From bdeedc5fbedab49243b3bad041fa5b515623c9ee Mon Sep 17 00:00:00 2001 From: stainless-bot Date: Thu, 21 Nov 2024 20:46:12 +0000 Subject: [PATCH] feat(api): api update --- .stats.yml | 2 +- zero_trust/accessapplication.go | 1046 +++++++++++++++++++++++--- zero_trust/accessapplication_test.go | 56 +- zero_trust/organization.go | 21 + zero_trust/organization_test.go | 8 +- 5 files changed, 1028 insertions(+), 105 deletions(-) diff --git a/.stats.yml b/.stats.yml index 26b763d67c5..72b7f7f18cd 100644 --- a/.stats.yml +++ b/.stats.yml @@ -1,2 +1,2 @@ configured_endpoints: 1449 -openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-f3bf5786ed274253519d4c0cf9abb19fb072872380a2c0bf90917f78f16cfaa6.yml +openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-1c6fe7515b7879a7cd51bbe9433aeee5d3d30feaf519f42d0d81c64b19f45875.yml diff --git a/zero_trust/accessapplication.go b/zero_trust/accessapplication.go index 6f28e5fe79d..dc809807907 100644 --- a/zero_trust/accessapplication.go +++ b/zero_trust/accessapplication.go @@ -1896,8 +1896,13 @@ type AccessApplicationNewResponse struct { CustomNonIdentityDenyURL string `json:"custom_non_identity_deny_url"` // This field can have the runtime type of [[]string]. CustomPages interface{} `json:"custom_pages"` - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // This field can have the runtime type of + // [[]AccessApplicationNewResponseSelfHostedApplicationDestination], + // [[]AccessApplicationNewResponseBrowserSSHApplicationDestination], + // [[]AccessApplicationNewResponseBrowserVNCApplicationDestination]. + Destinations interface{} `json:"destinations"` + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. @@ -1988,6 +1993,7 @@ type accessApplicationNewResponseJSON struct { CustomDenyURL apijson.Field CustomNonIdentityDenyURL apijson.Field CustomPages apijson.Field + Destinations apijson.Field Domain apijson.Field EnableBindingCookie apijson.Field FooterLinks apijson.Field @@ -2103,8 +2109,8 @@ func init() { } type AccessApplicationNewResponseSelfHostedApplication struct { - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain,required"` // The application type. Type string `json:"type,required"` @@ -2138,6 +2144,10 @@ type AccessApplicationNewResponseSelfHostedApplication struct { CustomNonIdentityDenyURL string `json:"custom_non_identity_deny_url"` // The custom pages that will be displayed when applicable for this application CustomPages []string `json:"custom_pages"` + // List of destinations secured by Access. This supersedes `self_hosted_domains` to + // allow for more flexibility in defining different types of domains. If + // `destinations` are provided, then `self_hosted_domains` will be ignored. + Destinations []AccessApplicationNewResponseSelfHostedApplicationDestination `json:"destinations"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. EnableBindingCookie bool `json:"enable_binding_cookie"` @@ -2161,7 +2171,9 @@ type AccessApplicationNewResponseSelfHostedApplication struct { // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. SCIMConfig AccessApplicationNewResponseSelfHostedApplicationSCIMConfig `json:"scim_config"` - // List of domains that Access will secure. + // List of public domains that Access will secure. This field is deprecated in + // favor of `destinations` and will be supported until **November 21, 2025.** If + // `destinations` are provided, then `self_hosted_domains` will be ignored. SelfHostedDomains []SelfHostedDomains `json:"self_hosted_domains"` // Returns a 401 status code when the request is blocked by a Service Auth policy. ServiceAuth401Redirect bool `json:"service_auth_401_redirect"` @@ -2195,6 +2207,7 @@ type accessApplicationNewResponseSelfHostedApplicationJSON struct { CustomDenyURL apijson.Field CustomNonIdentityDenyURL apijson.Field CustomPages apijson.Field + Destinations apijson.Field EnableBindingCookie apijson.Field HTTPOnlyCookieAttribute apijson.Field LogoURL apijson.Field @@ -2225,6 +2238,51 @@ func (r accessApplicationNewResponseSelfHostedApplicationJSON) RawJSON() string func (r AccessApplicationNewResponseSelfHostedApplication) implementsZeroTrustAccessApplicationNewResponse() { } +type AccessApplicationNewResponseSelfHostedApplicationDestination struct { + Type AccessApplicationNewResponseSelfHostedApplicationDestinationsType `json:"type"` + // The URI of the destination. Public destinations can include a domain and path + // with + // [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + // Private destinations are an early access feature and gated behind a feature + // flag. Private destinations support private IPv4, IPv6, and Server Name + // Indications (SNI) with optional port ranges. + URI string `json:"uri"` + JSON accessApplicationNewResponseSelfHostedApplicationDestinationJSON `json:"-"` +} + +// accessApplicationNewResponseSelfHostedApplicationDestinationJSON contains the +// JSON metadata for the struct +// [AccessApplicationNewResponseSelfHostedApplicationDestination] +type accessApplicationNewResponseSelfHostedApplicationDestinationJSON struct { + Type apijson.Field + URI apijson.Field + raw string + ExtraFields map[string]apijson.Field +} + +func (r *AccessApplicationNewResponseSelfHostedApplicationDestination) UnmarshalJSON(data []byte) (err error) { + return apijson.UnmarshalRoot(data, r) +} + +func (r accessApplicationNewResponseSelfHostedApplicationDestinationJSON) RawJSON() string { + return r.raw +} + +type AccessApplicationNewResponseSelfHostedApplicationDestinationsType string + +const ( + AccessApplicationNewResponseSelfHostedApplicationDestinationsTypePublic AccessApplicationNewResponseSelfHostedApplicationDestinationsType = "public" + AccessApplicationNewResponseSelfHostedApplicationDestinationsTypePrivate AccessApplicationNewResponseSelfHostedApplicationDestinationsType = "private" +) + +func (r AccessApplicationNewResponseSelfHostedApplicationDestinationsType) IsKnown() bool { + switch r { + case AccessApplicationNewResponseSelfHostedApplicationDestinationsTypePublic, AccessApplicationNewResponseSelfHostedApplicationDestinationsTypePrivate: + return true + } + return false +} + // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. type AccessApplicationNewResponseSelfHostedApplicationSCIMConfig struct { @@ -2770,8 +2828,8 @@ func (r AccessApplicationNewResponseSaaSApplicationSCIMConfigAuthenticationSchem } type AccessApplicationNewResponseBrowserSSHApplication struct { - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain,required"` // The application type. Type string `json:"type,required"` @@ -2805,6 +2863,10 @@ type AccessApplicationNewResponseBrowserSSHApplication struct { CustomNonIdentityDenyURL string `json:"custom_non_identity_deny_url"` // The custom pages that will be displayed when applicable for this application CustomPages []string `json:"custom_pages"` + // List of destinations secured by Access. This supersedes `self_hosted_domains` to + // allow for more flexibility in defining different types of domains. If + // `destinations` are provided, then `self_hosted_domains` will be ignored. + Destinations []AccessApplicationNewResponseBrowserSSHApplicationDestination `json:"destinations"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. EnableBindingCookie bool `json:"enable_binding_cookie"` @@ -2828,7 +2890,9 @@ type AccessApplicationNewResponseBrowserSSHApplication struct { // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. SCIMConfig AccessApplicationNewResponseBrowserSSHApplicationSCIMConfig `json:"scim_config"` - // List of domains that Access will secure. + // List of public domains that Access will secure. This field is deprecated in + // favor of `destinations` and will be supported until **November 21, 2025.** If + // `destinations` are provided, then `self_hosted_domains` will be ignored. SelfHostedDomains []SelfHostedDomains `json:"self_hosted_domains"` // Returns a 401 status code when the request is blocked by a Service Auth policy. ServiceAuth401Redirect bool `json:"service_auth_401_redirect"` @@ -2862,6 +2926,7 @@ type accessApplicationNewResponseBrowserSSHApplicationJSON struct { CustomDenyURL apijson.Field CustomNonIdentityDenyURL apijson.Field CustomPages apijson.Field + Destinations apijson.Field EnableBindingCookie apijson.Field HTTPOnlyCookieAttribute apijson.Field LogoURL apijson.Field @@ -2892,6 +2957,51 @@ func (r accessApplicationNewResponseBrowserSSHApplicationJSON) RawJSON() string func (r AccessApplicationNewResponseBrowserSSHApplication) implementsZeroTrustAccessApplicationNewResponse() { } +type AccessApplicationNewResponseBrowserSSHApplicationDestination struct { + Type AccessApplicationNewResponseBrowserSSHApplicationDestinationsType `json:"type"` + // The URI of the destination. Public destinations can include a domain and path + // with + // [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + // Private destinations are an early access feature and gated behind a feature + // flag. Private destinations support private IPv4, IPv6, and Server Name + // Indications (SNI) with optional port ranges. + URI string `json:"uri"` + JSON accessApplicationNewResponseBrowserSSHApplicationDestinationJSON `json:"-"` +} + +// accessApplicationNewResponseBrowserSSHApplicationDestinationJSON contains the +// JSON metadata for the struct +// [AccessApplicationNewResponseBrowserSSHApplicationDestination] +type accessApplicationNewResponseBrowserSSHApplicationDestinationJSON struct { + Type apijson.Field + URI apijson.Field + raw string + ExtraFields map[string]apijson.Field +} + +func (r *AccessApplicationNewResponseBrowserSSHApplicationDestination) UnmarshalJSON(data []byte) (err error) { + return apijson.UnmarshalRoot(data, r) +} + +func (r accessApplicationNewResponseBrowserSSHApplicationDestinationJSON) RawJSON() string { + return r.raw +} + +type AccessApplicationNewResponseBrowserSSHApplicationDestinationsType string + +const ( + AccessApplicationNewResponseBrowserSSHApplicationDestinationsTypePublic AccessApplicationNewResponseBrowserSSHApplicationDestinationsType = "public" + AccessApplicationNewResponseBrowserSSHApplicationDestinationsTypePrivate AccessApplicationNewResponseBrowserSSHApplicationDestinationsType = "private" +) + +func (r AccessApplicationNewResponseBrowserSSHApplicationDestinationsType) IsKnown() bool { + switch r { + case AccessApplicationNewResponseBrowserSSHApplicationDestinationsTypePublic, AccessApplicationNewResponseBrowserSSHApplicationDestinationsTypePrivate: + return true + } + return false +} + // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. type AccessApplicationNewResponseBrowserSSHApplicationSCIMConfig struct { @@ -3054,8 +3164,8 @@ func (r AccessApplicationNewResponseBrowserSSHApplicationSCIMConfigAuthenticatio } type AccessApplicationNewResponseBrowserVNCApplication struct { - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain,required"` // The application type. Type string `json:"type,required"` @@ -3089,6 +3199,10 @@ type AccessApplicationNewResponseBrowserVNCApplication struct { CustomNonIdentityDenyURL string `json:"custom_non_identity_deny_url"` // The custom pages that will be displayed when applicable for this application CustomPages []string `json:"custom_pages"` + // List of destinations secured by Access. This supersedes `self_hosted_domains` to + // allow for more flexibility in defining different types of domains. If + // `destinations` are provided, then `self_hosted_domains` will be ignored. + Destinations []AccessApplicationNewResponseBrowserVNCApplicationDestination `json:"destinations"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. EnableBindingCookie bool `json:"enable_binding_cookie"` @@ -3112,7 +3226,9 @@ type AccessApplicationNewResponseBrowserVNCApplication struct { // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. SCIMConfig AccessApplicationNewResponseBrowserVNCApplicationSCIMConfig `json:"scim_config"` - // List of domains that Access will secure. + // List of public domains that Access will secure. This field is deprecated in + // favor of `destinations` and will be supported until **November 21, 2025.** If + // `destinations` are provided, then `self_hosted_domains` will be ignored. SelfHostedDomains []SelfHostedDomains `json:"self_hosted_domains"` // Returns a 401 status code when the request is blocked by a Service Auth policy. ServiceAuth401Redirect bool `json:"service_auth_401_redirect"` @@ -3146,6 +3262,7 @@ type accessApplicationNewResponseBrowserVNCApplicationJSON struct { CustomDenyURL apijson.Field CustomNonIdentityDenyURL apijson.Field CustomPages apijson.Field + Destinations apijson.Field EnableBindingCookie apijson.Field HTTPOnlyCookieAttribute apijson.Field LogoURL apijson.Field @@ -3176,6 +3293,51 @@ func (r accessApplicationNewResponseBrowserVNCApplicationJSON) RawJSON() string func (r AccessApplicationNewResponseBrowserVNCApplication) implementsZeroTrustAccessApplicationNewResponse() { } +type AccessApplicationNewResponseBrowserVNCApplicationDestination struct { + Type AccessApplicationNewResponseBrowserVNCApplicationDestinationsType `json:"type"` + // The URI of the destination. Public destinations can include a domain and path + // with + // [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + // Private destinations are an early access feature and gated behind a feature + // flag. Private destinations support private IPv4, IPv6, and Server Name + // Indications (SNI) with optional port ranges. + URI string `json:"uri"` + JSON accessApplicationNewResponseBrowserVNCApplicationDestinationJSON `json:"-"` +} + +// accessApplicationNewResponseBrowserVNCApplicationDestinationJSON contains the +// JSON metadata for the struct +// [AccessApplicationNewResponseBrowserVNCApplicationDestination] +type accessApplicationNewResponseBrowserVNCApplicationDestinationJSON struct { + Type apijson.Field + URI apijson.Field + raw string + ExtraFields map[string]apijson.Field +} + +func (r *AccessApplicationNewResponseBrowserVNCApplicationDestination) UnmarshalJSON(data []byte) (err error) { + return apijson.UnmarshalRoot(data, r) +} + +func (r accessApplicationNewResponseBrowserVNCApplicationDestinationJSON) RawJSON() string { + return r.raw +} + +type AccessApplicationNewResponseBrowserVNCApplicationDestinationsType string + +const ( + AccessApplicationNewResponseBrowserVNCApplicationDestinationsTypePublic AccessApplicationNewResponseBrowserVNCApplicationDestinationsType = "public" + AccessApplicationNewResponseBrowserVNCApplicationDestinationsTypePrivate AccessApplicationNewResponseBrowserVNCApplicationDestinationsType = "private" +) + +func (r AccessApplicationNewResponseBrowserVNCApplicationDestinationsType) IsKnown() bool { + switch r { + case AccessApplicationNewResponseBrowserVNCApplicationDestinationsTypePublic, AccessApplicationNewResponseBrowserVNCApplicationDestinationsTypePrivate: + return true + } + return false +} + // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. type AccessApplicationNewResponseBrowserVNCApplicationSCIMConfig struct { @@ -3355,8 +3517,8 @@ type AccessApplicationNewResponseAppLauncherApplication struct { // The background color of the App Launcher page. BgColor string `json:"bg_color"` CreatedAt time.Time `json:"created_at" format:"date-time"` - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain"` // The links in the App Launcher footer. FooterLinks []AccessApplicationNewResponseAppLauncherApplicationFooterLink `json:"footer_links"` @@ -3657,8 +3819,8 @@ type AccessApplicationNewResponseDeviceEnrollmentPermissionsApplication struct { // The background color of the App Launcher page. BgColor string `json:"bg_color"` CreatedAt time.Time `json:"created_at" format:"date-time"` - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain"` // The links in the App Launcher footer. FooterLinks []AccessApplicationNewResponseDeviceEnrollmentPermissionsApplicationFooterLink `json:"footer_links"` @@ -3960,8 +4122,8 @@ type AccessApplicationNewResponseBrowserIsolationPermissionsApplication struct { // The background color of the App Launcher page. BgColor string `json:"bg_color"` CreatedAt time.Time `json:"created_at" format:"date-time"` - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain"` // The links in the App Launcher footer. FooterLinks []AccessApplicationNewResponseBrowserIsolationPermissionsApplicationFooterLink `json:"footer_links"` @@ -4793,8 +4955,13 @@ type AccessApplicationUpdateResponse struct { CustomNonIdentityDenyURL string `json:"custom_non_identity_deny_url"` // This field can have the runtime type of [[]string]. CustomPages interface{} `json:"custom_pages"` - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // This field can have the runtime type of + // [[]AccessApplicationUpdateResponseSelfHostedApplicationDestination], + // [[]AccessApplicationUpdateResponseBrowserSSHApplicationDestination], + // [[]AccessApplicationUpdateResponseBrowserVNCApplicationDestination]. + Destinations interface{} `json:"destinations"` + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. @@ -4885,6 +5052,7 @@ type accessApplicationUpdateResponseJSON struct { CustomDenyURL apijson.Field CustomNonIdentityDenyURL apijson.Field CustomPages apijson.Field + Destinations apijson.Field Domain apijson.Field EnableBindingCookie apijson.Field FooterLinks apijson.Field @@ -5000,8 +5168,8 @@ func init() { } type AccessApplicationUpdateResponseSelfHostedApplication struct { - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain,required"` // The application type. Type string `json:"type,required"` @@ -5035,6 +5203,10 @@ type AccessApplicationUpdateResponseSelfHostedApplication struct { CustomNonIdentityDenyURL string `json:"custom_non_identity_deny_url"` // The custom pages that will be displayed when applicable for this application CustomPages []string `json:"custom_pages"` + // List of destinations secured by Access. This supersedes `self_hosted_domains` to + // allow for more flexibility in defining different types of domains. If + // `destinations` are provided, then `self_hosted_domains` will be ignored. + Destinations []AccessApplicationUpdateResponseSelfHostedApplicationDestination `json:"destinations"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. EnableBindingCookie bool `json:"enable_binding_cookie"` @@ -5058,7 +5230,9 @@ type AccessApplicationUpdateResponseSelfHostedApplication struct { // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. SCIMConfig AccessApplicationUpdateResponseSelfHostedApplicationSCIMConfig `json:"scim_config"` - // List of domains that Access will secure. + // List of public domains that Access will secure. This field is deprecated in + // favor of `destinations` and will be supported until **November 21, 2025.** If + // `destinations` are provided, then `self_hosted_domains` will be ignored. SelfHostedDomains []SelfHostedDomains `json:"self_hosted_domains"` // Returns a 401 status code when the request is blocked by a Service Auth policy. ServiceAuth401Redirect bool `json:"service_auth_401_redirect"` @@ -5092,6 +5266,7 @@ type accessApplicationUpdateResponseSelfHostedApplicationJSON struct { CustomDenyURL apijson.Field CustomNonIdentityDenyURL apijson.Field CustomPages apijson.Field + Destinations apijson.Field EnableBindingCookie apijson.Field HTTPOnlyCookieAttribute apijson.Field LogoURL apijson.Field @@ -5122,6 +5297,51 @@ func (r accessApplicationUpdateResponseSelfHostedApplicationJSON) RawJSON() stri func (r AccessApplicationUpdateResponseSelfHostedApplication) implementsZeroTrustAccessApplicationUpdateResponse() { } +type AccessApplicationUpdateResponseSelfHostedApplicationDestination struct { + Type AccessApplicationUpdateResponseSelfHostedApplicationDestinationsType `json:"type"` + // The URI of the destination. Public destinations can include a domain and path + // with + // [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + // Private destinations are an early access feature and gated behind a feature + // flag. Private destinations support private IPv4, IPv6, and Server Name + // Indications (SNI) with optional port ranges. + URI string `json:"uri"` + JSON accessApplicationUpdateResponseSelfHostedApplicationDestinationJSON `json:"-"` +} + +// accessApplicationUpdateResponseSelfHostedApplicationDestinationJSON contains the +// JSON metadata for the struct +// [AccessApplicationUpdateResponseSelfHostedApplicationDestination] +type accessApplicationUpdateResponseSelfHostedApplicationDestinationJSON struct { + Type apijson.Field + URI apijson.Field + raw string + ExtraFields map[string]apijson.Field +} + +func (r *AccessApplicationUpdateResponseSelfHostedApplicationDestination) UnmarshalJSON(data []byte) (err error) { + return apijson.UnmarshalRoot(data, r) +} + +func (r accessApplicationUpdateResponseSelfHostedApplicationDestinationJSON) RawJSON() string { + return r.raw +} + +type AccessApplicationUpdateResponseSelfHostedApplicationDestinationsType string + +const ( + AccessApplicationUpdateResponseSelfHostedApplicationDestinationsTypePublic AccessApplicationUpdateResponseSelfHostedApplicationDestinationsType = "public" + AccessApplicationUpdateResponseSelfHostedApplicationDestinationsTypePrivate AccessApplicationUpdateResponseSelfHostedApplicationDestinationsType = "private" +) + +func (r AccessApplicationUpdateResponseSelfHostedApplicationDestinationsType) IsKnown() bool { + switch r { + case AccessApplicationUpdateResponseSelfHostedApplicationDestinationsTypePublic, AccessApplicationUpdateResponseSelfHostedApplicationDestinationsTypePrivate: + return true + } + return false +} + // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. type AccessApplicationUpdateResponseSelfHostedApplicationSCIMConfig struct { @@ -5668,8 +5888,8 @@ func (r AccessApplicationUpdateResponseSaaSApplicationSCIMConfigAuthenticationSc } type AccessApplicationUpdateResponseBrowserSSHApplication struct { - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain,required"` // The application type. Type string `json:"type,required"` @@ -5703,6 +5923,10 @@ type AccessApplicationUpdateResponseBrowserSSHApplication struct { CustomNonIdentityDenyURL string `json:"custom_non_identity_deny_url"` // The custom pages that will be displayed when applicable for this application CustomPages []string `json:"custom_pages"` + // List of destinations secured by Access. This supersedes `self_hosted_domains` to + // allow for more flexibility in defining different types of domains. If + // `destinations` are provided, then `self_hosted_domains` will be ignored. + Destinations []AccessApplicationUpdateResponseBrowserSSHApplicationDestination `json:"destinations"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. EnableBindingCookie bool `json:"enable_binding_cookie"` @@ -5726,7 +5950,9 @@ type AccessApplicationUpdateResponseBrowserSSHApplication struct { // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. SCIMConfig AccessApplicationUpdateResponseBrowserSSHApplicationSCIMConfig `json:"scim_config"` - // List of domains that Access will secure. + // List of public domains that Access will secure. This field is deprecated in + // favor of `destinations` and will be supported until **November 21, 2025.** If + // `destinations` are provided, then `self_hosted_domains` will be ignored. SelfHostedDomains []SelfHostedDomains `json:"self_hosted_domains"` // Returns a 401 status code when the request is blocked by a Service Auth policy. ServiceAuth401Redirect bool `json:"service_auth_401_redirect"` @@ -5760,6 +5986,7 @@ type accessApplicationUpdateResponseBrowserSSHApplicationJSON struct { CustomDenyURL apijson.Field CustomNonIdentityDenyURL apijson.Field CustomPages apijson.Field + Destinations apijson.Field EnableBindingCookie apijson.Field HTTPOnlyCookieAttribute apijson.Field LogoURL apijson.Field @@ -5790,6 +6017,51 @@ func (r accessApplicationUpdateResponseBrowserSSHApplicationJSON) RawJSON() stri func (r AccessApplicationUpdateResponseBrowserSSHApplication) implementsZeroTrustAccessApplicationUpdateResponse() { } +type AccessApplicationUpdateResponseBrowserSSHApplicationDestination struct { + Type AccessApplicationUpdateResponseBrowserSSHApplicationDestinationsType `json:"type"` + // The URI of the destination. Public destinations can include a domain and path + // with + // [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + // Private destinations are an early access feature and gated behind a feature + // flag. Private destinations support private IPv4, IPv6, and Server Name + // Indications (SNI) with optional port ranges. + URI string `json:"uri"` + JSON accessApplicationUpdateResponseBrowserSSHApplicationDestinationJSON `json:"-"` +} + +// accessApplicationUpdateResponseBrowserSSHApplicationDestinationJSON contains the +// JSON metadata for the struct +// [AccessApplicationUpdateResponseBrowserSSHApplicationDestination] +type accessApplicationUpdateResponseBrowserSSHApplicationDestinationJSON struct { + Type apijson.Field + URI apijson.Field + raw string + ExtraFields map[string]apijson.Field +} + +func (r *AccessApplicationUpdateResponseBrowserSSHApplicationDestination) UnmarshalJSON(data []byte) (err error) { + return apijson.UnmarshalRoot(data, r) +} + +func (r accessApplicationUpdateResponseBrowserSSHApplicationDestinationJSON) RawJSON() string { + return r.raw +} + +type AccessApplicationUpdateResponseBrowserSSHApplicationDestinationsType string + +const ( + AccessApplicationUpdateResponseBrowserSSHApplicationDestinationsTypePublic AccessApplicationUpdateResponseBrowserSSHApplicationDestinationsType = "public" + AccessApplicationUpdateResponseBrowserSSHApplicationDestinationsTypePrivate AccessApplicationUpdateResponseBrowserSSHApplicationDestinationsType = "private" +) + +func (r AccessApplicationUpdateResponseBrowserSSHApplicationDestinationsType) IsKnown() bool { + switch r { + case AccessApplicationUpdateResponseBrowserSSHApplicationDestinationsTypePublic, AccessApplicationUpdateResponseBrowserSSHApplicationDestinationsTypePrivate: + return true + } + return false +} + // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. type AccessApplicationUpdateResponseBrowserSSHApplicationSCIMConfig struct { @@ -5952,8 +6224,8 @@ func (r AccessApplicationUpdateResponseBrowserSSHApplicationSCIMConfigAuthentica } type AccessApplicationUpdateResponseBrowserVNCApplication struct { - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain,required"` // The application type. Type string `json:"type,required"` @@ -5987,6 +6259,10 @@ type AccessApplicationUpdateResponseBrowserVNCApplication struct { CustomNonIdentityDenyURL string `json:"custom_non_identity_deny_url"` // The custom pages that will be displayed when applicable for this application CustomPages []string `json:"custom_pages"` + // List of destinations secured by Access. This supersedes `self_hosted_domains` to + // allow for more flexibility in defining different types of domains. If + // `destinations` are provided, then `self_hosted_domains` will be ignored. + Destinations []AccessApplicationUpdateResponseBrowserVNCApplicationDestination `json:"destinations"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. EnableBindingCookie bool `json:"enable_binding_cookie"` @@ -6010,7 +6286,9 @@ type AccessApplicationUpdateResponseBrowserVNCApplication struct { // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. SCIMConfig AccessApplicationUpdateResponseBrowserVNCApplicationSCIMConfig `json:"scim_config"` - // List of domains that Access will secure. + // List of public domains that Access will secure. This field is deprecated in + // favor of `destinations` and will be supported until **November 21, 2025.** If + // `destinations` are provided, then `self_hosted_domains` will be ignored. SelfHostedDomains []SelfHostedDomains `json:"self_hosted_domains"` // Returns a 401 status code when the request is blocked by a Service Auth policy. ServiceAuth401Redirect bool `json:"service_auth_401_redirect"` @@ -6044,6 +6322,7 @@ type accessApplicationUpdateResponseBrowserVNCApplicationJSON struct { CustomDenyURL apijson.Field CustomNonIdentityDenyURL apijson.Field CustomPages apijson.Field + Destinations apijson.Field EnableBindingCookie apijson.Field HTTPOnlyCookieAttribute apijson.Field LogoURL apijson.Field @@ -6074,6 +6353,51 @@ func (r accessApplicationUpdateResponseBrowserVNCApplicationJSON) RawJSON() stri func (r AccessApplicationUpdateResponseBrowserVNCApplication) implementsZeroTrustAccessApplicationUpdateResponse() { } +type AccessApplicationUpdateResponseBrowserVNCApplicationDestination struct { + Type AccessApplicationUpdateResponseBrowserVNCApplicationDestinationsType `json:"type"` + // The URI of the destination. Public destinations can include a domain and path + // with + // [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + // Private destinations are an early access feature and gated behind a feature + // flag. Private destinations support private IPv4, IPv6, and Server Name + // Indications (SNI) with optional port ranges. + URI string `json:"uri"` + JSON accessApplicationUpdateResponseBrowserVNCApplicationDestinationJSON `json:"-"` +} + +// accessApplicationUpdateResponseBrowserVNCApplicationDestinationJSON contains the +// JSON metadata for the struct +// [AccessApplicationUpdateResponseBrowserVNCApplicationDestination] +type accessApplicationUpdateResponseBrowserVNCApplicationDestinationJSON struct { + Type apijson.Field + URI apijson.Field + raw string + ExtraFields map[string]apijson.Field +} + +func (r *AccessApplicationUpdateResponseBrowserVNCApplicationDestination) UnmarshalJSON(data []byte) (err error) { + return apijson.UnmarshalRoot(data, r) +} + +func (r accessApplicationUpdateResponseBrowserVNCApplicationDestinationJSON) RawJSON() string { + return r.raw +} + +type AccessApplicationUpdateResponseBrowserVNCApplicationDestinationsType string + +const ( + AccessApplicationUpdateResponseBrowserVNCApplicationDestinationsTypePublic AccessApplicationUpdateResponseBrowserVNCApplicationDestinationsType = "public" + AccessApplicationUpdateResponseBrowserVNCApplicationDestinationsTypePrivate AccessApplicationUpdateResponseBrowserVNCApplicationDestinationsType = "private" +) + +func (r AccessApplicationUpdateResponseBrowserVNCApplicationDestinationsType) IsKnown() bool { + switch r { + case AccessApplicationUpdateResponseBrowserVNCApplicationDestinationsTypePublic, AccessApplicationUpdateResponseBrowserVNCApplicationDestinationsTypePrivate: + return true + } + return false +} + // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. type AccessApplicationUpdateResponseBrowserVNCApplicationSCIMConfig struct { @@ -6253,8 +6577,8 @@ type AccessApplicationUpdateResponseAppLauncherApplication struct { // The background color of the App Launcher page. BgColor string `json:"bg_color"` CreatedAt time.Time `json:"created_at" format:"date-time"` - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain"` // The links in the App Launcher footer. FooterLinks []AccessApplicationUpdateResponseAppLauncherApplicationFooterLink `json:"footer_links"` @@ -6555,8 +6879,8 @@ type AccessApplicationUpdateResponseDeviceEnrollmentPermissionsApplication struc // The background color of the App Launcher page. BgColor string `json:"bg_color"` CreatedAt time.Time `json:"created_at" format:"date-time"` - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain"` // The links in the App Launcher footer. FooterLinks []AccessApplicationUpdateResponseDeviceEnrollmentPermissionsApplicationFooterLink `json:"footer_links"` @@ -6858,8 +7182,8 @@ type AccessApplicationUpdateResponseBrowserIsolationPermissionsApplication struc // The background color of the App Launcher page. BgColor string `json:"bg_color"` CreatedAt time.Time `json:"created_at" format:"date-time"` - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain"` // The links in the App Launcher footer. FooterLinks []AccessApplicationUpdateResponseBrowserIsolationPermissionsApplicationFooterLink `json:"footer_links"` @@ -7692,8 +8016,13 @@ type AccessApplicationListResponse struct { CustomNonIdentityDenyURL string `json:"custom_non_identity_deny_url"` // This field can have the runtime type of [[]string]. CustomPages interface{} `json:"custom_pages"` - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // This field can have the runtime type of + // [[]AccessApplicationListResponseSelfHostedApplicationDestination], + // [[]AccessApplicationListResponseBrowserSSHApplicationDestination], + // [[]AccessApplicationListResponseBrowserVNCApplicationDestination]. + Destinations interface{} `json:"destinations"` + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. @@ -7784,6 +8113,7 @@ type accessApplicationListResponseJSON struct { CustomDenyURL apijson.Field CustomNonIdentityDenyURL apijson.Field CustomPages apijson.Field + Destinations apijson.Field Domain apijson.Field EnableBindingCookie apijson.Field FooterLinks apijson.Field @@ -7899,8 +8229,8 @@ func init() { } type AccessApplicationListResponseSelfHostedApplication struct { - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain,required"` // The application type. Type string `json:"type,required"` @@ -7934,6 +8264,10 @@ type AccessApplicationListResponseSelfHostedApplication struct { CustomNonIdentityDenyURL string `json:"custom_non_identity_deny_url"` // The custom pages that will be displayed when applicable for this application CustomPages []string `json:"custom_pages"` + // List of destinations secured by Access. This supersedes `self_hosted_domains` to + // allow for more flexibility in defining different types of domains. If + // `destinations` are provided, then `self_hosted_domains` will be ignored. + Destinations []AccessApplicationListResponseSelfHostedApplicationDestination `json:"destinations"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. EnableBindingCookie bool `json:"enable_binding_cookie"` @@ -7957,7 +8291,9 @@ type AccessApplicationListResponseSelfHostedApplication struct { // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. SCIMConfig AccessApplicationListResponseSelfHostedApplicationSCIMConfig `json:"scim_config"` - // List of domains that Access will secure. + // List of public domains that Access will secure. This field is deprecated in + // favor of `destinations` and will be supported until **November 21, 2025.** If + // `destinations` are provided, then `self_hosted_domains` will be ignored. SelfHostedDomains []SelfHostedDomains `json:"self_hosted_domains"` // Returns a 401 status code when the request is blocked by a Service Auth policy. ServiceAuth401Redirect bool `json:"service_auth_401_redirect"` @@ -7991,6 +8327,7 @@ type accessApplicationListResponseSelfHostedApplicationJSON struct { CustomDenyURL apijson.Field CustomNonIdentityDenyURL apijson.Field CustomPages apijson.Field + Destinations apijson.Field EnableBindingCookie apijson.Field HTTPOnlyCookieAttribute apijson.Field LogoURL apijson.Field @@ -8021,6 +8358,51 @@ func (r accessApplicationListResponseSelfHostedApplicationJSON) RawJSON() string func (r AccessApplicationListResponseSelfHostedApplication) implementsZeroTrustAccessApplicationListResponse() { } +type AccessApplicationListResponseSelfHostedApplicationDestination struct { + Type AccessApplicationListResponseSelfHostedApplicationDestinationsType `json:"type"` + // The URI of the destination. Public destinations can include a domain and path + // with + // [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + // Private destinations are an early access feature and gated behind a feature + // flag. Private destinations support private IPv4, IPv6, and Server Name + // Indications (SNI) with optional port ranges. + URI string `json:"uri"` + JSON accessApplicationListResponseSelfHostedApplicationDestinationJSON `json:"-"` +} + +// accessApplicationListResponseSelfHostedApplicationDestinationJSON contains the +// JSON metadata for the struct +// [AccessApplicationListResponseSelfHostedApplicationDestination] +type accessApplicationListResponseSelfHostedApplicationDestinationJSON struct { + Type apijson.Field + URI apijson.Field + raw string + ExtraFields map[string]apijson.Field +} + +func (r *AccessApplicationListResponseSelfHostedApplicationDestination) UnmarshalJSON(data []byte) (err error) { + return apijson.UnmarshalRoot(data, r) +} + +func (r accessApplicationListResponseSelfHostedApplicationDestinationJSON) RawJSON() string { + return r.raw +} + +type AccessApplicationListResponseSelfHostedApplicationDestinationsType string + +const ( + AccessApplicationListResponseSelfHostedApplicationDestinationsTypePublic AccessApplicationListResponseSelfHostedApplicationDestinationsType = "public" + AccessApplicationListResponseSelfHostedApplicationDestinationsTypePrivate AccessApplicationListResponseSelfHostedApplicationDestinationsType = "private" +) + +func (r AccessApplicationListResponseSelfHostedApplicationDestinationsType) IsKnown() bool { + switch r { + case AccessApplicationListResponseSelfHostedApplicationDestinationsTypePublic, AccessApplicationListResponseSelfHostedApplicationDestinationsTypePrivate: + return true + } + return false +} + // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. type AccessApplicationListResponseSelfHostedApplicationSCIMConfig struct { @@ -8566,8 +8948,8 @@ func (r AccessApplicationListResponseSaaSApplicationSCIMConfigAuthenticationSche } type AccessApplicationListResponseBrowserSSHApplication struct { - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain,required"` // The application type. Type string `json:"type,required"` @@ -8601,6 +8983,10 @@ type AccessApplicationListResponseBrowserSSHApplication struct { CustomNonIdentityDenyURL string `json:"custom_non_identity_deny_url"` // The custom pages that will be displayed when applicable for this application CustomPages []string `json:"custom_pages"` + // List of destinations secured by Access. This supersedes `self_hosted_domains` to + // allow for more flexibility in defining different types of domains. If + // `destinations` are provided, then `self_hosted_domains` will be ignored. + Destinations []AccessApplicationListResponseBrowserSSHApplicationDestination `json:"destinations"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. EnableBindingCookie bool `json:"enable_binding_cookie"` @@ -8624,7 +9010,9 @@ type AccessApplicationListResponseBrowserSSHApplication struct { // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. SCIMConfig AccessApplicationListResponseBrowserSSHApplicationSCIMConfig `json:"scim_config"` - // List of domains that Access will secure. + // List of public domains that Access will secure. This field is deprecated in + // favor of `destinations` and will be supported until **November 21, 2025.** If + // `destinations` are provided, then `self_hosted_domains` will be ignored. SelfHostedDomains []SelfHostedDomains `json:"self_hosted_domains"` // Returns a 401 status code when the request is blocked by a Service Auth policy. ServiceAuth401Redirect bool `json:"service_auth_401_redirect"` @@ -8658,6 +9046,7 @@ type accessApplicationListResponseBrowserSSHApplicationJSON struct { CustomDenyURL apijson.Field CustomNonIdentityDenyURL apijson.Field CustomPages apijson.Field + Destinations apijson.Field EnableBindingCookie apijson.Field HTTPOnlyCookieAttribute apijson.Field LogoURL apijson.Field @@ -8688,6 +9077,51 @@ func (r accessApplicationListResponseBrowserSSHApplicationJSON) RawJSON() string func (r AccessApplicationListResponseBrowserSSHApplication) implementsZeroTrustAccessApplicationListResponse() { } +type AccessApplicationListResponseBrowserSSHApplicationDestination struct { + Type AccessApplicationListResponseBrowserSSHApplicationDestinationsType `json:"type"` + // The URI of the destination. Public destinations can include a domain and path + // with + // [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + // Private destinations are an early access feature and gated behind a feature + // flag. Private destinations support private IPv4, IPv6, and Server Name + // Indications (SNI) with optional port ranges. + URI string `json:"uri"` + JSON accessApplicationListResponseBrowserSSHApplicationDestinationJSON `json:"-"` +} + +// accessApplicationListResponseBrowserSSHApplicationDestinationJSON contains the +// JSON metadata for the struct +// [AccessApplicationListResponseBrowserSSHApplicationDestination] +type accessApplicationListResponseBrowserSSHApplicationDestinationJSON struct { + Type apijson.Field + URI apijson.Field + raw string + ExtraFields map[string]apijson.Field +} + +func (r *AccessApplicationListResponseBrowserSSHApplicationDestination) UnmarshalJSON(data []byte) (err error) { + return apijson.UnmarshalRoot(data, r) +} + +func (r accessApplicationListResponseBrowserSSHApplicationDestinationJSON) RawJSON() string { + return r.raw +} + +type AccessApplicationListResponseBrowserSSHApplicationDestinationsType string + +const ( + AccessApplicationListResponseBrowserSSHApplicationDestinationsTypePublic AccessApplicationListResponseBrowserSSHApplicationDestinationsType = "public" + AccessApplicationListResponseBrowserSSHApplicationDestinationsTypePrivate AccessApplicationListResponseBrowserSSHApplicationDestinationsType = "private" +) + +func (r AccessApplicationListResponseBrowserSSHApplicationDestinationsType) IsKnown() bool { + switch r { + case AccessApplicationListResponseBrowserSSHApplicationDestinationsTypePublic, AccessApplicationListResponseBrowserSSHApplicationDestinationsTypePrivate: + return true + } + return false +} + // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. type AccessApplicationListResponseBrowserSSHApplicationSCIMConfig struct { @@ -8850,8 +9284,8 @@ func (r AccessApplicationListResponseBrowserSSHApplicationSCIMConfigAuthenticati } type AccessApplicationListResponseBrowserVNCApplication struct { - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain,required"` // The application type. Type string `json:"type,required"` @@ -8885,6 +9319,10 @@ type AccessApplicationListResponseBrowserVNCApplication struct { CustomNonIdentityDenyURL string `json:"custom_non_identity_deny_url"` // The custom pages that will be displayed when applicable for this application CustomPages []string `json:"custom_pages"` + // List of destinations secured by Access. This supersedes `self_hosted_domains` to + // allow for more flexibility in defining different types of domains. If + // `destinations` are provided, then `self_hosted_domains` will be ignored. + Destinations []AccessApplicationListResponseBrowserVNCApplicationDestination `json:"destinations"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. EnableBindingCookie bool `json:"enable_binding_cookie"` @@ -8908,7 +9346,9 @@ type AccessApplicationListResponseBrowserVNCApplication struct { // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. SCIMConfig AccessApplicationListResponseBrowserVNCApplicationSCIMConfig `json:"scim_config"` - // List of domains that Access will secure. + // List of public domains that Access will secure. This field is deprecated in + // favor of `destinations` and will be supported until **November 21, 2025.** If + // `destinations` are provided, then `self_hosted_domains` will be ignored. SelfHostedDomains []SelfHostedDomains `json:"self_hosted_domains"` // Returns a 401 status code when the request is blocked by a Service Auth policy. ServiceAuth401Redirect bool `json:"service_auth_401_redirect"` @@ -8942,6 +9382,7 @@ type accessApplicationListResponseBrowserVNCApplicationJSON struct { CustomDenyURL apijson.Field CustomNonIdentityDenyURL apijson.Field CustomPages apijson.Field + Destinations apijson.Field EnableBindingCookie apijson.Field HTTPOnlyCookieAttribute apijson.Field LogoURL apijson.Field @@ -8972,6 +9413,51 @@ func (r accessApplicationListResponseBrowserVNCApplicationJSON) RawJSON() string func (r AccessApplicationListResponseBrowserVNCApplication) implementsZeroTrustAccessApplicationListResponse() { } +type AccessApplicationListResponseBrowserVNCApplicationDestination struct { + Type AccessApplicationListResponseBrowserVNCApplicationDestinationsType `json:"type"` + // The URI of the destination. Public destinations can include a domain and path + // with + // [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + // Private destinations are an early access feature and gated behind a feature + // flag. Private destinations support private IPv4, IPv6, and Server Name + // Indications (SNI) with optional port ranges. + URI string `json:"uri"` + JSON accessApplicationListResponseBrowserVNCApplicationDestinationJSON `json:"-"` +} + +// accessApplicationListResponseBrowserVNCApplicationDestinationJSON contains the +// JSON metadata for the struct +// [AccessApplicationListResponseBrowserVNCApplicationDestination] +type accessApplicationListResponseBrowserVNCApplicationDestinationJSON struct { + Type apijson.Field + URI apijson.Field + raw string + ExtraFields map[string]apijson.Field +} + +func (r *AccessApplicationListResponseBrowserVNCApplicationDestination) UnmarshalJSON(data []byte) (err error) { + return apijson.UnmarshalRoot(data, r) +} + +func (r accessApplicationListResponseBrowserVNCApplicationDestinationJSON) RawJSON() string { + return r.raw +} + +type AccessApplicationListResponseBrowserVNCApplicationDestinationsType string + +const ( + AccessApplicationListResponseBrowserVNCApplicationDestinationsTypePublic AccessApplicationListResponseBrowserVNCApplicationDestinationsType = "public" + AccessApplicationListResponseBrowserVNCApplicationDestinationsTypePrivate AccessApplicationListResponseBrowserVNCApplicationDestinationsType = "private" +) + +func (r AccessApplicationListResponseBrowserVNCApplicationDestinationsType) IsKnown() bool { + switch r { + case AccessApplicationListResponseBrowserVNCApplicationDestinationsTypePublic, AccessApplicationListResponseBrowserVNCApplicationDestinationsTypePrivate: + return true + } + return false +} + // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. type AccessApplicationListResponseBrowserVNCApplicationSCIMConfig struct { @@ -9151,8 +9637,8 @@ type AccessApplicationListResponseAppLauncherApplication struct { // The background color of the App Launcher page. BgColor string `json:"bg_color"` CreatedAt time.Time `json:"created_at" format:"date-time"` - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain"` // The links in the App Launcher footer. FooterLinks []AccessApplicationListResponseAppLauncherApplicationFooterLink `json:"footer_links"` @@ -9453,8 +9939,8 @@ type AccessApplicationListResponseDeviceEnrollmentPermissionsApplication struct // The background color of the App Launcher page. BgColor string `json:"bg_color"` CreatedAt time.Time `json:"created_at" format:"date-time"` - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain"` // The links in the App Launcher footer. FooterLinks []AccessApplicationListResponseDeviceEnrollmentPermissionsApplicationFooterLink `json:"footer_links"` @@ -9756,8 +10242,8 @@ type AccessApplicationListResponseBrowserIsolationPermissionsApplication struct // The background color of the App Launcher page. BgColor string `json:"bg_color"` CreatedAt time.Time `json:"created_at" format:"date-time"` - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain"` // The links in the App Launcher footer. FooterLinks []AccessApplicationListResponseBrowserIsolationPermissionsApplicationFooterLink `json:"footer_links"` @@ -10611,8 +11097,13 @@ type AccessApplicationGetResponse struct { CustomNonIdentityDenyURL string `json:"custom_non_identity_deny_url"` // This field can have the runtime type of [[]string]. CustomPages interface{} `json:"custom_pages"` - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // This field can have the runtime type of + // [[]AccessApplicationGetResponseSelfHostedApplicationDestination], + // [[]AccessApplicationGetResponseBrowserSSHApplicationDestination], + // [[]AccessApplicationGetResponseBrowserVNCApplicationDestination]. + Destinations interface{} `json:"destinations"` + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. @@ -10703,6 +11194,7 @@ type accessApplicationGetResponseJSON struct { CustomDenyURL apijson.Field CustomNonIdentityDenyURL apijson.Field CustomPages apijson.Field + Destinations apijson.Field Domain apijson.Field EnableBindingCookie apijson.Field FooterLinks apijson.Field @@ -10818,8 +11310,8 @@ func init() { } type AccessApplicationGetResponseSelfHostedApplication struct { - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain,required"` // The application type. Type string `json:"type,required"` @@ -10853,6 +11345,10 @@ type AccessApplicationGetResponseSelfHostedApplication struct { CustomNonIdentityDenyURL string `json:"custom_non_identity_deny_url"` // The custom pages that will be displayed when applicable for this application CustomPages []string `json:"custom_pages"` + // List of destinations secured by Access. This supersedes `self_hosted_domains` to + // allow for more flexibility in defining different types of domains. If + // `destinations` are provided, then `self_hosted_domains` will be ignored. + Destinations []AccessApplicationGetResponseSelfHostedApplicationDestination `json:"destinations"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. EnableBindingCookie bool `json:"enable_binding_cookie"` @@ -10876,7 +11372,9 @@ type AccessApplicationGetResponseSelfHostedApplication struct { // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. SCIMConfig AccessApplicationGetResponseSelfHostedApplicationSCIMConfig `json:"scim_config"` - // List of domains that Access will secure. + // List of public domains that Access will secure. This field is deprecated in + // favor of `destinations` and will be supported until **November 21, 2025.** If + // `destinations` are provided, then `self_hosted_domains` will be ignored. SelfHostedDomains []SelfHostedDomains `json:"self_hosted_domains"` // Returns a 401 status code when the request is blocked by a Service Auth policy. ServiceAuth401Redirect bool `json:"service_auth_401_redirect"` @@ -10910,6 +11408,7 @@ type accessApplicationGetResponseSelfHostedApplicationJSON struct { CustomDenyURL apijson.Field CustomNonIdentityDenyURL apijson.Field CustomPages apijson.Field + Destinations apijson.Field EnableBindingCookie apijson.Field HTTPOnlyCookieAttribute apijson.Field LogoURL apijson.Field @@ -10940,6 +11439,51 @@ func (r accessApplicationGetResponseSelfHostedApplicationJSON) RawJSON() string func (r AccessApplicationGetResponseSelfHostedApplication) implementsZeroTrustAccessApplicationGetResponse() { } +type AccessApplicationGetResponseSelfHostedApplicationDestination struct { + Type AccessApplicationGetResponseSelfHostedApplicationDestinationsType `json:"type"` + // The URI of the destination. Public destinations can include a domain and path + // with + // [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + // Private destinations are an early access feature and gated behind a feature + // flag. Private destinations support private IPv4, IPv6, and Server Name + // Indications (SNI) with optional port ranges. + URI string `json:"uri"` + JSON accessApplicationGetResponseSelfHostedApplicationDestinationJSON `json:"-"` +} + +// accessApplicationGetResponseSelfHostedApplicationDestinationJSON contains the +// JSON metadata for the struct +// [AccessApplicationGetResponseSelfHostedApplicationDestination] +type accessApplicationGetResponseSelfHostedApplicationDestinationJSON struct { + Type apijson.Field + URI apijson.Field + raw string + ExtraFields map[string]apijson.Field +} + +func (r *AccessApplicationGetResponseSelfHostedApplicationDestination) UnmarshalJSON(data []byte) (err error) { + return apijson.UnmarshalRoot(data, r) +} + +func (r accessApplicationGetResponseSelfHostedApplicationDestinationJSON) RawJSON() string { + return r.raw +} + +type AccessApplicationGetResponseSelfHostedApplicationDestinationsType string + +const ( + AccessApplicationGetResponseSelfHostedApplicationDestinationsTypePublic AccessApplicationGetResponseSelfHostedApplicationDestinationsType = "public" + AccessApplicationGetResponseSelfHostedApplicationDestinationsTypePrivate AccessApplicationGetResponseSelfHostedApplicationDestinationsType = "private" +) + +func (r AccessApplicationGetResponseSelfHostedApplicationDestinationsType) IsKnown() bool { + switch r { + case AccessApplicationGetResponseSelfHostedApplicationDestinationsTypePublic, AccessApplicationGetResponseSelfHostedApplicationDestinationsTypePrivate: + return true + } + return false +} + // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. type AccessApplicationGetResponseSelfHostedApplicationSCIMConfig struct { @@ -11485,8 +12029,8 @@ func (r AccessApplicationGetResponseSaaSApplicationSCIMConfigAuthenticationSchem } type AccessApplicationGetResponseBrowserSSHApplication struct { - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain,required"` // The application type. Type string `json:"type,required"` @@ -11520,6 +12064,10 @@ type AccessApplicationGetResponseBrowserSSHApplication struct { CustomNonIdentityDenyURL string `json:"custom_non_identity_deny_url"` // The custom pages that will be displayed when applicable for this application CustomPages []string `json:"custom_pages"` + // List of destinations secured by Access. This supersedes `self_hosted_domains` to + // allow for more flexibility in defining different types of domains. If + // `destinations` are provided, then `self_hosted_domains` will be ignored. + Destinations []AccessApplicationGetResponseBrowserSSHApplicationDestination `json:"destinations"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. EnableBindingCookie bool `json:"enable_binding_cookie"` @@ -11543,7 +12091,9 @@ type AccessApplicationGetResponseBrowserSSHApplication struct { // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. SCIMConfig AccessApplicationGetResponseBrowserSSHApplicationSCIMConfig `json:"scim_config"` - // List of domains that Access will secure. + // List of public domains that Access will secure. This field is deprecated in + // favor of `destinations` and will be supported until **November 21, 2025.** If + // `destinations` are provided, then `self_hosted_domains` will be ignored. SelfHostedDomains []SelfHostedDomains `json:"self_hosted_domains"` // Returns a 401 status code when the request is blocked by a Service Auth policy. ServiceAuth401Redirect bool `json:"service_auth_401_redirect"` @@ -11577,6 +12127,7 @@ type accessApplicationGetResponseBrowserSSHApplicationJSON struct { CustomDenyURL apijson.Field CustomNonIdentityDenyURL apijson.Field CustomPages apijson.Field + Destinations apijson.Field EnableBindingCookie apijson.Field HTTPOnlyCookieAttribute apijson.Field LogoURL apijson.Field @@ -11607,6 +12158,51 @@ func (r accessApplicationGetResponseBrowserSSHApplicationJSON) RawJSON() string func (r AccessApplicationGetResponseBrowserSSHApplication) implementsZeroTrustAccessApplicationGetResponse() { } +type AccessApplicationGetResponseBrowserSSHApplicationDestination struct { + Type AccessApplicationGetResponseBrowserSSHApplicationDestinationsType `json:"type"` + // The URI of the destination. Public destinations can include a domain and path + // with + // [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + // Private destinations are an early access feature and gated behind a feature + // flag. Private destinations support private IPv4, IPv6, and Server Name + // Indications (SNI) with optional port ranges. + URI string `json:"uri"` + JSON accessApplicationGetResponseBrowserSSHApplicationDestinationJSON `json:"-"` +} + +// accessApplicationGetResponseBrowserSSHApplicationDestinationJSON contains the +// JSON metadata for the struct +// [AccessApplicationGetResponseBrowserSSHApplicationDestination] +type accessApplicationGetResponseBrowserSSHApplicationDestinationJSON struct { + Type apijson.Field + URI apijson.Field + raw string + ExtraFields map[string]apijson.Field +} + +func (r *AccessApplicationGetResponseBrowserSSHApplicationDestination) UnmarshalJSON(data []byte) (err error) { + return apijson.UnmarshalRoot(data, r) +} + +func (r accessApplicationGetResponseBrowserSSHApplicationDestinationJSON) RawJSON() string { + return r.raw +} + +type AccessApplicationGetResponseBrowserSSHApplicationDestinationsType string + +const ( + AccessApplicationGetResponseBrowserSSHApplicationDestinationsTypePublic AccessApplicationGetResponseBrowserSSHApplicationDestinationsType = "public" + AccessApplicationGetResponseBrowserSSHApplicationDestinationsTypePrivate AccessApplicationGetResponseBrowserSSHApplicationDestinationsType = "private" +) + +func (r AccessApplicationGetResponseBrowserSSHApplicationDestinationsType) IsKnown() bool { + switch r { + case AccessApplicationGetResponseBrowserSSHApplicationDestinationsTypePublic, AccessApplicationGetResponseBrowserSSHApplicationDestinationsTypePrivate: + return true + } + return false +} + // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. type AccessApplicationGetResponseBrowserSSHApplicationSCIMConfig struct { @@ -11769,8 +12365,8 @@ func (r AccessApplicationGetResponseBrowserSSHApplicationSCIMConfigAuthenticatio } type AccessApplicationGetResponseBrowserVNCApplication struct { - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain,required"` // The application type. Type string `json:"type,required"` @@ -11804,6 +12400,10 @@ type AccessApplicationGetResponseBrowserVNCApplication struct { CustomNonIdentityDenyURL string `json:"custom_non_identity_deny_url"` // The custom pages that will be displayed when applicable for this application CustomPages []string `json:"custom_pages"` + // List of destinations secured by Access. This supersedes `self_hosted_domains` to + // allow for more flexibility in defining different types of domains. If + // `destinations` are provided, then `self_hosted_domains` will be ignored. + Destinations []AccessApplicationGetResponseBrowserVNCApplicationDestination `json:"destinations"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. EnableBindingCookie bool `json:"enable_binding_cookie"` @@ -11827,7 +12427,9 @@ type AccessApplicationGetResponseBrowserVNCApplication struct { // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. SCIMConfig AccessApplicationGetResponseBrowserVNCApplicationSCIMConfig `json:"scim_config"` - // List of domains that Access will secure. + // List of public domains that Access will secure. This field is deprecated in + // favor of `destinations` and will be supported until **November 21, 2025.** If + // `destinations` are provided, then `self_hosted_domains` will be ignored. SelfHostedDomains []SelfHostedDomains `json:"self_hosted_domains"` // Returns a 401 status code when the request is blocked by a Service Auth policy. ServiceAuth401Redirect bool `json:"service_auth_401_redirect"` @@ -11861,6 +12463,7 @@ type accessApplicationGetResponseBrowserVNCApplicationJSON struct { CustomDenyURL apijson.Field CustomNonIdentityDenyURL apijson.Field CustomPages apijson.Field + Destinations apijson.Field EnableBindingCookie apijson.Field HTTPOnlyCookieAttribute apijson.Field LogoURL apijson.Field @@ -11891,6 +12494,51 @@ func (r accessApplicationGetResponseBrowserVNCApplicationJSON) RawJSON() string func (r AccessApplicationGetResponseBrowserVNCApplication) implementsZeroTrustAccessApplicationGetResponse() { } +type AccessApplicationGetResponseBrowserVNCApplicationDestination struct { + Type AccessApplicationGetResponseBrowserVNCApplicationDestinationsType `json:"type"` + // The URI of the destination. Public destinations can include a domain and path + // with + // [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + // Private destinations are an early access feature and gated behind a feature + // flag. Private destinations support private IPv4, IPv6, and Server Name + // Indications (SNI) with optional port ranges. + URI string `json:"uri"` + JSON accessApplicationGetResponseBrowserVNCApplicationDestinationJSON `json:"-"` +} + +// accessApplicationGetResponseBrowserVNCApplicationDestinationJSON contains the +// JSON metadata for the struct +// [AccessApplicationGetResponseBrowserVNCApplicationDestination] +type accessApplicationGetResponseBrowserVNCApplicationDestinationJSON struct { + Type apijson.Field + URI apijson.Field + raw string + ExtraFields map[string]apijson.Field +} + +func (r *AccessApplicationGetResponseBrowserVNCApplicationDestination) UnmarshalJSON(data []byte) (err error) { + return apijson.UnmarshalRoot(data, r) +} + +func (r accessApplicationGetResponseBrowserVNCApplicationDestinationJSON) RawJSON() string { + return r.raw +} + +type AccessApplicationGetResponseBrowserVNCApplicationDestinationsType string + +const ( + AccessApplicationGetResponseBrowserVNCApplicationDestinationsTypePublic AccessApplicationGetResponseBrowserVNCApplicationDestinationsType = "public" + AccessApplicationGetResponseBrowserVNCApplicationDestinationsTypePrivate AccessApplicationGetResponseBrowserVNCApplicationDestinationsType = "private" +) + +func (r AccessApplicationGetResponseBrowserVNCApplicationDestinationsType) IsKnown() bool { + switch r { + case AccessApplicationGetResponseBrowserVNCApplicationDestinationsTypePublic, AccessApplicationGetResponseBrowserVNCApplicationDestinationsTypePrivate: + return true + } + return false +} + // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. type AccessApplicationGetResponseBrowserVNCApplicationSCIMConfig struct { @@ -12070,8 +12718,8 @@ type AccessApplicationGetResponseAppLauncherApplication struct { // The background color of the App Launcher page. BgColor string `json:"bg_color"` CreatedAt time.Time `json:"created_at" format:"date-time"` - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain"` // The links in the App Launcher footer. FooterLinks []AccessApplicationGetResponseAppLauncherApplicationFooterLink `json:"footer_links"` @@ -12372,8 +13020,8 @@ type AccessApplicationGetResponseDeviceEnrollmentPermissionsApplication struct { // The background color of the App Launcher page. BgColor string `json:"bg_color"` CreatedAt time.Time `json:"created_at" format:"date-time"` - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain"` // The links in the App Launcher footer. FooterLinks []AccessApplicationGetResponseDeviceEnrollmentPermissionsApplicationFooterLink `json:"footer_links"` @@ -12675,8 +13323,8 @@ type AccessApplicationGetResponseBrowserIsolationPermissionsApplication struct { // The background color of the App Launcher page. BgColor string `json:"bg_color"` CreatedAt time.Time `json:"created_at" format:"date-time"` - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain string `json:"domain"` // The links in the App Launcher footer. FooterLinks []AccessApplicationGetResponseBrowserIsolationPermissionsApplicationFooterLink `json:"footer_links"` @@ -13515,8 +14163,9 @@ type AccessApplicationNewParamsBody struct { // application when failing non-identity rules. CustomNonIdentityDenyURL param.Field[string] `json:"custom_non_identity_deny_url"` CustomPages param.Field[interface{}] `json:"custom_pages"` - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + Destinations param.Field[interface{}] `json:"destinations"` + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain param.Field[string] `json:"domain"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. @@ -13582,8 +14231,8 @@ type AccessApplicationNewParamsBodyUnion interface { } type AccessApplicationNewParamsBodySelfHostedApplication struct { - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain param.Field[string] `json:"domain,required"` // The application type. Type param.Field[string] `json:"type,required"` @@ -13612,6 +14261,10 @@ type AccessApplicationNewParamsBodySelfHostedApplication struct { CustomNonIdentityDenyURL param.Field[string] `json:"custom_non_identity_deny_url"` // The custom pages that will be displayed when applicable for this application CustomPages param.Field[[]string] `json:"custom_pages"` + // List of destinations secured by Access. This supersedes `self_hosted_domains` to + // allow for more flexibility in defining different types of domains. If + // `destinations` are provided, then `self_hosted_domains` will be ignored. + Destinations param.Field[[]AccessApplicationNewParamsBodySelfHostedApplicationDestination] `json:"destinations"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. EnableBindingCookie param.Field[bool] `json:"enable_binding_cookie"` @@ -13638,7 +14291,9 @@ type AccessApplicationNewParamsBodySelfHostedApplication struct { // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. SCIMConfig param.Field[AccessApplicationNewParamsBodySelfHostedApplicationSCIMConfig] `json:"scim_config"` - // List of domains that Access will secure. + // List of public domains that Access will secure. This field is deprecated in + // favor of `destinations` and will be supported until **November 21, 2025.** If + // `destinations` are provided, then `self_hosted_domains` will be ignored. SelfHostedDomains param.Field[[]SelfHostedDomainsParam] `json:"self_hosted_domains"` // Returns a 401 status code when the request is blocked by a Service Auth policy. ServiceAuth401Redirect param.Field[bool] `json:"service_auth_401_redirect"` @@ -13660,6 +14315,36 @@ func (r AccessApplicationNewParamsBodySelfHostedApplication) MarshalJSON() (data func (r AccessApplicationNewParamsBodySelfHostedApplication) implementsZeroTrustAccessApplicationNewParamsBodyUnion() { } +type AccessApplicationNewParamsBodySelfHostedApplicationDestination struct { + Type param.Field[AccessApplicationNewParamsBodySelfHostedApplicationDestinationsType] `json:"type"` + // The URI of the destination. Public destinations can include a domain and path + // with + // [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + // Private destinations are an early access feature and gated behind a feature + // flag. Private destinations support private IPv4, IPv6, and Server Name + // Indications (SNI) with optional port ranges. + URI param.Field[string] `json:"uri"` +} + +func (r AccessApplicationNewParamsBodySelfHostedApplicationDestination) MarshalJSON() (data []byte, err error) { + return apijson.MarshalRoot(r) +} + +type AccessApplicationNewParamsBodySelfHostedApplicationDestinationsType string + +const ( + AccessApplicationNewParamsBodySelfHostedApplicationDestinationsTypePublic AccessApplicationNewParamsBodySelfHostedApplicationDestinationsType = "public" + AccessApplicationNewParamsBodySelfHostedApplicationDestinationsTypePrivate AccessApplicationNewParamsBodySelfHostedApplicationDestinationsType = "private" +) + +func (r AccessApplicationNewParamsBodySelfHostedApplicationDestinationsType) IsKnown() bool { + switch r { + case AccessApplicationNewParamsBodySelfHostedApplicationDestinationsTypePublic, AccessApplicationNewParamsBodySelfHostedApplicationDestinationsTypePrivate: + return true + } + return false +} + // A JSON that links a reusable policy to an application. type AccessApplicationNewParamsBodySelfHostedApplicationPolicy struct { // The UUID of the policy @@ -14136,8 +14821,8 @@ func (r AccessApplicationNewParamsBodySaaSApplicationSCIMConfigAuthenticationSch } type AccessApplicationNewParamsBodyBrowserSSHApplication struct { - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain param.Field[string] `json:"domain,required"` // The application type. Type param.Field[string] `json:"type,required"` @@ -14166,6 +14851,10 @@ type AccessApplicationNewParamsBodyBrowserSSHApplication struct { CustomNonIdentityDenyURL param.Field[string] `json:"custom_non_identity_deny_url"` // The custom pages that will be displayed when applicable for this application CustomPages param.Field[[]string] `json:"custom_pages"` + // List of destinations secured by Access. This supersedes `self_hosted_domains` to + // allow for more flexibility in defining different types of domains. If + // `destinations` are provided, then `self_hosted_domains` will be ignored. + Destinations param.Field[[]AccessApplicationNewParamsBodyBrowserSSHApplicationDestination] `json:"destinations"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. EnableBindingCookie param.Field[bool] `json:"enable_binding_cookie"` @@ -14192,7 +14881,9 @@ type AccessApplicationNewParamsBodyBrowserSSHApplication struct { // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. SCIMConfig param.Field[AccessApplicationNewParamsBodyBrowserSSHApplicationSCIMConfig] `json:"scim_config"` - // List of domains that Access will secure. + // List of public domains that Access will secure. This field is deprecated in + // favor of `destinations` and will be supported until **November 21, 2025.** If + // `destinations` are provided, then `self_hosted_domains` will be ignored. SelfHostedDomains param.Field[[]SelfHostedDomainsParam] `json:"self_hosted_domains"` // Returns a 401 status code when the request is blocked by a Service Auth policy. ServiceAuth401Redirect param.Field[bool] `json:"service_auth_401_redirect"` @@ -14214,6 +14905,36 @@ func (r AccessApplicationNewParamsBodyBrowserSSHApplication) MarshalJSON() (data func (r AccessApplicationNewParamsBodyBrowserSSHApplication) implementsZeroTrustAccessApplicationNewParamsBodyUnion() { } +type AccessApplicationNewParamsBodyBrowserSSHApplicationDestination struct { + Type param.Field[AccessApplicationNewParamsBodyBrowserSSHApplicationDestinationsType] `json:"type"` + // The URI of the destination. Public destinations can include a domain and path + // with + // [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + // Private destinations are an early access feature and gated behind a feature + // flag. Private destinations support private IPv4, IPv6, and Server Name + // Indications (SNI) with optional port ranges. + URI param.Field[string] `json:"uri"` +} + +func (r AccessApplicationNewParamsBodyBrowserSSHApplicationDestination) MarshalJSON() (data []byte, err error) { + return apijson.MarshalRoot(r) +} + +type AccessApplicationNewParamsBodyBrowserSSHApplicationDestinationsType string + +const ( + AccessApplicationNewParamsBodyBrowserSSHApplicationDestinationsTypePublic AccessApplicationNewParamsBodyBrowserSSHApplicationDestinationsType = "public" + AccessApplicationNewParamsBodyBrowserSSHApplicationDestinationsTypePrivate AccessApplicationNewParamsBodyBrowserSSHApplicationDestinationsType = "private" +) + +func (r AccessApplicationNewParamsBodyBrowserSSHApplicationDestinationsType) IsKnown() bool { + switch r { + case AccessApplicationNewParamsBodyBrowserSSHApplicationDestinationsTypePublic, AccessApplicationNewParamsBodyBrowserSSHApplicationDestinationsTypePrivate: + return true + } + return false +} + // A JSON that links a reusable policy to an application. type AccessApplicationNewParamsBodyBrowserSSHApplicationPolicy struct { // The UUID of the policy @@ -14392,8 +15113,8 @@ func (r AccessApplicationNewParamsBodyBrowserSSHApplicationSCIMConfigAuthenticat } type AccessApplicationNewParamsBodyBrowserVNCApplication struct { - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain param.Field[string] `json:"domain,required"` // The application type. Type param.Field[string] `json:"type,required"` @@ -14422,6 +15143,10 @@ type AccessApplicationNewParamsBodyBrowserVNCApplication struct { CustomNonIdentityDenyURL param.Field[string] `json:"custom_non_identity_deny_url"` // The custom pages that will be displayed when applicable for this application CustomPages param.Field[[]string] `json:"custom_pages"` + // List of destinations secured by Access. This supersedes `self_hosted_domains` to + // allow for more flexibility in defining different types of domains. If + // `destinations` are provided, then `self_hosted_domains` will be ignored. + Destinations param.Field[[]AccessApplicationNewParamsBodyBrowserVNCApplicationDestination] `json:"destinations"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. EnableBindingCookie param.Field[bool] `json:"enable_binding_cookie"` @@ -14448,7 +15173,9 @@ type AccessApplicationNewParamsBodyBrowserVNCApplication struct { // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. SCIMConfig param.Field[AccessApplicationNewParamsBodyBrowserVNCApplicationSCIMConfig] `json:"scim_config"` - // List of domains that Access will secure. + // List of public domains that Access will secure. This field is deprecated in + // favor of `destinations` and will be supported until **November 21, 2025.** If + // `destinations` are provided, then `self_hosted_domains` will be ignored. SelfHostedDomains param.Field[[]SelfHostedDomainsParam] `json:"self_hosted_domains"` // Returns a 401 status code when the request is blocked by a Service Auth policy. ServiceAuth401Redirect param.Field[bool] `json:"service_auth_401_redirect"` @@ -14470,6 +15197,36 @@ func (r AccessApplicationNewParamsBodyBrowserVNCApplication) MarshalJSON() (data func (r AccessApplicationNewParamsBodyBrowserVNCApplication) implementsZeroTrustAccessApplicationNewParamsBodyUnion() { } +type AccessApplicationNewParamsBodyBrowserVNCApplicationDestination struct { + Type param.Field[AccessApplicationNewParamsBodyBrowserVNCApplicationDestinationsType] `json:"type"` + // The URI of the destination. Public destinations can include a domain and path + // with + // [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + // Private destinations are an early access feature and gated behind a feature + // flag. Private destinations support private IPv4, IPv6, and Server Name + // Indications (SNI) with optional port ranges. + URI param.Field[string] `json:"uri"` +} + +func (r AccessApplicationNewParamsBodyBrowserVNCApplicationDestination) MarshalJSON() (data []byte, err error) { + return apijson.MarshalRoot(r) +} + +type AccessApplicationNewParamsBodyBrowserVNCApplicationDestinationsType string + +const ( + AccessApplicationNewParamsBodyBrowserVNCApplicationDestinationsTypePublic AccessApplicationNewParamsBodyBrowserVNCApplicationDestinationsType = "public" + AccessApplicationNewParamsBodyBrowserVNCApplicationDestinationsTypePrivate AccessApplicationNewParamsBodyBrowserVNCApplicationDestinationsType = "private" +) + +func (r AccessApplicationNewParamsBodyBrowserVNCApplicationDestinationsType) IsKnown() bool { + switch r { + case AccessApplicationNewParamsBodyBrowserVNCApplicationDestinationsTypePublic, AccessApplicationNewParamsBodyBrowserVNCApplicationDestinationsTypePrivate: + return true + } + return false +} + // A JSON that links a reusable policy to an application. type AccessApplicationNewParamsBodyBrowserVNCApplicationPolicy struct { // The UUID of the policy @@ -15649,8 +16406,9 @@ type AccessApplicationUpdateParamsBody struct { // application when failing non-identity rules. CustomNonIdentityDenyURL param.Field[string] `json:"custom_non_identity_deny_url"` CustomPages param.Field[interface{}] `json:"custom_pages"` - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + Destinations param.Field[interface{}] `json:"destinations"` + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain param.Field[string] `json:"domain"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. @@ -15718,8 +16476,8 @@ type AccessApplicationUpdateParamsBodyUnion interface { } type AccessApplicationUpdateParamsBodySelfHostedApplication struct { - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain param.Field[string] `json:"domain,required"` // The application type. Type param.Field[string] `json:"type,required"` @@ -15748,6 +16506,10 @@ type AccessApplicationUpdateParamsBodySelfHostedApplication struct { CustomNonIdentityDenyURL param.Field[string] `json:"custom_non_identity_deny_url"` // The custom pages that will be displayed when applicable for this application CustomPages param.Field[[]string] `json:"custom_pages"` + // List of destinations secured by Access. This supersedes `self_hosted_domains` to + // allow for more flexibility in defining different types of domains. If + // `destinations` are provided, then `self_hosted_domains` will be ignored. + Destinations param.Field[[]AccessApplicationUpdateParamsBodySelfHostedApplicationDestination] `json:"destinations"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. EnableBindingCookie param.Field[bool] `json:"enable_binding_cookie"` @@ -15774,7 +16536,9 @@ type AccessApplicationUpdateParamsBodySelfHostedApplication struct { // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. SCIMConfig param.Field[AccessApplicationUpdateParamsBodySelfHostedApplicationSCIMConfig] `json:"scim_config"` - // List of domains that Access will secure. + // List of public domains that Access will secure. This field is deprecated in + // favor of `destinations` and will be supported until **November 21, 2025.** If + // `destinations` are provided, then `self_hosted_domains` will be ignored. SelfHostedDomains param.Field[[]SelfHostedDomainsParam] `json:"self_hosted_domains"` // Returns a 401 status code when the request is blocked by a Service Auth policy. ServiceAuth401Redirect param.Field[bool] `json:"service_auth_401_redirect"` @@ -15796,6 +16560,36 @@ func (r AccessApplicationUpdateParamsBodySelfHostedApplication) MarshalJSON() (d func (r AccessApplicationUpdateParamsBodySelfHostedApplication) implementsZeroTrustAccessApplicationUpdateParamsBodyUnion() { } +type AccessApplicationUpdateParamsBodySelfHostedApplicationDestination struct { + Type param.Field[AccessApplicationUpdateParamsBodySelfHostedApplicationDestinationsType] `json:"type"` + // The URI of the destination. Public destinations can include a domain and path + // with + // [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + // Private destinations are an early access feature and gated behind a feature + // flag. Private destinations support private IPv4, IPv6, and Server Name + // Indications (SNI) with optional port ranges. + URI param.Field[string] `json:"uri"` +} + +func (r AccessApplicationUpdateParamsBodySelfHostedApplicationDestination) MarshalJSON() (data []byte, err error) { + return apijson.MarshalRoot(r) +} + +type AccessApplicationUpdateParamsBodySelfHostedApplicationDestinationsType string + +const ( + AccessApplicationUpdateParamsBodySelfHostedApplicationDestinationsTypePublic AccessApplicationUpdateParamsBodySelfHostedApplicationDestinationsType = "public" + AccessApplicationUpdateParamsBodySelfHostedApplicationDestinationsTypePrivate AccessApplicationUpdateParamsBodySelfHostedApplicationDestinationsType = "private" +) + +func (r AccessApplicationUpdateParamsBodySelfHostedApplicationDestinationsType) IsKnown() bool { + switch r { + case AccessApplicationUpdateParamsBodySelfHostedApplicationDestinationsTypePublic, AccessApplicationUpdateParamsBodySelfHostedApplicationDestinationsTypePrivate: + return true + } + return false +} + // A JSON that links a reusable policy to an application. type AccessApplicationUpdateParamsBodySelfHostedApplicationPolicy struct { // The UUID of the policy @@ -16272,8 +17066,8 @@ func (r AccessApplicationUpdateParamsBodySaaSApplicationSCIMConfigAuthentication } type AccessApplicationUpdateParamsBodyBrowserSSHApplication struct { - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain param.Field[string] `json:"domain,required"` // The application type. Type param.Field[string] `json:"type,required"` @@ -16302,6 +17096,10 @@ type AccessApplicationUpdateParamsBodyBrowserSSHApplication struct { CustomNonIdentityDenyURL param.Field[string] `json:"custom_non_identity_deny_url"` // The custom pages that will be displayed when applicable for this application CustomPages param.Field[[]string] `json:"custom_pages"` + // List of destinations secured by Access. This supersedes `self_hosted_domains` to + // allow for more flexibility in defining different types of domains. If + // `destinations` are provided, then `self_hosted_domains` will be ignored. + Destinations param.Field[[]AccessApplicationUpdateParamsBodyBrowserSSHApplicationDestination] `json:"destinations"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. EnableBindingCookie param.Field[bool] `json:"enable_binding_cookie"` @@ -16328,7 +17126,9 @@ type AccessApplicationUpdateParamsBodyBrowserSSHApplication struct { // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. SCIMConfig param.Field[AccessApplicationUpdateParamsBodyBrowserSSHApplicationSCIMConfig] `json:"scim_config"` - // List of domains that Access will secure. + // List of public domains that Access will secure. This field is deprecated in + // favor of `destinations` and will be supported until **November 21, 2025.** If + // `destinations` are provided, then `self_hosted_domains` will be ignored. SelfHostedDomains param.Field[[]SelfHostedDomainsParam] `json:"self_hosted_domains"` // Returns a 401 status code when the request is blocked by a Service Auth policy. ServiceAuth401Redirect param.Field[bool] `json:"service_auth_401_redirect"` @@ -16350,6 +17150,36 @@ func (r AccessApplicationUpdateParamsBodyBrowserSSHApplication) MarshalJSON() (d func (r AccessApplicationUpdateParamsBodyBrowserSSHApplication) implementsZeroTrustAccessApplicationUpdateParamsBodyUnion() { } +type AccessApplicationUpdateParamsBodyBrowserSSHApplicationDestination struct { + Type param.Field[AccessApplicationUpdateParamsBodyBrowserSSHApplicationDestinationsType] `json:"type"` + // The URI of the destination. Public destinations can include a domain and path + // with + // [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + // Private destinations are an early access feature and gated behind a feature + // flag. Private destinations support private IPv4, IPv6, and Server Name + // Indications (SNI) with optional port ranges. + URI param.Field[string] `json:"uri"` +} + +func (r AccessApplicationUpdateParamsBodyBrowserSSHApplicationDestination) MarshalJSON() (data []byte, err error) { + return apijson.MarshalRoot(r) +} + +type AccessApplicationUpdateParamsBodyBrowserSSHApplicationDestinationsType string + +const ( + AccessApplicationUpdateParamsBodyBrowserSSHApplicationDestinationsTypePublic AccessApplicationUpdateParamsBodyBrowserSSHApplicationDestinationsType = "public" + AccessApplicationUpdateParamsBodyBrowserSSHApplicationDestinationsTypePrivate AccessApplicationUpdateParamsBodyBrowserSSHApplicationDestinationsType = "private" +) + +func (r AccessApplicationUpdateParamsBodyBrowserSSHApplicationDestinationsType) IsKnown() bool { + switch r { + case AccessApplicationUpdateParamsBodyBrowserSSHApplicationDestinationsTypePublic, AccessApplicationUpdateParamsBodyBrowserSSHApplicationDestinationsTypePrivate: + return true + } + return false +} + // A JSON that links a reusable policy to an application. type AccessApplicationUpdateParamsBodyBrowserSSHApplicationPolicy struct { // The UUID of the policy @@ -16528,8 +17358,8 @@ func (r AccessApplicationUpdateParamsBodyBrowserSSHApplicationSCIMConfigAuthenti } type AccessApplicationUpdateParamsBodyBrowserVNCApplication struct { - // The primary hostname and path that Access will secure. If the app is visible in - // the App Launcher dashboard, this is the domain that will be displayed. + // The primary hostname and path secured by Access. This domain will be displayed + // if the app is visible in the App Launcher. Domain param.Field[string] `json:"domain,required"` // The application type. Type param.Field[string] `json:"type,required"` @@ -16558,6 +17388,10 @@ type AccessApplicationUpdateParamsBodyBrowserVNCApplication struct { CustomNonIdentityDenyURL param.Field[string] `json:"custom_non_identity_deny_url"` // The custom pages that will be displayed when applicable for this application CustomPages param.Field[[]string] `json:"custom_pages"` + // List of destinations secured by Access. This supersedes `self_hosted_domains` to + // allow for more flexibility in defining different types of domains. If + // `destinations` are provided, then `self_hosted_domains` will be ignored. + Destinations param.Field[[]AccessApplicationUpdateParamsBodyBrowserVNCApplicationDestination] `json:"destinations"` // Enables the binding cookie, which increases security against compromised // authorization tokens and CSRF attacks. EnableBindingCookie param.Field[bool] `json:"enable_binding_cookie"` @@ -16584,7 +17418,9 @@ type AccessApplicationUpdateParamsBodyBrowserVNCApplication struct { // Configuration for provisioning to this application via SCIM. This is currently // in closed beta. SCIMConfig param.Field[AccessApplicationUpdateParamsBodyBrowserVNCApplicationSCIMConfig] `json:"scim_config"` - // List of domains that Access will secure. + // List of public domains that Access will secure. This field is deprecated in + // favor of `destinations` and will be supported until **November 21, 2025.** If + // `destinations` are provided, then `self_hosted_domains` will be ignored. SelfHostedDomains param.Field[[]SelfHostedDomainsParam] `json:"self_hosted_domains"` // Returns a 401 status code when the request is blocked by a Service Auth policy. ServiceAuth401Redirect param.Field[bool] `json:"service_auth_401_redirect"` @@ -16606,6 +17442,36 @@ func (r AccessApplicationUpdateParamsBodyBrowserVNCApplication) MarshalJSON() (d func (r AccessApplicationUpdateParamsBodyBrowserVNCApplication) implementsZeroTrustAccessApplicationUpdateParamsBodyUnion() { } +type AccessApplicationUpdateParamsBodyBrowserVNCApplicationDestination struct { + Type param.Field[AccessApplicationUpdateParamsBodyBrowserVNCApplicationDestinationsType] `json:"type"` + // The URI of the destination. Public destinations can include a domain and path + // with + // [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + // Private destinations are an early access feature and gated behind a feature + // flag. Private destinations support private IPv4, IPv6, and Server Name + // Indications (SNI) with optional port ranges. + URI param.Field[string] `json:"uri"` +} + +func (r AccessApplicationUpdateParamsBodyBrowserVNCApplicationDestination) MarshalJSON() (data []byte, err error) { + return apijson.MarshalRoot(r) +} + +type AccessApplicationUpdateParamsBodyBrowserVNCApplicationDestinationsType string + +const ( + AccessApplicationUpdateParamsBodyBrowserVNCApplicationDestinationsTypePublic AccessApplicationUpdateParamsBodyBrowserVNCApplicationDestinationsType = "public" + AccessApplicationUpdateParamsBodyBrowserVNCApplicationDestinationsTypePrivate AccessApplicationUpdateParamsBodyBrowserVNCApplicationDestinationsType = "private" +) + +func (r AccessApplicationUpdateParamsBodyBrowserVNCApplicationDestinationsType) IsKnown() bool { + switch r { + case AccessApplicationUpdateParamsBodyBrowserVNCApplicationDestinationsTypePublic, AccessApplicationUpdateParamsBodyBrowserVNCApplicationDestinationsTypePrivate: + return true + } + return false +} + // A JSON that links a reusable policy to an application. type AccessApplicationUpdateParamsBodyBrowserVNCApplicationPolicy struct { // The UUID of the policy diff --git a/zero_trust/accessapplication_test.go b/zero_trust/accessapplication_test.go index f8dc145ea6d..41c42c7115a 100644 --- a/zero_trust/accessapplication_test.go +++ b/zero_trust/accessapplication_test.go @@ -50,12 +50,28 @@ func TestAccessApplicationNewWithOptionalParams(t *testing.T) { CustomDenyURL: cloudflare.F("custom_deny_url"), CustomNonIdentityDenyURL: cloudflare.F("custom_non_identity_deny_url"), CustomPages: cloudflare.F([]string{"699d98642c564d2e855e9661899b7252"}), - EnableBindingCookie: cloudflare.F(true), - HTTPOnlyCookieAttribute: cloudflare.F(true), - LogoURL: cloudflare.F("https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg"), - Name: cloudflare.F("Admin Site"), - OptionsPreflightBypass: cloudflare.F(true), - PathCookieAttribute: cloudflare.F(true), + Destinations: cloudflare.F([]zero_trust.AccessApplicationNewParamsBodySelfHostedApplicationDestination{{ + Type: cloudflare.F(zero_trust.AccessApplicationNewParamsBodySelfHostedApplicationDestinationsTypePublic), + URI: cloudflare.F("test.example.com/admin"), + }, { + Type: cloudflare.F(zero_trust.AccessApplicationNewParamsBodySelfHostedApplicationDestinationsTypePublic), + URI: cloudflare.F("test.anotherexample.com/staff"), + }, { + Type: cloudflare.F(zero_trust.AccessApplicationNewParamsBodySelfHostedApplicationDestinationsTypePublic), + URI: cloudflare.F("10.5.0.2"), + }, { + Type: cloudflare.F(zero_trust.AccessApplicationNewParamsBodySelfHostedApplicationDestinationsTypePublic), + URI: cloudflare.F("10.5.0.3/32:1234-4321"), + }, { + Type: cloudflare.F(zero_trust.AccessApplicationNewParamsBodySelfHostedApplicationDestinationsTypePublic), + URI: cloudflare.F("private-sni.example.com"), + }}), + EnableBindingCookie: cloudflare.F(true), + HTTPOnlyCookieAttribute: cloudflare.F(true), + LogoURL: cloudflare.F("https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg"), + Name: cloudflare.F("Admin Site"), + OptionsPreflightBypass: cloudflare.F(true), + PathCookieAttribute: cloudflare.F(true), Policies: cloudflare.F([]zero_trust.AccessApplicationNewParamsBodySelfHostedApplicationPolicyUnion{zero_trust.AccessApplicationNewParamsBodySelfHostedApplicationPoliciesAccessAppPolicyLink{ ID: cloudflare.F("f174e90a-fafe-4643-bbbc-4a0ed4fc8415"), Precedence: cloudflare.F(int64(0)), @@ -140,12 +156,28 @@ func TestAccessApplicationUpdateWithOptionalParams(t *testing.T) { CustomDenyURL: cloudflare.F("custom_deny_url"), CustomNonIdentityDenyURL: cloudflare.F("custom_non_identity_deny_url"), CustomPages: cloudflare.F([]string{"699d98642c564d2e855e9661899b7252"}), - EnableBindingCookie: cloudflare.F(true), - HTTPOnlyCookieAttribute: cloudflare.F(true), - LogoURL: cloudflare.F("https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg"), - Name: cloudflare.F("Admin Site"), - OptionsPreflightBypass: cloudflare.F(true), - PathCookieAttribute: cloudflare.F(true), + Destinations: cloudflare.F([]zero_trust.AccessApplicationUpdateParamsBodySelfHostedApplicationDestination{{ + Type: cloudflare.F(zero_trust.AccessApplicationUpdateParamsBodySelfHostedApplicationDestinationsTypePublic), + URI: cloudflare.F("test.example.com/admin"), + }, { + Type: cloudflare.F(zero_trust.AccessApplicationUpdateParamsBodySelfHostedApplicationDestinationsTypePublic), + URI: cloudflare.F("test.anotherexample.com/staff"), + }, { + Type: cloudflare.F(zero_trust.AccessApplicationUpdateParamsBodySelfHostedApplicationDestinationsTypePublic), + URI: cloudflare.F("10.5.0.2"), + }, { + Type: cloudflare.F(zero_trust.AccessApplicationUpdateParamsBodySelfHostedApplicationDestinationsTypePublic), + URI: cloudflare.F("10.5.0.3/32:1234-4321"), + }, { + Type: cloudflare.F(zero_trust.AccessApplicationUpdateParamsBodySelfHostedApplicationDestinationsTypePublic), + URI: cloudflare.F("private-sni.example.com"), + }}), + EnableBindingCookie: cloudflare.F(true), + HTTPOnlyCookieAttribute: cloudflare.F(true), + LogoURL: cloudflare.F("https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg"), + Name: cloudflare.F("Admin Site"), + OptionsPreflightBypass: cloudflare.F(true), + PathCookieAttribute: cloudflare.F(true), Policies: cloudflare.F([]zero_trust.AccessApplicationUpdateParamsBodySelfHostedApplicationPolicyUnion{zero_trust.AccessApplicationUpdateParamsBodySelfHostedApplicationPoliciesAccessAppPolicyLink{ ID: cloudflare.F("f174e90a-fafe-4643-bbbc-4a0ed4fc8415"), Precedence: cloudflare.F(int64(0)), diff --git a/zero_trust/organization.go b/zero_trust/organization.go index 99d637081c0..df3f5653b45 100644 --- a/zero_trust/organization.go +++ b/zero_trust/organization.go @@ -7,9 +7,11 @@ import ( "errors" "fmt" "net/http" + "net/url" "time" "github.com/cloudflare/cloudflare-go/v3/internal/apijson" + "github.com/cloudflare/cloudflare-go/v3/internal/apiquery" "github.com/cloudflare/cloudflare-go/v3/internal/param" "github.com/cloudflare/cloudflare-go/v3/internal/requestconfig" "github.com/cloudflare/cloudflare-go/v3/option" @@ -551,12 +553,31 @@ type OrganizationRevokeUsersParams struct { AccountID param.Field[string] `path:"account_id"` // The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ZoneID param.Field[string] `path:"zone_id"` + // When set to `true`, all devices associated with the user will be revoked. + QueryDevices param.Field[bool] `query:"devices"` + // When set to `true`, all devices associated with the user will be revoked. + BodyDevices param.Field[bool] `json:"devices"` + // The uuid of the user to revoke. + UserUID param.Field[string] `json:"user_uid"` + // When set to `true`, the user will be required to re-authenticate to WARP for all + // Gateway policies that enforce a WARP client session duration. When `false`, the + // user’s WARP session will remain active + WARPSessionReauth param.Field[bool] `json:"warp_session_reauth"` } func (r OrganizationRevokeUsersParams) MarshalJSON() (data []byte, err error) { return apijson.MarshalRoot(r) } +// URLQuery serializes [OrganizationRevokeUsersParams]'s query parameters as +// `url.Values`. +func (r OrganizationRevokeUsersParams) URLQuery() (v url.Values) { + return apiquery.MarshalWithSettings(r, apiquery.QuerySettings{ + ArrayFormat: apiquery.ArrayQueryFormatRepeat, + NestedFormat: apiquery.NestedQueryFormatDots, + }) +} + type OrganizationRevokeUsersResponseEnvelope struct { Result OrganizationRevokeUsersResponse `json:"result"` Success OrganizationRevokeUsersResponseEnvelopeSuccess `json:"success"` diff --git a/zero_trust/organization_test.go b/zero_trust/organization_test.go index 47f11cf5f8e..8eaf72ca89d 100644 --- a/zero_trust/organization_test.go +++ b/zero_trust/organization_test.go @@ -143,8 +143,12 @@ func TestOrganizationRevokeUsersWithOptionalParams(t *testing.T) { option.WithAPIEmail("user@example.com"), ) _, err := client.ZeroTrust.Organizations.RevokeUsers(context.TODO(), zero_trust.OrganizationRevokeUsersParams{ - Email: cloudflare.F("test@example.com"), - AccountID: cloudflare.F("account_id"), + Email: cloudflare.F("test@example.com"), + AccountID: cloudflare.F("account_id"), + QueryDevices: cloudflare.F(true), + BodyDevices: cloudflare.F(true), + UserUID: cloudflare.F("699d98642c564d2e855e9661899b7252"), + WARPSessionReauth: cloudflare.F(true), }) if err != nil { var apierr *cloudflare.Error