowserVNCApplicationPolicyAccessAppPolicyLink", "BrowserVNCApplicationPolicyUnionMember2", @@ -81,10 +84,9 @@ class SelfHostedApplication(TypedDict, total=False): domain: Required[str] - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ type: Required[str] @@ -144,6 +146,14 @@ class SelfHostedApplication(TypedDict, total=False): custom_pages: List[str] """The custom pages that will be displayed when applicable for this application""" + destinations: Iterable[SelfHostedApplicationDestination] + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + enable_binding_cookie: bool """ Enables the binding cookie, which increases security against compromised @@ -194,7 +204,12 @@ class SelfHostedApplication(TypedDict, total=False): """ self_hosted_domains: List[SelfHostedDomains] - """List of domains that Access will secure.""" + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ service_auth_401_redirect: bool """Returns a 401 status code when the request is blocked by a Service Auth policy.""" @@ -216,6 +231,20 @@ class SelfHostedApplication(TypedDict, total=False): """ +class SelfHostedApplicationDestination(TypedDict, total=False): + type: Literal["public", "private"] + + uri: str + """The URI of the destination. + + Public destinations can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + Private destinations are an early access feature and gated behind a feature + flag. Private destinations support private IPv4, IPv6, and Server Name + Indications (SNI) with optional port ranges. + """ + + class SelfHostedApplicationPolicyAccessAppPolicyLink(TypedDict, total=False): id: str """The UUID of the policy""" @@ -468,10 +497,9 @@ class SaaSApplicationSCIMConfig(TypedDict, total=False): class BrowserSSHApplication(TypedDict, total=False): domain: Required[str] - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ type: Required[str] @@ -531,6 +559,14 @@ class BrowserSSHApplication(TypedDict, total=False): custom_pages: List[str] """The custom pages that will be displayed when applicable for this application""" + destinations: Iterable[BrowserSSHApplicationDestination] + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + enable_binding_cookie: bool """ Enables the binding cookie, which increases security against compromised @@ -581,7 +617,12 @@ class BrowserSSHApplication(TypedDict, total=False): """ self_hosted_domains: List[SelfHostedDomains] - """List of domains that Access will secure.""" + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ service_auth_401_redirect: bool """Returns a 401 status code when the request is blocked by a Service Auth policy.""" @@ -603,6 +644,20 @@ class BrowserSSHApplication(TypedDict, total=False): """ +class BrowserSSHApplicationDestination(TypedDict, total=False): + type: Literal["public", "private"] + + uri: str + """The URI of the destination. + + Public destinations can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + Private destinations are an early access feature and gated behind a feature + flag. Private destinations support private IPv4, IPv6, and Server Name + Indications (SNI) with optional port ranges. + """ + + class BrowserSSHApplicationPolicyAccessAppPolicyLink(TypedDict, total=False): id: str """The UUID of the policy""" @@ -700,10 +755,9 @@ class BrowserSSHApplicationSCIMConfig(TypedDict, total=False): class BrowserVNCApplication(TypedDict, total=False): domain: Required[str] - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ type: Required[str] @@ -763,6 +817,14 @@ class BrowserVNCApplication(TypedDict, total=False): custom_pages: List[str] """The custom pages that will be displayed when applicable for this application""" + destinations: Iterable[BrowserVNCApplicationDestination] + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + enable_binding_cookie: bool """ Enables the binding cookie, which increases security against compromised @@ -813,7 +875,12 @@ class BrowserVNCApplication(TypedDict, total=False): """ self_hosted_domains: List[SelfHostedDomains] - """List of domains that Access will secure.""" + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ service_auth_401_redirect: bool """Returns a 401 status code when the request is blocked by a Service Auth policy.""" @@ -835,6 +902,20 @@ class BrowserVNCApplication(TypedDict, total=False): """ +class BrowserVNCApplicationDestination(TypedDict, total=False): + type: Literal["public", "private"] + + uri: str + """The URI of the destination. + + Public destinations can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + Private destinations are an early access feature and gated behind a feature + flag. Private destinations support private IPv4, IPv6, and Server Name + Indications (SNI) with optional port ranges. + """ + + class BrowserVNCApplicationPolicyAccessAppPolicyLink(TypedDict, total=False): id: str """The UUID of the policy""" diff --git a/src/cloudflare/types/zero_trust/access/application_create_response.py b/src/cloudflare/types/zero_trust/access/application_create_response.py index f8de645988f..0d58317ac07 100644 --- a/src/cloudflare/types/zero_trust/access/application_create_response.py +++ b/src/cloudflare/types/zero_trust/access/application_create_response.py @@ -22,6 +22,7 @@ __all__ = [ "ApplicationCreateResponse", "SelfHostedApplication", + "SelfHostedApplicationDestination", "SelfHostedApplicationSCIMConfig", "SelfHostedApplicationSCIMConfigAuthentication", "SaaSApplication", @@ -29,9 +30,11 @@ "SaaSApplicationSCIMConfig", "SaaSApplicationSCIMConfigAuthentication", "BrowserSSHApplication", + "BrowserSSHApplicationDestination", "BrowserSSHApplicationSCIMConfig", "BrowserSSHApplicationSCIMConfigAuthentication", "BrowserVNCApplication", + "BrowserVNCApplicationDestination", "BrowserVNCApplicationSCIMConfig", "BrowserVNCApplicationSCIMConfigAuthentication", "AppLauncherApplication", @@ -59,6 +62,21 @@ "InfrastructureApplicationSCIMConfigAuthentication", ] + +class SelfHostedApplicationDestination(BaseModel): + type: Optional[Literal["public", "private"]] = None + + uri: Optional[str] = None + """The URI of the destination. + + Public destinations can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + Private destinations are an early access feature and gated behind a feature + flag. Private destinations support private IPv4, IPv6, and Server Name + Indications (SNI) with optional port ranges. + """ + + SelfHostedApplicationSCIMConfigAuthentication: TypeAlias = Union[ SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2 ] @@ -99,10 +117,9 @@ class SelfHostedApplicationSCIMConfig(BaseModel): class SelfHostedApplication(BaseModel): domain: str - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ type: str @@ -164,6 +181,14 @@ class SelfHostedApplication(BaseModel): custom_pages: Optional[List[str]] = None """The custom pages that will be displayed when applicable for this application""" + destinations: Optional[List[SelfHostedApplicationDestination]] = None + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + enable_binding_cookie: Optional[bool] = None """ Enables the binding cookie, which increases security against compromised @@ -209,7 +234,12 @@ class SelfHostedApplication(BaseModel): """ self_hosted_domains: Optional[List[SelfHostedDomains]] = None - """List of domains that Access will secure.""" + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ service_auth_401_redirect: Optional[bool] = None """Returns a 401 status code when the request is blocked by a Service Auth policy.""" @@ -330,6 +360,20 @@ class SaaSApplication(BaseModel): updated_at: Optional[datetime] = None +class BrowserSSHApplicationDestination(BaseModel): + type: Optional[Literal["public", "private"]] = None + + uri: Optional[str] = None + """The URI of the destination. + + Public destinations can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + Private destinations are an early access feature and gated behind a feature + flag. Private destinations support private IPv4, IPv6, and Server Name + Indications (SNI) with optional port ranges. + """ + + BrowserSSHApplicationSCIMConfigAuthentication: TypeAlias = Union[ SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2 ] @@ -370,10 +414,9 @@ class BrowserSSHApplicationSCIMConfig(BaseModel): class BrowserSSHApplication(BaseModel): domain: str - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ type: str @@ -435,6 +478,14 @@ class BrowserSSHApplication(BaseModel): custom_pages: Optional[List[str]] = None """The custom pages that will be displayed when applicable for this application""" + destinations: Optional[List[BrowserSSHApplicationDestination]] = None + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + enable_binding_cookie: Optional[bool] = None """ Enables the binding cookie, which increases security against compromised @@ -480,7 +531,12 @@ class BrowserSSHApplication(BaseModel): """ self_hosted_domains: Optional[List[SelfHostedDomains]] = None - """List of domains that Access will secure.""" + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ service_auth_401_redirect: Optional[bool] = None """Returns a 401 status code when the request is blocked by a Service Auth policy.""" @@ -504,6 +560,20 @@ class BrowserSSHApplication(BaseModel): updated_at: Optional[datetime] = None +class BrowserVNCApplicationDestination(BaseModel): + type: Optional[Literal["public", "private"]] = None + + uri: Optional[str] = None + """The URI of the destination. + + Public destinations can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + Private destinations are an early access feature and gated behind a feature + flag. Private destinations support private IPv4, IPv6, and Server Name + Indications (SNI) with optional port ranges. + """ + + BrowserVNCApplicationSCIMConfigAuthentication: TypeAlias = Union[ SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2 ] @@ -544,10 +614,9 @@ class BrowserVNCApplicationSCIMConfig(BaseModel): class BrowserVNCApplication(BaseModel): domain: str - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ type: str @@ -609,6 +678,14 @@ class BrowserVNCApplication(BaseModel): custom_pages: Optional[List[str]] = None """The custom pages that will be displayed when applicable for this application""" + destinations: Optional[List[BrowserVNCApplicationDestination]] = None + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + enable_binding_cookie: Optional[bool] = None """ Enables the binding cookie, which increases security against compromised @@ -654,7 +731,12 @@ class BrowserVNCApplication(BaseModel): """ self_hosted_domains: Optional[List[SelfHostedDomains]] = None - """List of domains that Access will secure.""" + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ service_auth_401_redirect: Optional[bool] = None """Returns a 401 status code when the request is blocked by a Service Auth policy.""" @@ -774,10 +856,9 @@ class AppLauncherApplication(BaseModel): created_at: Optional[datetime] = None domain: Optional[str] = None - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ footer_links: Optional[List[AppLauncherApplicationFooterLink]] = None @@ -909,10 +990,9 @@ class DeviceEnrollmentPermissionsApplication(BaseModel): created_at: Optional[datetime] = None domain: Optional[str] = None - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ footer_links: Optional[List[DeviceEnrollmentPermissionsApplicationFooterLink]] = None @@ -1044,10 +1124,9 @@ class BrowserIsolationPermissionsApplication(BaseModel): created_at: Optional[datetime] = None domain: Optional[str] = None - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ footer_links: Optional[List[BrowserIsolationPermissionsApplicationFooterLink]] = None diff --git a/src/cloudflare/types/zero_trust/access/application_get_response.py b/src/cloudflare/types/zero_trust/access/application_get_response.py index 1fcf4418fd1..462a8a5259f 100644 --- a/src/cloudflare/types/zero_trust/access/application_get_response.py +++ b/src/cloudflare/types/zero_trust/access/application_get_response.py @@ -22,6 +22,7 @@ __all__ = [ "ApplicationGetResponse", "SelfHostedApplication", + "SelfHostedApplicationDestination", "SelfHostedApplicationSCIMConfig", "SelfHostedApplicationSCIMConfigAuthentication", "SaaSApplication", @@ -29,9 +30,11 @@ "SaaSApplicationSCIMConfig", "SaaSApplicationSCIMConfigAuthentication", "BrowserSSHApplication", + "BrowserSSHApplicationDestination", "BrowserSSHApplicationSCIMConfig", "BrowserSSHApplicationSCIMConfigAuthentication", "BrowserVNCApplication", + "BrowserVNCApplicationDestination", "BrowserVNCApplicationSCIMConfig", "BrowserVNCApplicationSCIMConfigAuthentication", "AppLauncherApplication", @@ -59,6 +62,21 @@ "InfrastructureApplicationSCIMConfigAuthentication", ] + +class SelfHostedApplicationDestination(BaseModel): + type: Optional[Literal["public", "private"]] = None + + uri: Optional[str] = None + """The URI of the destination. + + Public destinations can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + Private destinations are an early access feature and gated behind a feature + flag. Private destinations support private IPv4, IPv6, and Server Name + Indications (SNI) with optional port ranges. + """ + + SelfHostedApplicationSCIMConfigAuthentication: TypeAlias = Union[ SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2 ] @@ -99,10 +117,9 @@ class SelfHostedApplicationSCIMConfig(BaseModel): class SelfHostedApplication(BaseModel): domain: str - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ type: str @@ -164,6 +181,14 @@ class SelfHostedApplication(BaseModel): custom_pages: Optional[List[str]] = None """The custom pages that will be displayed when applicable for this application""" + destinations: Optional[List[SelfHostedApplicationDestination]] = None + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + enable_binding_cookie: Optional[bool] = None """ Enables the binding cookie, which increases security against compromised @@ -209,7 +234,12 @@ class SelfHostedApplication(BaseModel): """ self_hosted_domains: Optional[List[SelfHostedDomains]] = None - """List of domains that Access will secure.""" + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ service_auth_401_redirect: Optional[bool] = None """Returns a 401 status code when the request is blocked by a Service Auth policy.""" @@ -330,6 +360,20 @@ class SaaSApplication(BaseModel): updated_at: Optional[datetime] = None +class BrowserSSHApplicationDestination(BaseModel): + type: Optional[Literal["public", "private"]] = None + + uri: Optional[str] = None + """The URI of the destination. + + Public destinations can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + Private destinations are an early access feature and gated behind a feature + flag. Private destinations support private IPv4, IPv6, and Server Name + Indications (SNI) with optional port ranges. + """ + + BrowserSSHApplicationSCIMConfigAuthentication: TypeAlias = Union[ SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2 ] @@ -370,10 +414,9 @@ class BrowserSSHApplicationSCIMConfig(BaseModel): class BrowserSSHApplication(BaseModel): domain: str - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ type: str @@ -435,6 +478,14 @@ class BrowserSSHApplication(BaseModel): custom_pages: Optional[List[str]] = None """The custom pages that will be displayed when applicable for this application""" + destinations: Optional[List[BrowserSSHApplicationDestination]] = None + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + enable_binding_cookie: Optional[bool] = None """ Enables the binding cookie, which increases security against compromised @@ -480,7 +531,12 @@ class BrowserSSHApplication(BaseModel): """ self_hosted_domains: Optional[List[SelfHostedDomains]] = None - """List of domains that Access will secure.""" + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ service_auth_401_redirect: Optional[bool] = None """Returns a 401 status code when the request is blocked by a Service Auth policy.""" @@ -504,6 +560,20 @@ class BrowserSSHApplication(BaseModel): updated_at: Optional[datetime] = None +class BrowserVNCApplicationDestination(BaseModel): + type: Optional[Literal["public", "private"]] = None + + uri: Optional[str] = None + """The URI of the destination. + + Public destinations can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + Private destinations are an early access feature and gated behind a feature + flag. Private destinations support private IPv4, IPv6, and Server Name + Indications (SNI) with optional port ranges. + """ + + BrowserVNCApplicationSCIMConfigAuthentication: TypeAlias = Union[ SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2 ] @@ -544,10 +614,9 @@ class BrowserVNCApplicationSCIMConfig(BaseModel): class BrowserVNCApplication(BaseModel): domain: str - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ type: str @@ -609,6 +678,14 @@ class BrowserVNCApplication(BaseModel): custom_pages: Optional[List[str]] = None """The custom pages that will be displayed when applicable for this application""" + destinations: Optional[List[BrowserVNCApplicationDestination]] = None + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + enable_binding_cookie: Optional[bool] = None """ Enables the binding cookie, which increases security against compromised @@ -654,7 +731,12 @@ class BrowserVNCApplication(BaseModel): """ self_hosted_domains: Optional[List[SelfHostedDomains]] = None - """List of domains that Access will secure.""" + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ service_auth_401_redirect: Optional[bool] = None """Returns a 401 status code when the request is blocked by a Service Auth policy.""" @@ -774,10 +856,9 @@ class AppLauncherApplication(BaseModel): created_at: Optional[datetime] = None domain: Optional[str] = None - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ footer_links: Optional[List[AppLauncherApplicationFooterLink]] = None @@ -909,10 +990,9 @@ class DeviceEnrollmentPermissionsApplication(BaseModel): created_at: Optional[datetime] = None domain: Optional[str] = None - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ footer_links: Optional[List[DeviceEnrollmentPermissionsApplicationFooterLink]] = None @@ -1044,10 +1124,9 @@ class BrowserIsolationPermissionsApplication(BaseModel): created_at: Optional[datetime] = None domain: Optional[str] = None - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ footer_links: Optional[List[BrowserIsolationPermissionsApplicationFooterLink]] = None diff --git a/src/cloudflare/types/zero_trust/access/application_list_response.py b/src/cloudflare/types/zero_trust/access/application_list_response.py index 5360b6d7fe9..88f3c0d8ad1 100644 --- a/src/cloudflare/types/zero_trust/access/application_list_response.py +++ b/src/cloudflare/types/zero_trust/access/application_list_response.py @@ -22,6 +22,7 @@ __all__ = [ "ApplicationListResponse", "SelfHostedApplication", + "SelfHostedApplicationDestination", "SelfHostedApplicationSCIMConfig", "SelfHostedApplicationSCIMConfigAuthentication", "SaaSApplication", @@ -29,9 +30,11 @@ "SaaSApplicationSCIMConfig", "SaaSApplicationSCIMConfigAuthentication", "BrowserSSHApplication", + "BrowserSSHApplicationDestination", "BrowserSSHApplicationSCIMConfig", "BrowserSSHApplicationSCIMConfigAuthentication", "BrowserVNCApplication", + "BrowserVNCApplicationDestination", "BrowserVNCApplicationSCIMConfig", "BrowserVNCApplicationSCIMConfigAuthentication", "AppLauncherApplication", @@ -59,6 +62,21 @@ "InfrastructureApplicationSCIMConfigAuthentication", ] + +class SelfHostedApplicationDestination(BaseModel): + type: Optional[Literal["public", "private"]] = None + + uri: Optional[str] = None + """The URI of the destination. + + Public destinations can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + Private destinations are an early access feature and gated behind a feature + flag. Private destinations support private IPv4, IPv6, and Server Name + Indications (SNI) with optional port ranges. + """ + + SelfHostedApplicationSCIMConfigAuthentication: TypeAlias = Union[ SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2 ] @@ -99,10 +117,9 @@ class SelfHostedApplicationSCIMConfig(BaseModel): class SelfHostedApplication(BaseModel): domain: str - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ type: str @@ -164,6 +181,14 @@ class SelfHostedApplication(BaseModel): custom_pages: Optional[List[str]] = None """The custom pages that will be displayed when applicable for this application""" + destinations: Optional[List[SelfHostedApplicationDestination]] = None + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + enable_binding_cookie: Optional[bool] = None """ Enables the binding cookie, which increases security against compromised @@ -209,7 +234,12 @@ class SelfHostedApplication(BaseModel): """ self_hosted_domains: Optional[List[SelfHostedDomains]] = None - """List of domains that Access will secure.""" + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ service_auth_401_redirect: Optional[bool] = None """Returns a 401 status code when the request is blocked by a Service Auth policy.""" @@ -330,6 +360,20 @@ class SaaSApplication(BaseModel): updated_at: Optional[datetime] = None +class BrowserSSHApplicationDestination(BaseModel): + type: Optional[Literal["public", "private"]] = None + + uri: Optional[str] = None + """The URI of the destination. + + Public destinations can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + Private destinations are an early access feature and gated behind a feature + flag. Private destinations support private IPv4, IPv6, and Server Name + Indications (SNI) with optional port ranges. + """ + + BrowserSSHApplicationSCIMConfigAuthentication: TypeAlias = Union[ SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2 ] @@ -370,10 +414,9 @@ class BrowserSSHApplicationSCIMConfig(BaseModel): class BrowserSSHApplication(BaseModel): domain: str - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ type: str @@ -435,6 +478,14 @@ class BrowserSSHApplication(BaseModel): custom_pages: Optional[List[str]] = None """The custom pages that will be displayed when applicable for this application""" + destinations: Optional[List[BrowserSSHApplicationDestination]] = None + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + enable_binding_cookie: Optional[bool] = None """ Enables the binding cookie, which increases security against compromised @@ -480,7 +531,12 @@ class BrowserSSHApplication(BaseModel): """ self_hosted_domains: Optional[List[SelfHostedDomains]] = None - """List of domains that Access will secure.""" + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ service_auth_401_redirect: Optional[bool] = None """Returns a 401 status code when the request is blocked by a Service Auth policy.""" @@ -504,6 +560,20 @@ class BrowserSSHApplication(BaseModel): updated_at: Optional[datetime] = None +class BrowserVNCApplicationDestination(BaseModel): + type: Optional[Literal["public", "private"]] = None + + uri: Optional[str] = None + """The URI of the destination. + + Public destinations can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + Private destinations are an early access feature and gated behind a feature + flag. Private destinations support private IPv4, IPv6, and Server Name + Indications (SNI) with optional port ranges. + """ + + BrowserVNCApplicationSCIMConfigAuthentication: TypeAlias = Union[ SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2 ] @@ -544,10 +614,9 @@ class BrowserVNCApplicationSCIMConfig(BaseModel): class BrowserVNCApplication(BaseModel): domain: str - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ type: str @@ -609,6 +678,14 @@ class BrowserVNCApplication(BaseModel): custom_pages: Optional[List[str]] = None """The custom pages that will be displayed when applicable for this application""" + destinations: Optional[List[BrowserVNCApplicationDestination]] = None + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + enable_binding_cookie: Optional[bool] = None """ Enables the binding cookie, which increases security against compromised @@ -654,7 +731,12 @@ class BrowserVNCApplication(BaseModel): """ self_hosted_domains: Optional[List[SelfHostedDomains]] = None - """List of domains that Access will secure.""" + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ service_auth_401_redirect: Optional[bool] = None """Returns a 401 status code when the request is blocked by a Service Auth policy.""" @@ -774,10 +856,9 @@ class AppLauncherApplication(BaseModel): created_at: Optional[datetime] = None domain: Optional[str] = None - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ footer_links: Optional[List[AppLauncherApplicationFooterLink]] = None @@ -909,10 +990,9 @@ class DeviceEnrollmentPermissionsApplication(BaseModel): created_at: Optional[datetime] = None domain: Optional[str] = None - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ footer_links: Optional[List[DeviceEnrollmentPermissionsApplicationFooterLink]] = None @@ -1044,10 +1124,9 @@ class BrowserIsolationPermissionsApplication(BaseModel): created_at: Optional[datetime] = None domain: Optional[str] = None - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ footer_links: Optional[List[BrowserIsolationPermissionsApplicationFooterLink]] = None diff --git a/src/cloudflare/types/zero_trust/access/application_update_params.py b/src/cloudflare/types/zero_trust/access/application_update_params.py index 81723e9e582..db1842e6805 100644 --- a/src/cloudflare/types/zero_trust/access/application_update_params.py +++ b/src/cloudflare/types/zero_trust/access/application_update_params.py @@ -22,6 +22,7 @@ __all__ = [ "ApplicationUpdateParams", "SelfHostedApplication", + "SelfHostedApplicationDestination", "SelfHostedApplicationPolicy", "SelfHostedApplicationPolicyAccessAppPolicyLink", "SelfHostedApplicationPolicyUnionMember2", @@ -35,12 +36,14 @@ "SaaSApplicationSCIMConfig", "SaaSApplicationSCIMConfigAuthentication", "BrowserSSHApplication", + "BrowserSSHApplicationDestination", "BrowserSSHApplicationPolicy", "BrowserSSHApplicationPolicyAccessAppPolicyLink", "BrowserSSHApplicationPolicyUnionMember2", "BrowserSSHApplicationSCIMConfig", "BrowserSSHApplicationSCIMConfigAuthentication", "BrowserVNCApplication", + "BrowserVNCApplicationDestination", "BrowserVNCApplicationPolicy", "BrowserVNCApplicationPolicyAccessAppPolicyLink", "BrowserVNCApplicationPolicyUnionMember2", @@ -81,10 +84,9 @@ class SelfHostedApplication(TypedDict, total=False): domain: Required[str] - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ type: Required[str] @@ -144,6 +146,14 @@ class SelfHostedApplication(TypedDict, total=False): custom_pages: List[str] """The custom pages that will be displayed when applicable for this application""" + destinations: Iterable[SelfHostedApplicationDestination] + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + enable_binding_cookie: bool """ Enables the binding cookie, which increases security against compromised @@ -194,7 +204,12 @@ class SelfHostedApplication(TypedDict, total=False): """ self_hosted_domains: List[SelfHostedDomains] - """List of domains that Access will secure.""" + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ service_auth_401_redirect: bool """Returns a 401 status code when the request is blocked by a Service Auth policy.""" @@ -216,6 +231,20 @@ class SelfHostedApplication(TypedDict, total=False): """ +class SelfHostedApplicationDestination(TypedDict, total=False): + type: Literal["public", "private"] + + uri: str + """The URI of the destination. + + Public destinations can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + Private destinations are an early access feature and gated behind a feature + flag. Private destinations support private IPv4, IPv6, and Server Name + Indications (SNI) with optional port ranges. + """ + + class SelfHostedApplicationPolicyAccessAppPolicyLink(TypedDict, total=False): id: str """The UUID of the policy""" @@ -468,10 +497,9 @@ class SaaSApplicationSCIMConfig(TypedDict, total=False): class BrowserSSHApplication(TypedDict, total=False): domain: Required[str] - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ type: Required[str] @@ -531,6 +559,14 @@ class BrowserSSHApplication(TypedDict, total=False): custom_pages: List[str] """The custom pages that will be displayed when applicable for this application""" + destinations: Iterable[BrowserSSHApplicationDestination] + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + enable_binding_cookie: bool """ Enables the binding cookie, which increases security against compromised @@ -581,7 +617,12 @@ class BrowserSSHApplication(TypedDict, total=False): """ self_hosted_domains: List[SelfHostedDomains] - """List of domains that Access will secure.""" + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ service_auth_401_redirect: bool """Returns a 401 status code when the request is blocked by a Service Auth policy.""" @@ -603,6 +644,20 @@ class BrowserSSHApplication(TypedDict, total=False): """ +class BrowserSSHApplicationDestination(TypedDict, total=False): + type: Literal["public", "private"] + + uri: str + """The URI of the destination. + + Public destinations can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + Private destinations are an early access feature and gated behind a feature + flag. Private destinations support private IPv4, IPv6, and Server Name + Indications (SNI) with optional port ranges. + """ + + class BrowserSSHApplicationPolicyAccessAppPolicyLink(TypedDict, total=False): id: str """The UUID of the policy""" @@ -700,10 +755,9 @@ class BrowserSSHApplicationSCIMConfig(TypedDict, total=False): class BrowserVNCApplication(TypedDict, total=False): domain: Required[str] - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ type: Required[str] @@ -763,6 +817,14 @@ class BrowserVNCApplication(TypedDict, total=False): custom_pages: List[str] """The custom pages that will be displayed when applicable for this application""" + destinations: Iterable[BrowserVNCApplicationDestination] + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + enable_binding_cookie: bool """ Enables the binding cookie, which increases security against compromised @@ -813,7 +875,12 @@ class BrowserVNCApplication(TypedDict, total=False): """ self_hosted_domains: List[SelfHostedDomains] - """List of domains that Access will secure.""" + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ service_auth_401_redirect: bool """Returns a 401 status code when the request is blocked by a Service Auth policy.""" @@ -835,6 +902,20 @@ class BrowserVNCApplication(TypedDict, total=False): """ +class BrowserVNCApplicationDestination(TypedDict, total=False): + type: Literal["public", "private"] + + uri: str + """The URI of the destination. + + Public destinations can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + Private destinations are an early access feature and gated behind a feature + flag. Private destinations support private IPv4, IPv6, and Server Name + Indications (SNI) with optional port ranges. + """ + + class BrowserVNCApplicationPolicyAccessAppPolicyLink(TypedDict, total=False): id: str """The UUID of the policy""" diff --git a/src/cloudflare/types/zero_trust/access/application_update_response.py b/src/cloudflare/types/zero_trust/access/application_update_response.py index 13703de5c08..4ccb2bedf25 100644 --- a/src/cloudflare/types/zero_trust/access/application_update_response.py +++ b/src/cloudflare/types/zero_trust/access/application_update_response.py @@ -22,6 +22,7 @@ __all__ = [ "ApplicationUpdateResponse", "SelfHostedApplication", + "SelfHostedApplicationDestination", "SelfHostedApplicationSCIMConfig", "SelfHostedApplicationSCIMConfigAuthentication", "SaaSApplication", @@ -29,9 +30,11 @@ "SaaSApplicationSCIMConfig", "SaaSApplicationSCIMConfigAuthentication", "BrowserSSHApplication", + "BrowserSSHApplicationDestination", "BrowserSSHApplicationSCIMConfig", "BrowserSSHApplicationSCIMConfigAuthentication", "BrowserVNCApplication", + "BrowserVNCApplicationDestination", "BrowserVNCApplicationSCIMConfig", "BrowserVNCApplicationSCIMConfigAuthentication", "AppLauncherApplication", @@ -59,6 +62,21 @@ "InfrastructureApplicationSCIMConfigAuthentication", ] + +class SelfHostedApplicationDestination(BaseModel): + type: Optional[Literal["public", "private"]] = None + + uri: Optional[str] = None + """The URI of the destination. + + Public destinations can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + Private destinations are an early access feature and gated behind a feature + flag. Private destinations support private IPv4, IPv6, and Server Name + Indications (SNI) with optional port ranges. + """ + + SelfHostedApplicationSCIMConfigAuthentication: TypeAlias = Union[ SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2 ] @@ -99,10 +117,9 @@ class SelfHostedApplicationSCIMConfig(BaseModel): class SelfHostedApplication(BaseModel): domain: str - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ type: str @@ -164,6 +181,14 @@ class SelfHostedApplication(BaseModel): custom_pages: Optional[List[str]] = None """The custom pages that will be displayed when applicable for this application""" + destinations: Optional[List[SelfHostedApplicationDestination]] = None + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + enable_binding_cookie: Optional[bool] = None """ Enables the binding cookie, which increases security against compromised @@ -209,7 +234,12 @@ class SelfHostedApplication(BaseModel): """ self_hosted_domains: Optional[List[SelfHostedDomains]] = None - """List of domains that Access will secure.""" + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ service_auth_401_redirect: Optional[bool] = None """Returns a 401 status code when the request is blocked by a Service Auth policy.""" @@ -330,6 +360,20 @@ class SaaSApplication(BaseModel): updated_at: Optional[datetime] = None +class BrowserSSHApplicationDestination(BaseModel): + type: Optional[Literal["public", "private"]] = None + + uri: Optional[str] = None + """The URI of the destination. + + Public destinations can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + Private destinations are an early access feature and gated behind a feature + flag. Private destinations support private IPv4, IPv6, and Server Name + Indications (SNI) with optional port ranges. + """ + + BrowserSSHApplicationSCIMConfigAuthentication: TypeAlias = Union[ SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2 ] @@ -370,10 +414,9 @@ class BrowserSSHApplicationSCIMConfig(BaseModel): class BrowserSSHApplication(BaseModel): domain: str - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ type: str @@ -435,6 +478,14 @@ class BrowserSSHApplication(BaseModel): custom_pages: Optional[List[str]] = None """The custom pages that will be displayed when applicable for this application""" + destinations: Optional[List[BrowserSSHApplicationDestination]] = None + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + enable_binding_cookie: Optional[bool] = None """ Enables the binding cookie, which increases security against compromised @@ -480,7 +531,12 @@ class BrowserSSHApplication(BaseModel): """ self_hosted_domains: Optional[List[SelfHostedDomains]] = None - """List of domains that Access will secure.""" + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ service_auth_401_redirect: Optional[bool] = None """Returns a 401 status code when the request is blocked by a Service Auth policy.""" @@ -504,6 +560,20 @@ class BrowserSSHApplication(BaseModel): updated_at: Optional[datetime] = None +class BrowserVNCApplicationDestination(BaseModel): + type: Optional[Literal["public", "private"]] = None + + uri: Optional[str] = None + """The URI of the destination. + + Public destinations can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + Private destinations are an early access feature and gated behind a feature + flag. Private destinations support private IPv4, IPv6, and Server Name + Indications (SNI) with optional port ranges. + """ + + BrowserVNCApplicationSCIMConfigAuthentication: TypeAlias = Union[ SCIMConfigAuthenticationHTTPBasic, SCIMConfigAuthenticationOAuthBearerToken, SCIMConfigAuthenticationOauth2 ] @@ -544,10 +614,9 @@ class BrowserVNCApplicationSCIMConfig(BaseModel): class BrowserVNCApplication(BaseModel): domain: str - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ type: str @@ -609,6 +678,14 @@ class BrowserVNCApplication(BaseModel): custom_pages: Optional[List[str]] = None """The custom pages that will be displayed when applicable for this application""" + destinations: Optional[List[BrowserVNCApplicationDestination]] = None + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + enable_binding_cookie: Optional[bool] = None """ Enables the binding cookie, which increases security against compromised @@ -654,7 +731,12 @@ class BrowserVNCApplication(BaseModel): """ self_hosted_domains: Optional[List[SelfHostedDomains]] = None - """List of domains that Access will secure.""" + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ service_auth_401_redirect: Optional[bool] = None """Returns a 401 status code when the request is blocked by a Service Auth policy.""" @@ -774,10 +856,9 @@ class AppLauncherApplication(BaseModel): created_at: Optional[datetime] = None domain: Optional[str] = None - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ footer_links: Optional[List[AppLauncherApplicationFooterLink]] = None @@ -909,10 +990,9 @@ class DeviceEnrollmentPermissionsApplication(BaseModel): created_at: Optional[datetime] = None domain: Optional[str] = None - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ footer_links: Optional[List[DeviceEnrollmentPermissionsApplicationFooterLink]] = None @@ -1044,10 +1124,9 @@ class BrowserIsolationPermissionsApplication(BaseModel): created_at: Optional[datetime] = None domain: Optional[str] = None - """The primary hostname and path that Access will secure. + """The primary hostname and path secured by Access. - If the app is visible in the App Launcher dashboard, this is the domain that - will be displayed. + This domain will be displayed if the app is visible in the App Launcher. """ footer_links: Optional[List[BrowserIsolationPermissionsApplicationFooterLink]] = None diff --git a/src/cloudflare/types/zero_trust/organization_revoke_users_params.py b/src/cloudflare/types/zero_trust/organization_revoke_users_params.py index e7b4d725195..d9467bcd648 100644 --- a/src/cloudflare/types/zero_trust/organization_revoke_users_params.py +++ b/src/cloudflare/types/zero_trust/organization_revoke_users_params.py @@ -2,7 +2,9 @@ from __future__ import annotations -from typing_extensions import Required, TypedDict +from typing_extensions import Required, Annotated, TypedDict + +from ..._utils import PropertyInfo __all__ = ["OrganizationRevokeUsersParams"] @@ -16,3 +18,19 @@ class OrganizationRevokeUsersParams(TypedDict, total=False): zone_id: str """The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.""" + + query_devices: Annotated[bool, PropertyInfo(alias="devices")] + """When set to `true`, all devices associated with the user will be revoked.""" + + body_devices: Annotated[bool, PropertyInfo(alias="devices")] + """When set to `true`, all devices associated with the user will be revoked.""" + + user_uid: str + """The uuid of the user to revoke.""" + + warp_session_reauth: bool + """ + When set to `true`, the user will be required to re-authenticate to WARP for all + Gateway policies that enforce a WARP client session duration. When `false`, the + user’s WARP session will remain active + """ diff --git a/tests/api_resources/zero_trust/access/test_applications.py b/tests/api_resources/zero_trust/access/test_applications.py index 4ca45e92de6..9ba489166cb 100644 --- a/tests/api_resources/zero_trust/access/test_applications.py +++ b/tests/api_resources/zero_trust/access/test_applications.py @@ -59,6 +59,28 @@ def test_method_create_with_all_params_overload_1(self, client: Cloudflare) -> N custom_deny_url="custom_deny_url", custom_non_identity_deny_url="custom_non_identity_deny_url", custom_pages=["699d98642c564d2e855e9661899b7252"], + destinations=[ + { + "type": "public", + "uri": "test.example.com/admin", + }, + { + "type": "public", + "uri": "test.anotherexample.com/staff", + }, + { + "type": "public", + "uri": "10.5.0.2", + }, + { + "type": "public", + "uri": "10.5.0.3/32:1234-4321", + }, + { + "type": "public", + "uri": "private-sni.example.com", + }, + ], enable_binding_cookie=True, http_only_cookie_attribute=True, logo_url="https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg", @@ -308,6 +330,28 @@ def test_method_create_with_all_params_overload_3(self, client: Cloudflare) -> N custom_deny_url="custom_deny_url", custom_non_identity_deny_url="custom_non_identity_deny_url", custom_pages=["699d98642c564d2e855e9661899b7252"], + destinations=[ + { + "type": "public", + "uri": "test.example.com/admin", + }, + { + "type": "public", + "uri": "test.anotherexample.com/staff", + }, + { + "type": "public", + "uri": "10.5.0.2", + }, + { + "type": "public", + "uri": "10.5.0.3/32:1234-4321", + }, + { + "type": "public", + "uri": "private-sni.example.com", + }, + ], enable_binding_cookie=True, http_only_cookie_attribute=True, logo_url="https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg", @@ -436,6 +480,28 @@ def test_method_create_with_all_params_overload_4(self, client: Cloudflare) -> N custom_deny_url="custom_deny_url", custom_non_identity_deny_url="custom_non_identity_deny_url", custom_pages=["699d98642c564d2e855e9661899b7252"], + destinations=[ + { + "type": "public", + "uri": "test.example.com/admin", + }, + { + "type": "public", + "uri": "test.anotherexample.com/staff", + }, + { + "type": "public", + "uri": "10.5.0.2", + }, + { + "type": "public", + "uri": "10.5.0.3/32:1234-4321", + }, + { + "type": "public", + "uri": "private-sni.example.com", + }, + ], enable_binding_cookie=True, http_only_cookie_attribute=True, logo_url="https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg", @@ -1101,6 +1167,28 @@ def test_method_update_with_all_params_overload_1(self, client: Cloudflare) -> N custom_deny_url="custom_deny_url", custom_non_identity_deny_url="custom_non_identity_deny_url", custom_pages=["699d98642c564d2e855e9661899b7252"], + destinations=[ + { + "type": "public", + "uri": "test.example.com/admin", + }, + { + "type": "public", + "uri": "test.anotherexample.com/staff", + }, + { + "type": "public", + "uri": "10.5.0.2", + }, + { + "type": "public", + "uri": "10.5.0.3/32:1234-4321", + }, + { + "type": "public", + "uri": "private-sni.example.com", + }, + ], enable_binding_cookie=True, http_only_cookie_attribute=True, logo_url="https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg", @@ -1376,6 +1464,28 @@ def test_method_update_with_all_params_overload_3(self, client: Cloudflare) -> N custom_deny_url="custom_deny_url", custom_non_identity_deny_url="custom_non_identity_deny_url", custom_pages=["699d98642c564d2e855e9661899b7252"], + destinations=[ + { + "type": "public", + "uri": "test.example.com/admin", + }, + { + "type": "public", + "uri": "test.anotherexample.com/staff", + }, + { + "type": "public", + "uri": "10.5.0.2", + }, + { + "type": "public", + "uri": "10.5.0.3/32:1234-4321", + }, + { + "type": "public", + "uri": "private-sni.example.com", + }, + ], enable_binding_cookie=True, http_only_cookie_attribute=True, logo_url="https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg", @@ -1518,6 +1628,28 @@ def test_method_update_with_all_params_overload_4(self, client: Cloudflare) -> N custom_deny_url="custom_deny_url", custom_non_identity_deny_url="custom_non_identity_deny_url", custom_pages=["699d98642c564d2e855e9661899b7252"], + destinations=[ + { + "type": "public", + "uri": "test.example.com/admin", + }, + { + "type": "public", + "uri": "test.anotherexample.com/staff", + }, + { + "type": "public", + "uri": "10.5.0.2", + }, + { + "type": "public", + "uri": "10.5.0.3/32:1234-4321", + }, + { + "type": "public", + "uri": "private-sni.example.com", + }, + ], enable_binding_cookie=True, http_only_cookie_attribute=True, logo_url="https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg", @@ -2528,6 +2660,28 @@ async def test_method_create_with_all_params_overload_1(self, async_client: Asyn custom_deny_url="custom_deny_url", custom_non_identity_deny_url="custom_non_identity_deny_url", custom_pages=["699d98642c564d2e855e9661899b7252"], + destinations=[ + { + "type": "public", + "uri": "test.example.com/admin", + }, + { + "type": "public", + "uri": "test.anotherexample.com/staff", + }, + { + "type": "public", + "uri": "10.5.0.2", + }, + { + "type": "public", + "uri": "10.5.0.3/32:1234-4321", + }, + { + "type": "public", + "uri": "private-sni.example.com", + }, + ], enable_binding_cookie=True, http_only_cookie_attribute=True, logo_url="https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg", @@ -2777,6 +2931,28 @@ async def test_method_create_with_all_params_overload_3(self, async_client: Asyn custom_deny_url="custom_deny_url", custom_non_identity_deny_url="custom_non_identity_deny_url", custom_pages=["699d98642c564d2e855e9661899b7252"], + destinations=[ + { + "type": "public", + "uri": "test.example.com/admin", + }, + { + "type": "public", + "uri": "test.anotherexample.com/staff", + }, + { + "type": "public", + "uri": "10.5.0.2", + }, + { + "type": "public", + "uri": "10.5.0.3/32:1234-4321", + }, + { + "type": "public", + "uri": "private-sni.example.com", + }, + ], enable_binding_cookie=True, http_only_cookie_attribute=True, logo_url="https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg", @@ -2905,6 +3081,28 @@ async def test_method_create_with_all_params_overload_4(self, async_client: Asyn custom_deny_url="custom_deny_url", custom_non_identity_deny_url="custom_non_identity_deny_url", custom_pages=["699d98642c564d2e855e9661899b7252"], + destinations=[ + { + "type": "public", + "uri": "test.example.com/admin", + }, + { + "type": "public", + "uri": "test.anotherexample.com/staff", + }, + { + "type": "public", + "uri": "10.5.0.2", + }, + { + "type": "public", + "uri": "10.5.0.3/32:1234-4321", + }, + { + "type": "public", + "uri": "private-sni.example.com", + }, + ], enable_binding_cookie=True, http_only_cookie_attribute=True, logo_url="https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg", @@ -3570,6 +3768,28 @@ async def test_method_update_with_all_params_overload_1(self, async_client: Asyn custom_deny_url="custom_deny_url", custom_non_identity_deny_url="custom_non_identity_deny_url", custom_pages=["699d98642c564d2e855e9661899b7252"], + destinations=[ + { + "type": "public", + "uri": "test.example.com/admin", + }, + { + "type": "public", + "uri": "test.anotherexample.com/staff", + }, + { + "type": "public", + "uri": "10.5.0.2", + }, + { + "type": "public", + "uri": "10.5.0.3/32:1234-4321", + }, + { + "type": "public", + "uri": "private-sni.example.com", + }, + ], enable_binding_cookie=True, http_only_cookie_attribute=True, logo_url="https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg", @@ -3845,6 +4065,28 @@ async def test_method_update_with_all_params_overload_3(self, async_client: Asyn custom_deny_url="custom_deny_url", custom_non_identity_deny_url="custom_non_identity_deny_url", custom_pages=["699d98642c564d2e855e9661899b7252"], + destinations=[ + { + "type": "public", + "uri": "test.example.com/admin", + }, + { + "type": "public", + "uri": "test.anotherexample.com/staff", + }, + { + "type": "public", + "uri": "10.5.0.2", + }, + { + "type": "public", + "uri": "10.5.0.3/32:1234-4321", + }, + { + "type": "public", + "uri": "private-sni.example.com", + }, + ], enable_binding_cookie=True, http_only_cookie_attribute=True, logo_url="https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg", @@ -3987,6 +4229,28 @@ async def test_method_update_with_all_params_overload_4(self, async_client: Asyn custom_deny_url="custom_deny_url", custom_non_identity_deny_url="custom_non_identity_deny_url", custom_pages=["699d98642c564d2e855e9661899b7252"], + destinations=[ + { + "type": "public", + "uri": "test.example.com/admin", + }, + { + "type": "public", + "uri": "test.anotherexample.com/staff", + }, + { + "type": "public", + "uri": "10.5.0.2", + }, + { + "type": "public", + "uri": "10.5.0.3/32:1234-4321", + }, + { + "type": "public", + "uri": "private-sni.example.com", + }, + ], enable_binding_cookie=True, http_only_cookie_attribute=True, logo_url="https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg", diff --git a/tests/api_resources/zero_trust/test_organizations.py b/tests/api_resources/zero_trust/test_organizations.py index c9e36255338..fb6bc127b49 100644 --- a/tests/api_resources/zero_trust/test_organizations.py +++ b/tests/api_resources/zero_trust/test_organizations.py @@ -246,6 +246,10 @@ def test_method_revoke_users_with_all_params(self, client: Cloudflare) -> None: organization = client.zero_trust.organizations.revoke_users( email="test@example.com", account_id="account_id", + query_devices=True, + body_devices=True, + user_uid="699d98642c564d2e855e9661899b7252", + warp_session_reauth=True, ) assert_matches_type(Optional[OrganizationRevokeUsersResponse], organization, path=["response"]) @@ -522,6 +526,10 @@ async def test_method_revoke_users_with_all_params(self, async_client: AsyncClou organization = await async_client.zero_trust.organizations.revoke_users( email="test@example.com", account_id="account_id", + query_devices=True, + body_devices=True, + user_uid="699d98642c564d2e855e9661899b7252", + warp_session_reauth=True, ) assert_matches_type(Optional[OrganizationRevokeUsersResponse], organization, path=["response"])