diff --git a/.stats.yml b/.stats.yml index f9cbe4dafab..3c8d3b82f1c 100644 --- a/.stats.yml +++ b/.stats.yml @@ -1,2 +1,2 @@ configured_endpoints: 1610 -openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-91d71a629cc30d744baf4c6a66cdb1e555771ed0db80e1b087382ac18cf74320.yml +openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-c67ca5f54093e3d909783554271864f85662d971a37d24f98ac81f68db5c79fc.yml diff --git a/src/cloudflare/resources/zero_trust/access/applications/applications.py b/src/cloudflare/resources/zero_trust/access/applications/applications.py index 87e15f52e56..cdb7ee1177f 100644 --- a/src/cloudflare/resources/zero_trust/access/applications/applications.py +++ b/src/cloudflare/resources/zero_trust/access/applications/applications.py @@ -894,6 +894,138 @@ def create( """ ... + @overload + def create( + self, + *, + domain: str, + target_criteria: Iterable[application_create_params.BrowserRdpApplicationTargetCriterion], + type: str, + account_id: str | NotGiven = NOT_GIVEN, + zone_id: str | NotGiven = NOT_GIVEN, + allow_authenticate_via_warp: bool | NotGiven = NOT_GIVEN, + allowed_idps: List[AllowedIdPs] | NotGiven = NOT_GIVEN, + app_launcher_visible: bool | NotGiven = NOT_GIVEN, + auto_redirect_to_identity: bool | NotGiven = NOT_GIVEN, + cors_headers: CORSHeadersParam | NotGiven = NOT_GIVEN, + custom_deny_message: str | NotGiven = NOT_GIVEN, + custom_deny_url: str | NotGiven = NOT_GIVEN, + custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, + custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_create_params.BrowserRdpApplicationDestination] | NotGiven = NOT_GIVEN, + enable_binding_cookie: bool | NotGiven = NOT_GIVEN, + http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, + logo_url: str | NotGiven = NOT_GIVEN, + name: str | NotGiven = NOT_GIVEN, + options_preflight_bypass: bool | NotGiven = NOT_GIVEN, + path_cookie_attribute: bool | NotGiven = NOT_GIVEN, + policies: List[application_create_params.BrowserRdpApplicationPolicy] | NotGiven = NOT_GIVEN, + same_site_cookie_attribute: str | NotGiven = NOT_GIVEN, + scim_config: application_create_params.BrowserRdpApplicationSCIMConfig | NotGiven = NOT_GIVEN, + self_hosted_domains: List[SelfHostedDomains] | NotGiven = NOT_GIVEN, + service_auth_401_redirect: bool | NotGiven = NOT_GIVEN, + session_duration: str | NotGiven = NOT_GIVEN, + skip_interstitial: bool | NotGiven = NOT_GIVEN, + tags: List[str] | NotGiven = NOT_GIVEN, + # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs. + # The extra values given here take precedence over values defined on the client or passed to this method. + extra_headers: Headers | None = None, + extra_query: Query | None = None, + extra_body: Body | None = None, + timeout: float | httpx.Timeout | None | NotGiven = NOT_GIVEN, + ) -> Optional[ApplicationCreateResponse]: + """ + Adds a new application to Access. + + Args: + domain: The primary hostname and path secured by Access. This domain will be displayed + if the app is visible in the App Launcher. + + type: The application type. + + account_id: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. + + zone_id: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. + + allow_authenticate_via_warp: When set to true, users can authenticate to this application using their WARP + session. When set to false this application will always require direct IdP + authentication. This setting always overrides the organization setting for WARP + authentication. + + allowed_idps: The identity providers your users can select when connecting to this + application. Defaults to all IdPs configured in your account. + + app_launcher_visible: Displays the application in the App Launcher. + + auto_redirect_to_identity: When set to `true`, users skip the identity provider selection step during + login. You must specify only one identity provider in allowed_idps. + + custom_deny_message: The custom error message shown to a user when they are denied access to the + application. + + custom_deny_url: The custom URL a user is redirected to when they are denied access to the + application when failing identity-based rules. + + custom_non_identity_deny_url: The custom URL a user is redirected to when they are denied access to the + application when failing non-identity rules. + + custom_pages: The custom pages that will be displayed when applicable for this application + + destinations: List of destinations secured by Access. This supersedes `self_hosted_domains` to + allow for more flexibility in defining different types of domains. If + `destinations` are provided, then `self_hosted_domains` will be ignored. + + enable_binding_cookie: Enables the binding cookie, which increases security against compromised + authorization tokens and CSRF attacks. + + http_only_cookie_attribute: Enables the HttpOnly cookie attribute, which increases security against XSS + attacks. + + logo_url: The image URL for the logo shown in the App Launcher dashboard. + + name: The name of the application. + + options_preflight_bypass: Allows options preflight requests to bypass Access authentication and go + directly to the origin. Cannot turn on if cors_headers is set. + + path_cookie_attribute: Enables cookie paths to scope an application's JWT to the application path. If + disabled, the JWT will scope to the hostname by default + + policies: The policies that Access applies to the application, in ascending order of + precedence. Items can reference existing policies or create new policies + exclusive to the application. + + same_site_cookie_attribute: Sets the SameSite cookie setting, which provides increased security against CSRF + attacks. + + scim_config: Configuration for provisioning to this application via SCIM. This is currently + in closed beta. + + self_hosted_domains: List of public domains that Access will secure. This field is deprecated in + favor of `destinations` and will be supported until **November 21, 2025.** If + `destinations` are provided, then `self_hosted_domains` will be ignored. + + service_auth_401_redirect: Returns a 401 status code when the request is blocked by a Service Auth policy. + + session_duration: The amount of time that tokens issued for this application will be valid. Must + be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, + s, m, h. + + skip_interstitial: Enables automatic authentication through cloudflared. + + tags: The tags you want assigned to an application. Tags are used to filter + applications in the App Launcher dashboard. + + extra_headers: Send extra headers + + extra_query: Add additional query parameters to the request + + extra_body: Add additional JSON properties to the request + + timeout: Override the client-level default timeout for this request, in seconds + """ + ... + def create( self, *, @@ -1820,6 +1952,141 @@ def update( """ ... + @overload + def update( + self, + app_id: AppID, + *, + domain: str, + target_criteria: Iterable[application_update_params.BrowserRdpApplicationTargetCriterion], + type: str, + account_id: str | NotGiven = NOT_GIVEN, + zone_id: str | NotGiven = NOT_GIVEN, + allow_authenticate_via_warp: bool | NotGiven = NOT_GIVEN, + allowed_idps: List[AllowedIdPs] | NotGiven = NOT_GIVEN, + app_launcher_visible: bool | NotGiven = NOT_GIVEN, + auto_redirect_to_identity: bool | NotGiven = NOT_GIVEN, + cors_headers: CORSHeadersParam | NotGiven = NOT_GIVEN, + custom_deny_message: str | NotGiven = NOT_GIVEN, + custom_deny_url: str | NotGiven = NOT_GIVEN, + custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, + custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_update_params.BrowserRdpApplicationDestination] | NotGiven = NOT_GIVEN, + enable_binding_cookie: bool | NotGiven = NOT_GIVEN, + http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, + logo_url: str | NotGiven = NOT_GIVEN, + name: str | NotGiven = NOT_GIVEN, + options_preflight_bypass: bool | NotGiven = NOT_GIVEN, + path_cookie_attribute: bool | NotGiven = NOT_GIVEN, + policies: List[application_update_params.BrowserRdpApplicationPolicy] | NotGiven = NOT_GIVEN, + same_site_cookie_attribute: str | NotGiven = NOT_GIVEN, + scim_config: application_update_params.BrowserRdpApplicationSCIMConfig | NotGiven = NOT_GIVEN, + self_hosted_domains: List[SelfHostedDomains] | NotGiven = NOT_GIVEN, + service_auth_401_redirect: bool | NotGiven = NOT_GIVEN, + session_duration: str | NotGiven = NOT_GIVEN, + skip_interstitial: bool | NotGiven = NOT_GIVEN, + tags: List[str] | NotGiven = NOT_GIVEN, + # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs. + # The extra values given here take precedence over values defined on the client or passed to this method. + extra_headers: Headers | None = None, + extra_query: Query | None = None, + extra_body: Body | None = None, + timeout: float | httpx.Timeout | None | NotGiven = NOT_GIVEN, + ) -> Optional[ApplicationUpdateResponse]: + """ + Updates an Access application. + + Args: + app_id: Identifier + + domain: The primary hostname and path secured by Access. This domain will be displayed + if the app is visible in the App Launcher. + + type: The application type. + + account_id: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. + + zone_id: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. + + allow_authenticate_via_warp: When set to true, users can authenticate to this application using their WARP + session. When set to false this application will always require direct IdP + authentication. This setting always overrides the organization setting for WARP + authentication. + + allowed_idps: The identity providers your users can select when connecting to this + application. Defaults to all IdPs configured in your account. + + app_launcher_visible: Displays the application in the App Launcher. + + auto_redirect_to_identity: When set to `true`, users skip the identity provider selection step during + login. You must specify only one identity provider in allowed_idps. + + custom_deny_message: The custom error message shown to a user when they are denied access to the + application. + + custom_deny_url: The custom URL a user is redirected to when they are denied access to the + application when failing identity-based rules. + + custom_non_identity_deny_url: The custom URL a user is redirected to when they are denied access to the + application when failing non-identity rules. + + custom_pages: The custom pages that will be displayed when applicable for this application + + destinations: List of destinations secured by Access. This supersedes `self_hosted_domains` to + allow for more flexibility in defining different types of domains. If + `destinations` are provided, then `self_hosted_domains` will be ignored. + + enable_binding_cookie: Enables the binding cookie, which increases security against compromised + authorization tokens and CSRF attacks. + + http_only_cookie_attribute: Enables the HttpOnly cookie attribute, which increases security against XSS + attacks. + + logo_url: The image URL for the logo shown in the App Launcher dashboard. + + name: The name of the application. + + options_preflight_bypass: Allows options preflight requests to bypass Access authentication and go + directly to the origin. Cannot turn on if cors_headers is set. + + path_cookie_attribute: Enables cookie paths to scope an application's JWT to the application path. If + disabled, the JWT will scope to the hostname by default + + policies: The policies that Access applies to the application, in ascending order of + precedence. Items can reference existing policies or create new policies + exclusive to the application. + + same_site_cookie_attribute: Sets the SameSite cookie setting, which provides increased security against CSRF + attacks. + + scim_config: Configuration for provisioning to this application via SCIM. This is currently + in closed beta. + + self_hosted_domains: List of public domains that Access will secure. This field is deprecated in + favor of `destinations` and will be supported until **November 21, 2025.** If + `destinations` are provided, then `self_hosted_domains` will be ignored. + + service_auth_401_redirect: Returns a 401 status code when the request is blocked by a Service Auth policy. + + session_duration: The amount of time that tokens issued for this application will be valid. Must + be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, + s, m, h. + + skip_interstitial: Enables automatic authentication through cloudflared. + + tags: The tags you want assigned to an application. Tags are used to filter + applications in the App Launcher dashboard. + + extra_headers: Send extra headers + + extra_query: Add additional query parameters to the request + + extra_body: Add additional JSON properties to the request + + timeout: Override the client-level default timeout for this request, in seconds + """ + ... + def update( self, app_id: AppID, @@ -2901,7 +3168,61 @@ async def create( be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m, h. - skip_app_launcher_login_page: Determines when to skip the App Launcher landing page. + skip_app_launcher_login_page: Determines when to skip the App Launcher landing page. + + extra_headers: Send extra headers + + extra_query: Add additional query parameters to the request + + extra_body: Add additional JSON properties to the request + + timeout: Override the client-level default timeout for this request, in seconds + """ + ... + + @overload + async def create( + self, + *, + account_id: str | NotGiven = NOT_GIVEN, + zone_id: str | NotGiven = NOT_GIVEN, + app_launcher_visible: bool | NotGiven = NOT_GIVEN, + domain: str | NotGiven = NOT_GIVEN, + logo_url: str | NotGiven = NOT_GIVEN, + name: str | NotGiven = NOT_GIVEN, + scim_config: application_create_params.BookmarkApplicationSCIMConfig | NotGiven = NOT_GIVEN, + tags: List[str] | NotGiven = NOT_GIVEN, + type: str | NotGiven = NOT_GIVEN, + # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs. + # The extra values given here take precedence over values defined on the client or passed to this method. + extra_headers: Headers | None = None, + extra_query: Query | None = None, + extra_body: Body | None = None, + timeout: float | httpx.Timeout | None | NotGiven = NOT_GIVEN, + ) -> Optional[ApplicationCreateResponse]: + """ + Adds a new application to Access. + + Args: + account_id: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. + + zone_id: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. + + app_launcher_visible: Displays the application in the App Launcher. + + domain: The URL or domain of the bookmark. + + logo_url: The image URL for the logo shown in the App Launcher dashboard. + + name: The name of the application. + + scim_config: Configuration for provisioning to this application via SCIM. This is currently + in closed beta. + + tags: The tags you want assigned to an application. Tags are used to filter + applications in the App Launcher dashboard. + + type: The application type. extra_headers: Send extra headers @@ -2917,15 +3238,12 @@ async def create( async def create( self, *, + target_criteria: Iterable[application_create_params.InfrastructureApplicationTargetCriterion], + type: ApplicationType, account_id: str | NotGiven = NOT_GIVEN, zone_id: str | NotGiven = NOT_GIVEN, - app_launcher_visible: bool | NotGiven = NOT_GIVEN, - domain: str | NotGiven = NOT_GIVEN, - logo_url: str | NotGiven = NOT_GIVEN, name: str | NotGiven = NOT_GIVEN, - scim_config: application_create_params.BookmarkApplicationSCIMConfig | NotGiven = NOT_GIVEN, - tags: List[str] | NotGiven = NOT_GIVEN, - type: str | NotGiven = NOT_GIVEN, + policies: Iterable[application_create_params.InfrastructureApplicationPolicy] | NotGiven = NOT_GIVEN, # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs. # The extra values given here take precedence over values defined on the client or passed to this method. extra_headers: Headers | None = None, @@ -2937,25 +3255,15 @@ async def create( Adds a new application to Access. Args: + type: The application type. + account_id: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. zone_id: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - app_launcher_visible: Displays the application in the App Launcher. - - domain: The URL or domain of the bookmark. - - logo_url: The image URL for the logo shown in the App Launcher dashboard. - name: The name of the application. - scim_config: Configuration for provisioning to this application via SCIM. This is currently - in closed beta. - - tags: The tags you want assigned to an application. Tags are used to filter - applications in the App Launcher dashboard. - - type: The application type. + policies: The policies that Access applies to the application. extra_headers: Send extra headers @@ -2971,12 +3279,35 @@ async def create( async def create( self, *, - target_criteria: Iterable[application_create_params.InfrastructureApplicationTargetCriterion], - type: ApplicationType, + domain: str, + target_criteria: Iterable[application_create_params.BrowserRdpApplicationTargetCriterion], + type: str, account_id: str | NotGiven = NOT_GIVEN, zone_id: str | NotGiven = NOT_GIVEN, + allow_authenticate_via_warp: bool | NotGiven = NOT_GIVEN, + allowed_idps: List[AllowedIdPs] | NotGiven = NOT_GIVEN, + app_launcher_visible: bool | NotGiven = NOT_GIVEN, + auto_redirect_to_identity: bool | NotGiven = NOT_GIVEN, + cors_headers: CORSHeadersParam | NotGiven = NOT_GIVEN, + custom_deny_message: str | NotGiven = NOT_GIVEN, + custom_deny_url: str | NotGiven = NOT_GIVEN, + custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, + custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_create_params.BrowserRdpApplicationDestination] | NotGiven = NOT_GIVEN, + enable_binding_cookie: bool | NotGiven = NOT_GIVEN, + http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, + logo_url: str | NotGiven = NOT_GIVEN, name: str | NotGiven = NOT_GIVEN, - policies: Iterable[application_create_params.InfrastructureApplicationPolicy] | NotGiven = NOT_GIVEN, + options_preflight_bypass: bool | NotGiven = NOT_GIVEN, + path_cookie_attribute: bool | NotGiven = NOT_GIVEN, + policies: List[application_create_params.BrowserRdpApplicationPolicy] | NotGiven = NOT_GIVEN, + same_site_cookie_attribute: str | NotGiven = NOT_GIVEN, + scim_config: application_create_params.BrowserRdpApplicationSCIMConfig | NotGiven = NOT_GIVEN, + self_hosted_domains: List[SelfHostedDomains] | NotGiven = NOT_GIVEN, + service_auth_401_redirect: bool | NotGiven = NOT_GIVEN, + session_duration: str | NotGiven = NOT_GIVEN, + skip_interstitial: bool | NotGiven = NOT_GIVEN, + tags: List[str] | NotGiven = NOT_GIVEN, # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs. # The extra values given here take precedence over values defined on the client or passed to this method. extra_headers: Headers | None = None, @@ -2988,15 +3319,83 @@ async def create( Adds a new application to Access. Args: + domain: The primary hostname and path secured by Access. This domain will be displayed + if the app is visible in the App Launcher. + type: The application type. account_id: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. zone_id: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. + allow_authenticate_via_warp: When set to true, users can authenticate to this application using their WARP + session. When set to false this application will always require direct IdP + authentication. This setting always overrides the organization setting for WARP + authentication. + + allowed_idps: The identity providers your users can select when connecting to this + application. Defaults to all IdPs configured in your account. + + app_launcher_visible: Displays the application in the App Launcher. + + auto_redirect_to_identity: When set to `true`, users skip the identity provider selection step during + login. You must specify only one identity provider in allowed_idps. + + custom_deny_message: The custom error message shown to a user when they are denied access to the + application. + + custom_deny_url: The custom URL a user is redirected to when they are denied access to the + application when failing identity-based rules. + + custom_non_identity_deny_url: The custom URL a user is redirected to when they are denied access to the + application when failing non-identity rules. + + custom_pages: The custom pages that will be displayed when applicable for this application + + destinations: List of destinations secured by Access. This supersedes `self_hosted_domains` to + allow for more flexibility in defining different types of domains. If + `destinations` are provided, then `self_hosted_domains` will be ignored. + + enable_binding_cookie: Enables the binding cookie, which increases security against compromised + authorization tokens and CSRF attacks. + + http_only_cookie_attribute: Enables the HttpOnly cookie attribute, which increases security against XSS + attacks. + + logo_url: The image URL for the logo shown in the App Launcher dashboard. + name: The name of the application. - policies: The policies that Access applies to the application. + options_preflight_bypass: Allows options preflight requests to bypass Access authentication and go + directly to the origin. Cannot turn on if cors_headers is set. + + path_cookie_attribute: Enables cookie paths to scope an application's JWT to the application path. If + disabled, the JWT will scope to the hostname by default + + policies: The policies that Access applies to the application, in ascending order of + precedence. Items can reference existing policies or create new policies + exclusive to the application. + + same_site_cookie_attribute: Sets the SameSite cookie setting, which provides increased security against CSRF + attacks. + + scim_config: Configuration for provisioning to this application via SCIM. This is currently + in closed beta. + + self_hosted_domains: List of public domains that Access will secure. This field is deprecated in + favor of `destinations` and will be supported until **November 21, 2025.** If + `destinations` are provided, then `self_hosted_domains` will be ignored. + + service_auth_401_redirect: Returns a 401 status code when the request is blocked by a Service Auth policy. + + session_duration: The amount of time that tokens issued for this application will be valid. Must + be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, + s, m, h. + + skip_interstitial: Enables automatic authentication through cloudflared. + + tags: The tags you want assigned to an application. Tags are used to filter + applications in the App Launcher dashboard. extra_headers: Send extra headers @@ -3934,6 +4333,141 @@ async def update( """ ... + @overload + async def update( + self, + app_id: AppID, + *, + domain: str, + target_criteria: Iterable[application_update_params.BrowserRdpApplicationTargetCriterion], + type: str, + account_id: str | NotGiven = NOT_GIVEN, + zone_id: str | NotGiven = NOT_GIVEN, + allow_authenticate_via_warp: bool | NotGiven = NOT_GIVEN, + allowed_idps: List[AllowedIdPs] | NotGiven = NOT_GIVEN, + app_launcher_visible: bool | NotGiven = NOT_GIVEN, + auto_redirect_to_identity: bool | NotGiven = NOT_GIVEN, + cors_headers: CORSHeadersParam | NotGiven = NOT_GIVEN, + custom_deny_message: str | NotGiven = NOT_GIVEN, + custom_deny_url: str | NotGiven = NOT_GIVEN, + custom_non_identity_deny_url: str | NotGiven = NOT_GIVEN, + custom_pages: List[str] | NotGiven = NOT_GIVEN, + destinations: Iterable[application_update_params.BrowserRdpApplicationDestination] | NotGiven = NOT_GIVEN, + enable_binding_cookie: bool | NotGiven = NOT_GIVEN, + http_only_cookie_attribute: bool | NotGiven = NOT_GIVEN, + logo_url: str | NotGiven = NOT_GIVEN, + name: str | NotGiven = NOT_GIVEN, + options_preflight_bypass: bool | NotGiven = NOT_GIVEN, + path_cookie_attribute: bool | NotGiven = NOT_GIVEN, + policies: List[application_update_params.BrowserRdpApplicationPolicy] | NotGiven = NOT_GIVEN, + same_site_cookie_attribute: str | NotGiven = NOT_GIVEN, + scim_config: application_update_params.BrowserRdpApplicationSCIMConfig | NotGiven = NOT_GIVEN, + self_hosted_domains: List[SelfHostedDomains] | NotGiven = NOT_GIVEN, + service_auth_401_redirect: bool | NotGiven = NOT_GIVEN, + session_duration: str | NotGiven = NOT_GIVEN, + skip_interstitial: bool | NotGiven = NOT_GIVEN, + tags: List[str] | NotGiven = NOT_GIVEN, + # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs. + # The extra values given here take precedence over values defined on the client or passed to this method. + extra_headers: Headers | None = None, + extra_query: Query | None = None, + extra_body: Body | None = None, + timeout: float | httpx.Timeout | None | NotGiven = NOT_GIVEN, + ) -> Optional[ApplicationUpdateResponse]: + """ + Updates an Access application. + + Args: + app_id: Identifier + + domain: The primary hostname and path secured by Access. This domain will be displayed + if the app is visible in the App Launcher. + + type: The application type. + + account_id: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. + + zone_id: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. + + allow_authenticate_via_warp: When set to true, users can authenticate to this application using their WARP + session. When set to false this application will always require direct IdP + authentication. This setting always overrides the organization setting for WARP + authentication. + + allowed_idps: The identity providers your users can select when connecting to this + application. Defaults to all IdPs configured in your account. + + app_launcher_visible: Displays the application in the App Launcher. + + auto_redirect_to_identity: When set to `true`, users skip the identity provider selection step during + login. You must specify only one identity provider in allowed_idps. + + custom_deny_message: The custom error message shown to a user when they are denied access to the + application. + + custom_deny_url: The custom URL a user is redirected to when they are denied access to the + application when failing identity-based rules. + + custom_non_identity_deny_url: The custom URL a user is redirected to when they are denied access to the + application when failing non-identity rules. + + custom_pages: The custom pages that will be displayed when applicable for this application + + destinations: List of destinations secured by Access. This supersedes `self_hosted_domains` to + allow for more flexibility in defining different types of domains. If + `destinations` are provided, then `self_hosted_domains` will be ignored. + + enable_binding_cookie: Enables the binding cookie, which increases security against compromised + authorization tokens and CSRF attacks. + + http_only_cookie_attribute: Enables the HttpOnly cookie attribute, which increases security against XSS + attacks. + + logo_url: The image URL for the logo shown in the App Launcher dashboard. + + name: The name of the application. + + options_preflight_bypass: Allows options preflight requests to bypass Access authentication and go + directly to the origin. Cannot turn on if cors_headers is set. + + path_cookie_attribute: Enables cookie paths to scope an application's JWT to the application path. If + disabled, the JWT will scope to the hostname by default + + policies: The policies that Access applies to the application, in ascending order of + precedence. Items can reference existing policies or create new policies + exclusive to the application. + + same_site_cookie_attribute: Sets the SameSite cookie setting, which provides increased security against CSRF + attacks. + + scim_config: Configuration for provisioning to this application via SCIM. This is currently + in closed beta. + + self_hosted_domains: List of public domains that Access will secure. This field is deprecated in + favor of `destinations` and will be supported until **November 21, 2025.** If + `destinations` are provided, then `self_hosted_domains` will be ignored. + + service_auth_401_redirect: Returns a 401 status code when the request is blocked by a Service Auth policy. + + session_duration: The amount of time that tokens issued for this application will be valid. Must + be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, + s, m, h. + + skip_interstitial: Enables automatic authentication through cloudflared. + + tags: The tags you want assigned to an application. Tags are used to filter + applications in the App Launcher dashboard. + + extra_headers: Send extra headers + + extra_query: Add additional query parameters to the request + + extra_body: Add additional JSON properties to the request + + timeout: Override the client-level default timeout for this request, in seconds + """ + ... + async def update( self, app_id: AppID, diff --git a/src/cloudflare/types/zero_trust/access/application_create_params.py b/src/cloudflare/types/zero_trust/access/application_create_params.py index 11bd0181f4d..17bcfb0f965 100644 --- a/src/cloudflare/types/zero_trust/access/application_create_params.py +++ b/src/cloudflare/types/zero_trust/access/application_create_params.py @@ -111,6 +111,19 @@ "InfrastructureApplicationPolicy", "InfrastructureApplicationPolicyConnectionRules", "InfrastructureApplicationPolicyConnectionRulesSSH", + "BrowserRdpApplication", + "BrowserRdpApplicationTargetCriterion", + "BrowserRdpApplicationDestination", + "BrowserRdpApplicationDestinationPublicDestination", + "BrowserRdpApplicationDestinationPrivateDestination", + "BrowserRdpApplicationPolicy", + "BrowserRdpApplicationPolicyAccessAppPolicyLink", + "BrowserRdpApplicationPolicyUnionMember2", + "BrowserRdpApplicationSCIMConfig", + "BrowserRdpApplicationSCIMConfigAuthentication", + "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", + "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication", + "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", ] @@ -2217,6 +2230,355 @@ class InfrastructureApplicationPolicy(TypedDict, total=False): """ +class BrowserRdpApplication(TypedDict, total=False): + domain: Required[str] + """The primary hostname and path secured by Access. + + This domain will be displayed if the app is visible in the App Launcher. + """ + + target_criteria: Required[Iterable[BrowserRdpApplicationTargetCriterion]] + + type: Required[str] + """The application type.""" + + account_id: str + """The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.""" + + zone_id: str + """The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.""" + + allow_authenticate_via_warp: bool + """ + When set to true, users can authenticate to this application using their WARP + session. When set to false this application will always require direct IdP + authentication. This setting always overrides the organization setting for WARP + authentication. + """ + + allowed_idps: List[AllowedIdPs] + """The identity providers your users can select when connecting to this + application. + + Defaults to all IdPs configured in your account. + """ + + app_launcher_visible: bool + """Displays the application in the App Launcher.""" + + auto_redirect_to_identity: bool + """When set to `true`, users skip the identity provider selection step during + login. + + You must specify only one identity provider in allowed_idps. + """ + + cors_headers: CORSHeadersParam + + custom_deny_message: str + """ + The custom error message shown to a user when they are denied access to the + application. + """ + + custom_deny_url: str + """ + The custom URL a user is redirected to when they are denied access to the + application when failing identity-based rules. + """ + + custom_non_identity_deny_url: str + """ + The custom URL a user is redirected to when they are denied access to the + application when failing non-identity rules. + """ + + custom_pages: List[str] + """The custom pages that will be displayed when applicable for this application""" + + destinations: Iterable[BrowserRdpApplicationDestination] + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + + enable_binding_cookie: bool + """ + Enables the binding cookie, which increases security against compromised + authorization tokens and CSRF attacks. + """ + + http_only_cookie_attribute: bool + """ + Enables the HttpOnly cookie attribute, which increases security against XSS + attacks. + """ + + logo_url: str + """The image URL for the logo shown in the App Launcher dashboard.""" + + name: str + """The name of the application.""" + + options_preflight_bypass: bool + """ + Allows options preflight requests to bypass Access authentication and go + directly to the origin. Cannot turn on if cors_headers is set. + """ + + path_cookie_attribute: bool + """Enables cookie paths to scope an application's JWT to the application path. + + If disabled, the JWT will scope to the hostname by default + """ + + policies: List[BrowserRdpApplicationPolicy] + """ + The policies that Access applies to the application, in ascending order of + precedence. Items can reference existing policies or create new policies + exclusive to the application. + """ + + same_site_cookie_attribute: str + """ + Sets the SameSite cookie setting, which provides increased security against CSRF + attacks. + """ + + scim_config: BrowserRdpApplicationSCIMConfig + """Configuration for provisioning to this application via SCIM. + + This is currently in closed beta. + """ + + self_hosted_domains: List[SelfHostedDomains] + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + + service_auth_401_redirect: bool + """Returns a 401 status code when the request is blocked by a Service Auth policy.""" + + session_duration: str + """The amount of time that tokens issued for this application will be valid. + + Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), + ms, s, m, h. + """ + + skip_interstitial: bool + """Enables automatic authentication through cloudflared.""" + + tags: List[str] + """The tags you want assigned to an application. + + Tags are used to filter applications in the App Launcher dashboard. + """ + + +class BrowserRdpApplicationTargetCriterion(TypedDict, total=False): + port: Required[int] + """The port that the targets use for the chosen communication protocol. + + A port cannot be assigned to multiple protocols. + """ + + protocol: Required[Literal["ssh"]] + """The communication protocol your application secures.""" + + target_attributes: Required[Dict[str, List[str]]] + """Contains a map of target attribute keys to target attribute values.""" + + +class BrowserRdpApplicationDestinationPublicDestination(TypedDict, total=False): + type: Literal["public"] + + uri: str + """The URI of the destination. + + Public destinations' URIs can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + """ + + +class BrowserRdpApplicationDestinationPrivateDestination(TypedDict, total=False): + cidr: str + """The CIDR range of the destination. Single IPs will be computed as /32.""" + + hostname: str + """The hostname of the destination. Matches a valid SNI served by an HTTPS origin.""" + + l4_protocol: Literal["tcp", "udp"] + """The L4 protocol of the destination. + + When omitted, both UDP and TCP traffic will match. + """ + + port_range: str + """The port range of the destination. + + Can be a single port or a range of ports. When omitted, all ports will match. + """ + + type: Literal["private"] + + vnet_id: str + """The VNET ID to match the destination. When omitted, all VNETs will match.""" + + +BrowserRdpApplicationDestination: TypeAlias = Union[ + BrowserRdpApplicationDestinationPublicDestination, BrowserRdpApplicationDestinationPrivateDestination +] + + +class BrowserRdpApplicationPolicyAccessAppPolicyLink(TypedDict, total=False): + id: str + """The UUID of the policy""" + + precedence: int + """The order of execution for this policy. + + Must be unique for each policy within an app. + """ + + +class BrowserRdpApplicationPolicyUnionMember2(TypedDict, total=False): + id: str + """The UUID of the policy""" + + approval_groups: Iterable[ApprovalGroupParam] + """Administrators who can approve a temporary authentication request.""" + + approval_required: bool + """ + Requires the user to request access from an administrator at the start of each + session. + """ + + isolation_required: bool + """ + Require this application to be served in an isolated browser for users matching + this policy. 'Client Web Isolation' must be on for the account in order to use + this feature. + """ + + precedence: int + """The order of execution for this policy. + + Must be unique for each policy within an app. + """ + + purpose_justification_prompt: str + """A custom message that will appear on the purpose justification screen.""" + + purpose_justification_required: bool + """Require users to enter a justification when they log in to the application.""" + + session_duration: str + """The amount of time that tokens issued for the application will be valid. + + Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), + ms, s, m, h. + """ + + +BrowserRdpApplicationPolicy: TypeAlias = Union[ + BrowserRdpApplicationPolicyAccessAppPolicyLink, str, BrowserRdpApplicationPolicyUnionMember2 +] + + +class BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken( + TypedDict, total=False +): + client_id: Required[str] + """ + Client ID of the Access service token used to authenticate with the remote + service. + """ + + client_secret: Required[str] + """ + Client secret of the Access service token used to authenticate with the remote + service. + """ + + scheme: Required[Literal["access_service_token"]] + """The authentication scheme to use when making SCIM requests to this application.""" + + +class BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken( + TypedDict, total=False +): + client_id: Required[str] + """ + Client ID of the Access service token used to authenticate with the remote + service. + """ + + client_secret: Required[str] + """ + Client secret of the Access service token used to authenticate with the remote + service. + """ + + scheme: Required[Literal["access_service_token"]] + """The authentication scheme to use when making SCIM requests to this application.""" + + +BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[ + SCIMConfigAuthenticationHTTPBasicParam, + SCIMConfigAuthenticationOAuthBearerTokenParam, + SCIMConfigAuthenticationOauth2Param, + BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken, +] + +BrowserRdpApplicationSCIMConfigAuthentication: TypeAlias = Union[ + SCIMConfigAuthenticationHTTPBasicParam, + SCIMConfigAuthenticationOAuthBearerTokenParam, + SCIMConfigAuthenticationOauth2Param, + BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken, + Iterable[BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication], +] + + +class BrowserRdpApplicationSCIMConfig(TypedDict, total=False): + idp_uid: Required[str] + """ + The UID of the IdP to use as the source for SCIM resources to provision to this + application. + """ + + remote_uri: Required[str] + """The base URI for the application's SCIM-compatible API.""" + + authentication: BrowserRdpApplicationSCIMConfigAuthentication + """ + Attributes for configuring HTTP Basic authentication scheme for SCIM + provisioning to an application. + """ + + deactivate_on_delete: bool + """ + If false, propagates DELETE requests to the target application for SCIM + resources. If true, sets 'active' to false on the SCIM resource. Note: Some + targets do not support DELETE operations. + """ + + enabled: bool + """Whether SCIM provisioning is turned on for this application.""" + + mappings: Iterable[SCIMConfigMappingParam] + """ + A list of mappings to apply to SCIM resources before provisioning them in this + application. These can transform or filter the resources to be provisioned. + """ + + ApplicationCreateParams: TypeAlias = Union[ SelfHostedApplication, SaaSApplication, @@ -2227,4 +2589,5 @@ class InfrastructureApplicationPolicy(TypedDict, total=False): BrowserIsolationPermissionsApplication, BookmarkApplication, InfrastructureApplication, + BrowserRdpApplication, ] diff --git a/src/cloudflare/types/zero_trust/access/application_create_response.py b/src/cloudflare/types/zero_trust/access/application_create_response.py index 93858f195db..97e6b20b34f 100644 --- a/src/cloudflare/types/zero_trust/access/application_create_response.py +++ b/src/cloudflare/types/zero_trust/access/application_create_response.py @@ -102,6 +102,17 @@ "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication", "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", + "BrowserRdpApplication", + "BrowserRdpApplicationTargetCriterion", + "BrowserRdpApplicationDestination", + "BrowserRdpApplicationDestinationPublicDestination", + "BrowserRdpApplicationDestinationPrivateDestination", + "BrowserRdpApplicationPolicy", + "BrowserRdpApplicationSCIMConfig", + "BrowserRdpApplicationSCIMConfigAuthentication", + "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", + "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication", + "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", ] @@ -1984,6 +1995,304 @@ class InfrastructureApplication(BaseModel): updated_at: Optional[datetime] = None +class BrowserRdpApplicationTargetCriterion(BaseModel): + port: int + """The port that the targets use for the chosen communication protocol. + + A port cannot be assigned to multiple protocols. + """ + + protocol: Literal["ssh"] + """The communication protocol your application secures.""" + + target_attributes: Dict[str, List[str]] + """Contains a map of target attribute keys to target attribute values.""" + + +class BrowserRdpApplicationDestinationPublicDestination(BaseModel): + type: Optional[Literal["public"]] = None + + uri: Optional[str] = None + """The URI of the destination. + + Public destinations' URIs can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + """ + + +class BrowserRdpApplicationDestinationPrivateDestination(BaseModel): + cidr: Optional[str] = None + """The CIDR range of the destination. Single IPs will be computed as /32.""" + + hostname: Optional[str] = None + """The hostname of the destination. Matches a valid SNI served by an HTTPS origin.""" + + l4_protocol: Optional[Literal["tcp", "udp"]] = None + """The L4 protocol of the destination. + + When omitted, both UDP and TCP traffic will match. + """ + + port_range: Optional[str] = None + """The port range of the destination. + + Can be a single port or a range of ports. When omitted, all ports will match. + """ + + type: Optional[Literal["private"]] = None + + vnet_id: Optional[str] = None + """The VNET ID to match the destination. When omitted, all VNETs will match.""" + + +BrowserRdpApplicationDestination: TypeAlias = Union[ + BrowserRdpApplicationDestinationPublicDestination, BrowserRdpApplicationDestinationPrivateDestination +] + + +class BrowserRdpApplicationPolicy(ApplicationPolicy): + precedence: Optional[int] = None + """The order of execution for this policy. + + Must be unique for each policy within an app. + """ + + +class BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel): + client_id: str + """ + Client ID of the Access service token used to authenticate with the remote + service. + """ + + client_secret: str + """ + Client secret of the Access service token used to authenticate with the remote + service. + """ + + scheme: Literal["access_service_token"] + """The authentication scheme to use when making SCIM requests to this application.""" + + +class BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken( + BaseModel +): + client_id: str + """ + Client ID of the Access service token used to authenticate with the remote + service. + """ + + client_secret: str + """ + Client secret of the Access service token used to authenticate with the remote + service. + """ + + scheme: Literal["access_service_token"] + """The authentication scheme to use when making SCIM requests to this application.""" + + +BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[ + SCIMConfigAuthenticationHTTPBasic, + SCIMConfigAuthenticationOAuthBearerToken, + SCIMConfigAuthenticationOauth2, + BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken, +] + +BrowserRdpApplicationSCIMConfigAuthentication: TypeAlias = Union[ + SCIMConfigAuthenticationHTTPBasic, + SCIMConfigAuthenticationOAuthBearerToken, + SCIMConfigAuthenticationOauth2, + BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken, + List[BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication], +] + + +class BrowserRdpApplicationSCIMConfig(BaseModel): + idp_uid: str + """ + The UID of the IdP to use as the source for SCIM resources to provision to this + application. + """ + + remote_uri: str + """The base URI for the application's SCIM-compatible API.""" + + authentication: Optional[BrowserRdpApplicationSCIMConfigAuthentication] = None + """ + Attributes for configuring HTTP Basic authentication scheme for SCIM + provisioning to an application. + """ + + deactivate_on_delete: Optional[bool] = None + """ + If false, propagates DELETE requests to the target application for SCIM + resources. If true, sets 'active' to false on the SCIM resource. Note: Some + targets do not support DELETE operations. + """ + + enabled: Optional[bool] = None + """Whether SCIM provisioning is turned on for this application.""" + + mappings: Optional[List[SCIMConfigMapping]] = None + """ + A list of mappings to apply to SCIM resources before provisioning them in this + application. These can transform or filter the resources to be provisioned. + """ + + +class BrowserRdpApplication(BaseModel): + domain: str + """The primary hostname and path secured by Access. + + This domain will be displayed if the app is visible in the App Launcher. + """ + + target_criteria: List[BrowserRdpApplicationTargetCriterion] + + type: str + """The application type.""" + + id: Optional[str] = None + """UUID""" + + allow_authenticate_via_warp: Optional[bool] = None + """ + When set to true, users can authenticate to this application using their WARP + session. When set to false this application will always require direct IdP + authentication. This setting always overrides the organization setting for WARP + authentication. + """ + + allowed_idps: Optional[List[AllowedIdPs]] = None + """The identity providers your users can select when connecting to this + application. + + Defaults to all IdPs configured in your account. + """ + + app_launcher_visible: Optional[bool] = None + """Displays the application in the App Launcher.""" + + aud: Optional[str] = None + """Audience tag.""" + + auto_redirect_to_identity: Optional[bool] = None + """When set to `true`, users skip the identity provider selection step during + login. + + You must specify only one identity provider in allowed_idps. + """ + + cors_headers: Optional[CORSHeaders] = None + + created_at: Optional[datetime] = None + + custom_deny_message: Optional[str] = None + """ + The custom error message shown to a user when they are denied access to the + application. + """ + + custom_deny_url: Optional[str] = None + """ + The custom URL a user is redirected to when they are denied access to the + application when failing identity-based rules. + """ + + custom_non_identity_deny_url: Optional[str] = None + """ + The custom URL a user is redirected to when they are denied access to the + application when failing non-identity rules. + """ + + custom_pages: Optional[List[str]] = None + """The custom pages that will be displayed when applicable for this application""" + + destinations: Optional[List[BrowserRdpApplicationDestination]] = None + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + + enable_binding_cookie: Optional[bool] = None + """ + Enables the binding cookie, which increases security against compromised + authorization tokens and CSRF attacks. + """ + + http_only_cookie_attribute: Optional[bool] = None + """ + Enables the HttpOnly cookie attribute, which increases security against XSS + attacks. + """ + + logo_url: Optional[str] = None + """The image URL for the logo shown in the App Launcher dashboard.""" + + name: Optional[str] = None + """The name of the application.""" + + options_preflight_bypass: Optional[bool] = None + """ + Allows options preflight requests to bypass Access authentication and go + directly to the origin. Cannot turn on if cors_headers is set. + """ + + path_cookie_attribute: Optional[bool] = None + """Enables cookie paths to scope an application's JWT to the application path. + + If disabled, the JWT will scope to the hostname by default + """ + + policies: Optional[List[BrowserRdpApplicationPolicy]] = None + + same_site_cookie_attribute: Optional[str] = None + """ + Sets the SameSite cookie setting, which provides increased security against CSRF + attacks. + """ + + scim_config: Optional[BrowserRdpApplicationSCIMConfig] = None + """Configuration for provisioning to this application via SCIM. + + This is currently in closed beta. + """ + + self_hosted_domains: Optional[List[SelfHostedDomains]] = None + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + + service_auth_401_redirect: Optional[bool] = None + """Returns a 401 status code when the request is blocked by a Service Auth policy.""" + + session_duration: Optional[str] = None + """The amount of time that tokens issued for this application will be valid. + + Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), + ms, s, m, h. + """ + + skip_interstitial: Optional[bool] = None + """Enables automatic authentication through cloudflared.""" + + tags: Optional[List[str]] = None + """The tags you want assigned to an application. + + Tags are used to filter applications in the App Launcher dashboard. + """ + + updated_at: Optional[datetime] = None + + ApplicationCreateResponse: TypeAlias = Union[ SelfHostedApplication, SaaSApplication, @@ -1994,4 +2303,5 @@ class InfrastructureApplication(BaseModel): BrowserIsolationPermissionsApplication, BookmarkApplication, InfrastructureApplication, + BrowserRdpApplication, ] diff --git a/src/cloudflare/types/zero_trust/access/application_get_response.py b/src/cloudflare/types/zero_trust/access/application_get_response.py index ffdc25f6b00..584d3507f1a 100644 --- a/src/cloudflare/types/zero_trust/access/application_get_response.py +++ b/src/cloudflare/types/zero_trust/access/application_get_response.py @@ -102,6 +102,17 @@ "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication", "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", + "BrowserRdpApplication", + "BrowserRdpApplicationTargetCriterion", + "BrowserRdpApplicationDestination", + "BrowserRdpApplicationDestinationPublicDestination", + "BrowserRdpApplicationDestinationPrivateDestination", + "BrowserRdpApplicationPolicy", + "BrowserRdpApplicationSCIMConfig", + "BrowserRdpApplicationSCIMConfigAuthentication", + "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", + "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication", + "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", ] @@ -1984,6 +1995,304 @@ class InfrastructureApplication(BaseModel): updated_at: Optional[datetime] = None +class BrowserRdpApplicationTargetCriterion(BaseModel): + port: int + """The port that the targets use for the chosen communication protocol. + + A port cannot be assigned to multiple protocols. + """ + + protocol: Literal["ssh"] + """The communication protocol your application secures.""" + + target_attributes: Dict[str, List[str]] + """Contains a map of target attribute keys to target attribute values.""" + + +class BrowserRdpApplicationDestinationPublicDestination(BaseModel): + type: Optional[Literal["public"]] = None + + uri: Optional[str] = None + """The URI of the destination. + + Public destinations' URIs can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + """ + + +class BrowserRdpApplicationDestinationPrivateDestination(BaseModel): + cidr: Optional[str] = None + """The CIDR range of the destination. Single IPs will be computed as /32.""" + + hostname: Optional[str] = None + """The hostname of the destination. Matches a valid SNI served by an HTTPS origin.""" + + l4_protocol: Optional[Literal["tcp", "udp"]] = None + """The L4 protocol of the destination. + + When omitted, both UDP and TCP traffic will match. + """ + + port_range: Optional[str] = None + """The port range of the destination. + + Can be a single port or a range of ports. When omitted, all ports will match. + """ + + type: Optional[Literal["private"]] = None + + vnet_id: Optional[str] = None + """The VNET ID to match the destination. When omitted, all VNETs will match.""" + + +BrowserRdpApplicationDestination: TypeAlias = Union[ + BrowserRdpApplicationDestinationPublicDestination, BrowserRdpApplicationDestinationPrivateDestination +] + + +class BrowserRdpApplicationPolicy(ApplicationPolicy): + precedence: Optional[int] = None + """The order of execution for this policy. + + Must be unique for each policy within an app. + """ + + +class BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel): + client_id: str + """ + Client ID of the Access service token used to authenticate with the remote + service. + """ + + client_secret: str + """ + Client secret of the Access service token used to authenticate with the remote + service. + """ + + scheme: Literal["access_service_token"] + """The authentication scheme to use when making SCIM requests to this application.""" + + +class BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken( + BaseModel +): + client_id: str + """ + Client ID of the Access service token used to authenticate with the remote + service. + """ + + client_secret: str + """ + Client secret of the Access service token used to authenticate with the remote + service. + """ + + scheme: Literal["access_service_token"] + """The authentication scheme to use when making SCIM requests to this application.""" + + +BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[ + SCIMConfigAuthenticationHTTPBasic, + SCIMConfigAuthenticationOAuthBearerToken, + SCIMConfigAuthenticationOauth2, + BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken, +] + +BrowserRdpApplicationSCIMConfigAuthentication: TypeAlias = Union[ + SCIMConfigAuthenticationHTTPBasic, + SCIMConfigAuthenticationOAuthBearerToken, + SCIMConfigAuthenticationOauth2, + BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken, + List[BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication], +] + + +class BrowserRdpApplicationSCIMConfig(BaseModel): + idp_uid: str + """ + The UID of the IdP to use as the source for SCIM resources to provision to this + application. + """ + + remote_uri: str + """The base URI for the application's SCIM-compatible API.""" + + authentication: Optional[BrowserRdpApplicationSCIMConfigAuthentication] = None + """ + Attributes for configuring HTTP Basic authentication scheme for SCIM + provisioning to an application. + """ + + deactivate_on_delete: Optional[bool] = None + """ + If false, propagates DELETE requests to the target application for SCIM + resources. If true, sets 'active' to false on the SCIM resource. Note: Some + targets do not support DELETE operations. + """ + + enabled: Optional[bool] = None + """Whether SCIM provisioning is turned on for this application.""" + + mappings: Optional[List[SCIMConfigMapping]] = None + """ + A list of mappings to apply to SCIM resources before provisioning them in this + application. These can transform or filter the resources to be provisioned. + """ + + +class BrowserRdpApplication(BaseModel): + domain: str + """The primary hostname and path secured by Access. + + This domain will be displayed if the app is visible in the App Launcher. + """ + + target_criteria: List[BrowserRdpApplicationTargetCriterion] + + type: str + """The application type.""" + + id: Optional[str] = None + """UUID""" + + allow_authenticate_via_warp: Optional[bool] = None + """ + When set to true, users can authenticate to this application using their WARP + session. When set to false this application will always require direct IdP + authentication. This setting always overrides the organization setting for WARP + authentication. + """ + + allowed_idps: Optional[List[AllowedIdPs]] = None + """The identity providers your users can select when connecting to this + application. + + Defaults to all IdPs configured in your account. + """ + + app_launcher_visible: Optional[bool] = None + """Displays the application in the App Launcher.""" + + aud: Optional[str] = None + """Audience tag.""" + + auto_redirect_to_identity: Optional[bool] = None + """When set to `true`, users skip the identity provider selection step during + login. + + You must specify only one identity provider in allowed_idps. + """ + + cors_headers: Optional[CORSHeaders] = None + + created_at: Optional[datetime] = None + + custom_deny_message: Optional[str] = None + """ + The custom error message shown to a user when they are denied access to the + application. + """ + + custom_deny_url: Optional[str] = None + """ + The custom URL a user is redirected to when they are denied access to the + application when failing identity-based rules. + """ + + custom_non_identity_deny_url: Optional[str] = None + """ + The custom URL a user is redirected to when they are denied access to the + application when failing non-identity rules. + """ + + custom_pages: Optional[List[str]] = None + """The custom pages that will be displayed when applicable for this application""" + + destinations: Optional[List[BrowserRdpApplicationDestination]] = None + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + + enable_binding_cookie: Optional[bool] = None + """ + Enables the binding cookie, which increases security against compromised + authorization tokens and CSRF attacks. + """ + + http_only_cookie_attribute: Optional[bool] = None + """ + Enables the HttpOnly cookie attribute, which increases security against XSS + attacks. + """ + + logo_url: Optional[str] = None + """The image URL for the logo shown in the App Launcher dashboard.""" + + name: Optional[str] = None + """The name of the application.""" + + options_preflight_bypass: Optional[bool] = None + """ + Allows options preflight requests to bypass Access authentication and go + directly to the origin. Cannot turn on if cors_headers is set. + """ + + path_cookie_attribute: Optional[bool] = None + """Enables cookie paths to scope an application's JWT to the application path. + + If disabled, the JWT will scope to the hostname by default + """ + + policies: Optional[List[BrowserRdpApplicationPolicy]] = None + + same_site_cookie_attribute: Optional[str] = None + """ + Sets the SameSite cookie setting, which provides increased security against CSRF + attacks. + """ + + scim_config: Optional[BrowserRdpApplicationSCIMConfig] = None + """Configuration for provisioning to this application via SCIM. + + This is currently in closed beta. + """ + + self_hosted_domains: Optional[List[SelfHostedDomains]] = None + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + + service_auth_401_redirect: Optional[bool] = None + """Returns a 401 status code when the request is blocked by a Service Auth policy.""" + + session_duration: Optional[str] = None + """The amount of time that tokens issued for this application will be valid. + + Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), + ms, s, m, h. + """ + + skip_interstitial: Optional[bool] = None + """Enables automatic authentication through cloudflared.""" + + tags: Optional[List[str]] = None + """The tags you want assigned to an application. + + Tags are used to filter applications in the App Launcher dashboard. + """ + + updated_at: Optional[datetime] = None + + ApplicationGetResponse: TypeAlias = Union[ SelfHostedApplication, SaaSApplication, @@ -1994,4 +2303,5 @@ class InfrastructureApplication(BaseModel): BrowserIsolationPermissionsApplication, BookmarkApplication, InfrastructureApplication, + BrowserRdpApplication, ] diff --git a/src/cloudflare/types/zero_trust/access/application_list_response.py b/src/cloudflare/types/zero_trust/access/application_list_response.py index 84c7d46ee79..ffd4a166fd9 100644 --- a/src/cloudflare/types/zero_trust/access/application_list_response.py +++ b/src/cloudflare/types/zero_trust/access/application_list_response.py @@ -102,6 +102,17 @@ "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication", "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", + "BrowserRdpApplication", + "BrowserRdpApplicationTargetCriterion", + "BrowserRdpApplicationDestination", + "BrowserRdpApplicationDestinationPublicDestination", + "BrowserRdpApplicationDestinationPrivateDestination", + "BrowserRdpApplicationPolicy", + "BrowserRdpApplicationSCIMConfig", + "BrowserRdpApplicationSCIMConfigAuthentication", + "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", + "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication", + "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", ] @@ -1984,6 +1995,304 @@ class InfrastructureApplication(BaseModel): updated_at: Optional[datetime] = None +class BrowserRdpApplicationTargetCriterion(BaseModel): + port: int + """The port that the targets use for the chosen communication protocol. + + A port cannot be assigned to multiple protocols. + """ + + protocol: Literal["ssh"] + """The communication protocol your application secures.""" + + target_attributes: Dict[str, List[str]] + """Contains a map of target attribute keys to target attribute values.""" + + +class BrowserRdpApplicationDestinationPublicDestination(BaseModel): + type: Optional[Literal["public"]] = None + + uri: Optional[str] = None + """The URI of the destination. + + Public destinations' URIs can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + """ + + +class BrowserRdpApplicationDestinationPrivateDestination(BaseModel): + cidr: Optional[str] = None + """The CIDR range of the destination. Single IPs will be computed as /32.""" + + hostname: Optional[str] = None + """The hostname of the destination. Matches a valid SNI served by an HTTPS origin.""" + + l4_protocol: Optional[Literal["tcp", "udp"]] = None + """The L4 protocol of the destination. + + When omitted, both UDP and TCP traffic will match. + """ + + port_range: Optional[str] = None + """The port range of the destination. + + Can be a single port or a range of ports. When omitted, all ports will match. + """ + + type: Optional[Literal["private"]] = None + + vnet_id: Optional[str] = None + """The VNET ID to match the destination. When omitted, all VNETs will match.""" + + +BrowserRdpApplicationDestination: TypeAlias = Union[ + BrowserRdpApplicationDestinationPublicDestination, BrowserRdpApplicationDestinationPrivateDestination +] + + +class BrowserRdpApplicationPolicy(ApplicationPolicy): + precedence: Optional[int] = None + """The order of execution for this policy. + + Must be unique for each policy within an app. + """ + + +class BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel): + client_id: str + """ + Client ID of the Access service token used to authenticate with the remote + service. + """ + + client_secret: str + """ + Client secret of the Access service token used to authenticate with the remote + service. + """ + + scheme: Literal["access_service_token"] + """The authentication scheme to use when making SCIM requests to this application.""" + + +class BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken( + BaseModel +): + client_id: str + """ + Client ID of the Access service token used to authenticate with the remote + service. + """ + + client_secret: str + """ + Client secret of the Access service token used to authenticate with the remote + service. + """ + + scheme: Literal["access_service_token"] + """The authentication scheme to use when making SCIM requests to this application.""" + + +BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[ + SCIMConfigAuthenticationHTTPBasic, + SCIMConfigAuthenticationOAuthBearerToken, + SCIMConfigAuthenticationOauth2, + BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken, +] + +BrowserRdpApplicationSCIMConfigAuthentication: TypeAlias = Union[ + SCIMConfigAuthenticationHTTPBasic, + SCIMConfigAuthenticationOAuthBearerToken, + SCIMConfigAuthenticationOauth2, + BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken, + List[BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication], +] + + +class BrowserRdpApplicationSCIMConfig(BaseModel): + idp_uid: str + """ + The UID of the IdP to use as the source for SCIM resources to provision to this + application. + """ + + remote_uri: str + """The base URI for the application's SCIM-compatible API.""" + + authentication: Optional[BrowserRdpApplicationSCIMConfigAuthentication] = None + """ + Attributes for configuring HTTP Basic authentication scheme for SCIM + provisioning to an application. + """ + + deactivate_on_delete: Optional[bool] = None + """ + If false, propagates DELETE requests to the target application for SCIM + resources. If true, sets 'active' to false on the SCIM resource. Note: Some + targets do not support DELETE operations. + """ + + enabled: Optional[bool] = None + """Whether SCIM provisioning is turned on for this application.""" + + mappings: Optional[List[SCIMConfigMapping]] = None + """ + A list of mappings to apply to SCIM resources before provisioning them in this + application. These can transform or filter the resources to be provisioned. + """ + + +class BrowserRdpApplication(BaseModel): + domain: str + """The primary hostname and path secured by Access. + + This domain will be displayed if the app is visible in the App Launcher. + """ + + target_criteria: List[BrowserRdpApplicationTargetCriterion] + + type: str + """The application type.""" + + id: Optional[str] = None + """UUID""" + + allow_authenticate_via_warp: Optional[bool] = None + """ + When set to true, users can authenticate to this application using their WARP + session. When set to false this application will always require direct IdP + authentication. This setting always overrides the organization setting for WARP + authentication. + """ + + allowed_idps: Optional[List[AllowedIdPs]] = None + """The identity providers your users can select when connecting to this + application. + + Defaults to all IdPs configured in your account. + """ + + app_launcher_visible: Optional[bool] = None + """Displays the application in the App Launcher.""" + + aud: Optional[str] = None + """Audience tag.""" + + auto_redirect_to_identity: Optional[bool] = None + """When set to `true`, users skip the identity provider selection step during + login. + + You must specify only one identity provider in allowed_idps. + """ + + cors_headers: Optional[CORSHeaders] = None + + created_at: Optional[datetime] = None + + custom_deny_message: Optional[str] = None + """ + The custom error message shown to a user when they are denied access to the + application. + """ + + custom_deny_url: Optional[str] = None + """ + The custom URL a user is redirected to when they are denied access to the + application when failing identity-based rules. + """ + + custom_non_identity_deny_url: Optional[str] = None + """ + The custom URL a user is redirected to when they are denied access to the + application when failing non-identity rules. + """ + + custom_pages: Optional[List[str]] = None + """The custom pages that will be displayed when applicable for this application""" + + destinations: Optional[List[BrowserRdpApplicationDestination]] = None + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + + enable_binding_cookie: Optional[bool] = None + """ + Enables the binding cookie, which increases security against compromised + authorization tokens and CSRF attacks. + """ + + http_only_cookie_attribute: Optional[bool] = None + """ + Enables the HttpOnly cookie attribute, which increases security against XSS + attacks. + """ + + logo_url: Optional[str] = None + """The image URL for the logo shown in the App Launcher dashboard.""" + + name: Optional[str] = None + """The name of the application.""" + + options_preflight_bypass: Optional[bool] = None + """ + Allows options preflight requests to bypass Access authentication and go + directly to the origin. Cannot turn on if cors_headers is set. + """ + + path_cookie_attribute: Optional[bool] = None + """Enables cookie paths to scope an application's JWT to the application path. + + If disabled, the JWT will scope to the hostname by default + """ + + policies: Optional[List[BrowserRdpApplicationPolicy]] = None + + same_site_cookie_attribute: Optional[str] = None + """ + Sets the SameSite cookie setting, which provides increased security against CSRF + attacks. + """ + + scim_config: Optional[BrowserRdpApplicationSCIMConfig] = None + """Configuration for provisioning to this application via SCIM. + + This is currently in closed beta. + """ + + self_hosted_domains: Optional[List[SelfHostedDomains]] = None + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + + service_auth_401_redirect: Optional[bool] = None + """Returns a 401 status code when the request is blocked by a Service Auth policy.""" + + session_duration: Optional[str] = None + """The amount of time that tokens issued for this application will be valid. + + Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), + ms, s, m, h. + """ + + skip_interstitial: Optional[bool] = None + """Enables automatic authentication through cloudflared.""" + + tags: Optional[List[str]] = None + """The tags you want assigned to an application. + + Tags are used to filter applications in the App Launcher dashboard. + """ + + updated_at: Optional[datetime] = None + + ApplicationListResponse: TypeAlias = Union[ SelfHostedApplication, SaaSApplication, @@ -1994,4 +2303,5 @@ class InfrastructureApplication(BaseModel): BrowserIsolationPermissionsApplication, BookmarkApplication, InfrastructureApplication, + BrowserRdpApplication, ] diff --git a/src/cloudflare/types/zero_trust/access/application_type.py b/src/cloudflare/types/zero_trust/access/application_type.py index bf3174ba0e3..fca877e578d 100644 --- a/src/cloudflare/types/zero_trust/access/application_type.py +++ b/src/cloudflare/types/zero_trust/access/application_type.py @@ -5,5 +5,5 @@ __all__ = ["ApplicationType"] ApplicationType: TypeAlias = Literal[ - "self_hosted", "saas", "ssh", "vnc", "app_launcher", "warp", "biso", "bookmark", "dash_sso", "infrastructure" + "self_hosted", "saas", "ssh", "vnc", "app_launcher", "warp", "biso", "bookmark", "dash_sso", "infrastructure", "rdp" ] diff --git a/src/cloudflare/types/zero_trust/access/application_update_params.py b/src/cloudflare/types/zero_trust/access/application_update_params.py index dbc9f768f2d..c038d085ab6 100644 --- a/src/cloudflare/types/zero_trust/access/application_update_params.py +++ b/src/cloudflare/types/zero_trust/access/application_update_params.py @@ -111,6 +111,19 @@ "InfrastructureApplicationPolicy", "InfrastructureApplicationPolicyConnectionRules", "InfrastructureApplicationPolicyConnectionRulesSSH", + "BrowserRdpApplication", + "BrowserRdpApplicationTargetCriterion", + "BrowserRdpApplicationDestination", + "BrowserRdpApplicationDestinationPublicDestination", + "BrowserRdpApplicationDestinationPrivateDestination", + "BrowserRdpApplicationPolicy", + "BrowserRdpApplicationPolicyAccessAppPolicyLink", + "BrowserRdpApplicationPolicyUnionMember2", + "BrowserRdpApplicationSCIMConfig", + "BrowserRdpApplicationSCIMConfigAuthentication", + "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", + "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication", + "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", ] @@ -2217,6 +2230,355 @@ class InfrastructureApplicationPolicy(TypedDict, total=False): """ +class BrowserRdpApplication(TypedDict, total=False): + domain: Required[str] + """The primary hostname and path secured by Access. + + This domain will be displayed if the app is visible in the App Launcher. + """ + + target_criteria: Required[Iterable[BrowserRdpApplicationTargetCriterion]] + + type: Required[str] + """The application type.""" + + account_id: str + """The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.""" + + zone_id: str + """The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.""" + + allow_authenticate_via_warp: bool + """ + When set to true, users can authenticate to this application using their WARP + session. When set to false this application will always require direct IdP + authentication. This setting always overrides the organization setting for WARP + authentication. + """ + + allowed_idps: List[AllowedIdPs] + """The identity providers your users can select when connecting to this + application. + + Defaults to all IdPs configured in your account. + """ + + app_launcher_visible: bool + """Displays the application in the App Launcher.""" + + auto_redirect_to_identity: bool + """When set to `true`, users skip the identity provider selection step during + login. + + You must specify only one identity provider in allowed_idps. + """ + + cors_headers: CORSHeadersParam + + custom_deny_message: str + """ + The custom error message shown to a user when they are denied access to the + application. + """ + + custom_deny_url: str + """ + The custom URL a user is redirected to when they are denied access to the + application when failing identity-based rules. + """ + + custom_non_identity_deny_url: str + """ + The custom URL a user is redirected to when they are denied access to the + application when failing non-identity rules. + """ + + custom_pages: List[str] + """The custom pages that will be displayed when applicable for this application""" + + destinations: Iterable[BrowserRdpApplicationDestination] + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + + enable_binding_cookie: bool + """ + Enables the binding cookie, which increases security against compromised + authorization tokens and CSRF attacks. + """ + + http_only_cookie_attribute: bool + """ + Enables the HttpOnly cookie attribute, which increases security against XSS + attacks. + """ + + logo_url: str + """The image URL for the logo shown in the App Launcher dashboard.""" + + name: str + """The name of the application.""" + + options_preflight_bypass: bool + """ + Allows options preflight requests to bypass Access authentication and go + directly to the origin. Cannot turn on if cors_headers is set. + """ + + path_cookie_attribute: bool + """Enables cookie paths to scope an application's JWT to the application path. + + If disabled, the JWT will scope to the hostname by default + """ + + policies: List[BrowserRdpApplicationPolicy] + """ + The policies that Access applies to the application, in ascending order of + precedence. Items can reference existing policies or create new policies + exclusive to the application. + """ + + same_site_cookie_attribute: str + """ + Sets the SameSite cookie setting, which provides increased security against CSRF + attacks. + """ + + scim_config: BrowserRdpApplicationSCIMConfig + """Configuration for provisioning to this application via SCIM. + + This is currently in closed beta. + """ + + self_hosted_domains: List[SelfHostedDomains] + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + + service_auth_401_redirect: bool + """Returns a 401 status code when the request is blocked by a Service Auth policy.""" + + session_duration: str + """The amount of time that tokens issued for this application will be valid. + + Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), + ms, s, m, h. + """ + + skip_interstitial: bool + """Enables automatic authentication through cloudflared.""" + + tags: List[str] + """The tags you want assigned to an application. + + Tags are used to filter applications in the App Launcher dashboard. + """ + + +class BrowserRdpApplicationTargetCriterion(TypedDict, total=False): + port: Required[int] + """The port that the targets use for the chosen communication protocol. + + A port cannot be assigned to multiple protocols. + """ + + protocol: Required[Literal["ssh"]] + """The communication protocol your application secures.""" + + target_attributes: Required[Dict[str, List[str]]] + """Contains a map of target attribute keys to target attribute values.""" + + +class BrowserRdpApplicationDestinationPublicDestination(TypedDict, total=False): + type: Literal["public"] + + uri: str + """The URI of the destination. + + Public destinations' URIs can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + """ + + +class BrowserRdpApplicationDestinationPrivateDestination(TypedDict, total=False): + cidr: str + """The CIDR range of the destination. Single IPs will be computed as /32.""" + + hostname: str + """The hostname of the destination. Matches a valid SNI served by an HTTPS origin.""" + + l4_protocol: Literal["tcp", "udp"] + """The L4 protocol of the destination. + + When omitted, both UDP and TCP traffic will match. + """ + + port_range: str + """The port range of the destination. + + Can be a single port or a range of ports. When omitted, all ports will match. + """ + + type: Literal["private"] + + vnet_id: str + """The VNET ID to match the destination. When omitted, all VNETs will match.""" + + +BrowserRdpApplicationDestination: TypeAlias = Union[ + BrowserRdpApplicationDestinationPublicDestination, BrowserRdpApplicationDestinationPrivateDestination +] + + +class BrowserRdpApplicationPolicyAccessAppPolicyLink(TypedDict, total=False): + id: str + """The UUID of the policy""" + + precedence: int + """The order of execution for this policy. + + Must be unique for each policy within an app. + """ + + +class BrowserRdpApplicationPolicyUnionMember2(TypedDict, total=False): + id: str + """The UUID of the policy""" + + approval_groups: Iterable[ApprovalGroupParam] + """Administrators who can approve a temporary authentication request.""" + + approval_required: bool + """ + Requires the user to request access from an administrator at the start of each + session. + """ + + isolation_required: bool + """ + Require this application to be served in an isolated browser for users matching + this policy. 'Client Web Isolation' must be on for the account in order to use + this feature. + """ + + precedence: int + """The order of execution for this policy. + + Must be unique for each policy within an app. + """ + + purpose_justification_prompt: str + """A custom message that will appear on the purpose justification screen.""" + + purpose_justification_required: bool + """Require users to enter a justification when they log in to the application.""" + + session_duration: str + """The amount of time that tokens issued for the application will be valid. + + Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), + ms, s, m, h. + """ + + +BrowserRdpApplicationPolicy: TypeAlias = Union[ + BrowserRdpApplicationPolicyAccessAppPolicyLink, str, BrowserRdpApplicationPolicyUnionMember2 +] + + +class BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken( + TypedDict, total=False +): + client_id: Required[str] + """ + Client ID of the Access service token used to authenticate with the remote + service. + """ + + client_secret: Required[str] + """ + Client secret of the Access service token used to authenticate with the remote + service. + """ + + scheme: Required[Literal["access_service_token"]] + """The authentication scheme to use when making SCIM requests to this application.""" + + +class BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken( + TypedDict, total=False +): + client_id: Required[str] + """ + Client ID of the Access service token used to authenticate with the remote + service. + """ + + client_secret: Required[str] + """ + Client secret of the Access service token used to authenticate with the remote + service. + """ + + scheme: Required[Literal["access_service_token"]] + """The authentication scheme to use when making SCIM requests to this application.""" + + +BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[ + SCIMConfigAuthenticationHTTPBasicParam, + SCIMConfigAuthenticationOAuthBearerTokenParam, + SCIMConfigAuthenticationOauth2Param, + BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken, +] + +BrowserRdpApplicationSCIMConfigAuthentication: TypeAlias = Union[ + SCIMConfigAuthenticationHTTPBasicParam, + SCIMConfigAuthenticationOAuthBearerTokenParam, + SCIMConfigAuthenticationOauth2Param, + BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken, + Iterable[BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication], +] + + +class BrowserRdpApplicationSCIMConfig(TypedDict, total=False): + idp_uid: Required[str] + """ + The UID of the IdP to use as the source for SCIM resources to provision to this + application. + """ + + remote_uri: Required[str] + """The base URI for the application's SCIM-compatible API.""" + + authentication: BrowserRdpApplicationSCIMConfigAuthentication + """ + Attributes for configuring HTTP Basic authentication scheme for SCIM + provisioning to an application. + """ + + deactivate_on_delete: bool + """ + If false, propagates DELETE requests to the target application for SCIM + resources. If true, sets 'active' to false on the SCIM resource. Note: Some + targets do not support DELETE operations. + """ + + enabled: bool + """Whether SCIM provisioning is turned on for this application.""" + + mappings: Iterable[SCIMConfigMappingParam] + """ + A list of mappings to apply to SCIM resources before provisioning them in this + application. These can transform or filter the resources to be provisioned. + """ + + ApplicationUpdateParams: TypeAlias = Union[ SelfHostedApplication, SaaSApplication, @@ -2227,4 +2589,5 @@ class InfrastructureApplicationPolicy(TypedDict, total=False): BrowserIsolationPermissionsApplication, BookmarkApplication, InfrastructureApplication, + BrowserRdpApplication, ] diff --git a/src/cloudflare/types/zero_trust/access/application_update_response.py b/src/cloudflare/types/zero_trust/access/application_update_response.py index 84970ad9974..1af8da2b92e 100644 --- a/src/cloudflare/types/zero_trust/access/application_update_response.py +++ b/src/cloudflare/types/zero_trust/access/application_update_response.py @@ -102,6 +102,17 @@ "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication", "InfrastructureApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", + "BrowserRdpApplication", + "BrowserRdpApplicationTargetCriterion", + "BrowserRdpApplicationDestination", + "BrowserRdpApplicationDestinationPublicDestination", + "BrowserRdpApplicationDestinationPrivateDestination", + "BrowserRdpApplicationPolicy", + "BrowserRdpApplicationSCIMConfig", + "BrowserRdpApplicationSCIMConfigAuthentication", + "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", + "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication", + "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken", ] @@ -1984,6 +1995,304 @@ class InfrastructureApplication(BaseModel): updated_at: Optional[datetime] = None +class BrowserRdpApplicationTargetCriterion(BaseModel): + port: int + """The port that the targets use for the chosen communication protocol. + + A port cannot be assigned to multiple protocols. + """ + + protocol: Literal["ssh"] + """The communication protocol your application secures.""" + + target_attributes: Dict[str, List[str]] + """Contains a map of target attribute keys to target attribute values.""" + + +class BrowserRdpApplicationDestinationPublicDestination(BaseModel): + type: Optional[Literal["public"]] = None + + uri: Optional[str] = None + """The URI of the destination. + + Public destinations' URIs can include a domain and path with + [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/). + """ + + +class BrowserRdpApplicationDestinationPrivateDestination(BaseModel): + cidr: Optional[str] = None + """The CIDR range of the destination. Single IPs will be computed as /32.""" + + hostname: Optional[str] = None + """The hostname of the destination. Matches a valid SNI served by an HTTPS origin.""" + + l4_protocol: Optional[Literal["tcp", "udp"]] = None + """The L4 protocol of the destination. + + When omitted, both UDP and TCP traffic will match. + """ + + port_range: Optional[str] = None + """The port range of the destination. + + Can be a single port or a range of ports. When omitted, all ports will match. + """ + + type: Optional[Literal["private"]] = None + + vnet_id: Optional[str] = None + """The VNET ID to match the destination. When omitted, all VNETs will match.""" + + +BrowserRdpApplicationDestination: TypeAlias = Union[ + BrowserRdpApplicationDestinationPublicDestination, BrowserRdpApplicationDestinationPrivateDestination +] + + +class BrowserRdpApplicationPolicy(ApplicationPolicy): + precedence: Optional[int] = None + """The order of execution for this policy. + + Must be unique for each policy within an app. + """ + + +class BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(BaseModel): + client_id: str + """ + Client ID of the Access service token used to authenticate with the remote + service. + """ + + client_secret: str + """ + Client secret of the Access service token used to authenticate with the remote + service. + """ + + scheme: Literal["access_service_token"] + """The authentication scheme to use when making SCIM requests to this application.""" + + +class BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken( + BaseModel +): + client_id: str + """ + Client ID of the Access service token used to authenticate with the remote + service. + """ + + client_secret: str + """ + Client secret of the Access service token used to authenticate with the remote + service. + """ + + scheme: Literal["access_service_token"] + """The authentication scheme to use when making SCIM requests to this application.""" + + +BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[ + SCIMConfigAuthenticationHTTPBasic, + SCIMConfigAuthenticationOAuthBearerToken, + SCIMConfigAuthenticationOauth2, + BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken, +] + +BrowserRdpApplicationSCIMConfigAuthentication: TypeAlias = Union[ + SCIMConfigAuthenticationHTTPBasic, + SCIMConfigAuthenticationOAuthBearerToken, + SCIMConfigAuthenticationOauth2, + BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken, + List[BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication], +] + + +class BrowserRdpApplicationSCIMConfig(BaseModel): + idp_uid: str + """ + The UID of the IdP to use as the source for SCIM resources to provision to this + application. + """ + + remote_uri: str + """The base URI for the application's SCIM-compatible API.""" + + authentication: Optional[BrowserRdpApplicationSCIMConfigAuthentication] = None + """ + Attributes for configuring HTTP Basic authentication scheme for SCIM + provisioning to an application. + """ + + deactivate_on_delete: Optional[bool] = None + """ + If false, propagates DELETE requests to the target application for SCIM + resources. If true, sets 'active' to false on the SCIM resource. Note: Some + targets do not support DELETE operations. + """ + + enabled: Optional[bool] = None + """Whether SCIM provisioning is turned on for this application.""" + + mappings: Optional[List[SCIMConfigMapping]] = None + """ + A list of mappings to apply to SCIM resources before provisioning them in this + application. These can transform or filter the resources to be provisioned. + """ + + +class BrowserRdpApplication(BaseModel): + domain: str + """The primary hostname and path secured by Access. + + This domain will be displayed if the app is visible in the App Launcher. + """ + + target_criteria: List[BrowserRdpApplicationTargetCriterion] + + type: str + """The application type.""" + + id: Optional[str] = None + """UUID""" + + allow_authenticate_via_warp: Optional[bool] = None + """ + When set to true, users can authenticate to this application using their WARP + session. When set to false this application will always require direct IdP + authentication. This setting always overrides the organization setting for WARP + authentication. + """ + + allowed_idps: Optional[List[AllowedIdPs]] = None + """The identity providers your users can select when connecting to this + application. + + Defaults to all IdPs configured in your account. + """ + + app_launcher_visible: Optional[bool] = None + """Displays the application in the App Launcher.""" + + aud: Optional[str] = None + """Audience tag.""" + + auto_redirect_to_identity: Optional[bool] = None + """When set to `true`, users skip the identity provider selection step during + login. + + You must specify only one identity provider in allowed_idps. + """ + + cors_headers: Optional[CORSHeaders] = None + + created_at: Optional[datetime] = None + + custom_deny_message: Optional[str] = None + """ + The custom error message shown to a user when they are denied access to the + application. + """ + + custom_deny_url: Optional[str] = None + """ + The custom URL a user is redirected to when they are denied access to the + application when failing identity-based rules. + """ + + custom_non_identity_deny_url: Optional[str] = None + """ + The custom URL a user is redirected to when they are denied access to the + application when failing non-identity rules. + """ + + custom_pages: Optional[List[str]] = None + """The custom pages that will be displayed when applicable for this application""" + + destinations: Optional[List[BrowserRdpApplicationDestination]] = None + """List of destinations secured by Access. + + This supersedes `self_hosted_domains` to allow for more flexibility in defining + different types of domains. If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + + enable_binding_cookie: Optional[bool] = None + """ + Enables the binding cookie, which increases security against compromised + authorization tokens and CSRF attacks. + """ + + http_only_cookie_attribute: Optional[bool] = None + """ + Enables the HttpOnly cookie attribute, which increases security against XSS + attacks. + """ + + logo_url: Optional[str] = None + """The image URL for the logo shown in the App Launcher dashboard.""" + + name: Optional[str] = None + """The name of the application.""" + + options_preflight_bypass: Optional[bool] = None + """ + Allows options preflight requests to bypass Access authentication and go + directly to the origin. Cannot turn on if cors_headers is set. + """ + + path_cookie_attribute: Optional[bool] = None + """Enables cookie paths to scope an application's JWT to the application path. + + If disabled, the JWT will scope to the hostname by default + """ + + policies: Optional[List[BrowserRdpApplicationPolicy]] = None + + same_site_cookie_attribute: Optional[str] = None + """ + Sets the SameSite cookie setting, which provides increased security against CSRF + attacks. + """ + + scim_config: Optional[BrowserRdpApplicationSCIMConfig] = None + """Configuration for provisioning to this application via SCIM. + + This is currently in closed beta. + """ + + self_hosted_domains: Optional[List[SelfHostedDomains]] = None + """List of public domains that Access will secure. + + This field is deprecated in favor of `destinations` and will be supported until + **November 21, 2025.** If `destinations` are provided, then + `self_hosted_domains` will be ignored. + """ + + service_auth_401_redirect: Optional[bool] = None + """Returns a 401 status code when the request is blocked by a Service Auth policy.""" + + session_duration: Optional[str] = None + """The amount of time that tokens issued for this application will be valid. + + Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), + ms, s, m, h. + """ + + skip_interstitial: Optional[bool] = None + """Enables automatic authentication through cloudflared.""" + + tags: Optional[List[str]] = None + """The tags you want assigned to an application. + + Tags are used to filter applications in the App Launcher dashboard. + """ + + updated_at: Optional[datetime] = None + + ApplicationUpdateResponse: TypeAlias = Union[ SelfHostedApplication, SaaSApplication, @@ -1994,4 +2303,5 @@ class InfrastructureApplication(BaseModel): BrowserIsolationPermissionsApplication, BookmarkApplication, InfrastructureApplication, + BrowserRdpApplication, ] diff --git a/tests/api_resources/zero_trust/access/test_applications.py b/tests/api_resources/zero_trust/access/test_applications.py index dc2cd54a31d..7f6ea79f332 100644 --- a/tests/api_resources/zero_trust/access/test_applications.py +++ b/tests/api_resources/zero_trust/access/test_applications.py @@ -1174,6 +1174,210 @@ def test_path_params_create_overload_9(self, client: Cloudflare) -> None: account_id="account_id", ) + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + def test_method_create_overload_10(self, client: Cloudflare) -> None: + application = client.zero_trust.access.applications.create( + domain="test.example.com/admin", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="rdp", + account_id="account_id", + ) + assert_matches_type(Optional[ApplicationCreateResponse], application, path=["response"]) + + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + def test_method_create_with_all_params_overload_10(self, client: Cloudflare) -> None: + application = client.zero_trust.access.applications.create( + domain="test.example.com/admin", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="rdp", + account_id="account_id", + allow_authenticate_via_warp=True, + allowed_idps=["699d98642c564d2e855e9661899b7252"], + app_launcher_visible=True, + auto_redirect_to_identity=True, + cors_headers={ + "allow_all_headers": True, + "allow_all_methods": True, + "allow_all_origins": True, + "allow_credentials": True, + "allowed_headers": ["string"], + "allowed_methods": ["GET"], + "allowed_origins": ["https://example.com"], + "max_age": -1, + }, + custom_deny_message="custom_deny_message", + custom_deny_url="custom_deny_url", + custom_non_identity_deny_url="custom_non_identity_deny_url", + custom_pages=["699d98642c564d2e855e9661899b7252"], + destinations=[ + { + "type": "public", + "uri": "test.example.com/admin", + }, + { + "type": "public", + "uri": "test.anotherexample.com/staff", + }, + { + "cidr": "10.5.0.0/24", + "hostname": "hostname", + "l4_protocol": "tcp", + "port_range": "80-90", + "type": "private", + "vnet_id": "vnet_id", + }, + { + "cidr": "10.5.0.3/32", + "hostname": "hostname", + "l4_protocol": "tcp", + "port_range": "80", + "type": "private", + "vnet_id": "vnet_id", + }, + { + "cidr": "cidr", + "hostname": "hostname", + "l4_protocol": "tcp", + "port_range": "port_range", + "type": "private", + "vnet_id": "vnet_id", + }, + ], + enable_binding_cookie=True, + http_only_cookie_attribute=True, + logo_url="https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg", + name="Admin Site", + options_preflight_bypass=True, + path_cookie_attribute=True, + policies=[ + { + "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", + "precedence": 0, + } + ], + same_site_cookie_attribute="strict", + scim_config={ + "idp_uid": "idp_uid", + "remote_uri": "remote_uri", + "authentication": { + "password": "password", + "scheme": "httpbasic", + "user": "user", + }, + "deactivate_on_delete": True, + "enabled": True, + "mappings": [ + { + "schema": "urn:ietf:params:scim:schemas:core:2.0:User", + "enabled": True, + "filter": 'title pr or userType eq "Intern"', + "operations": { + "create": True, + "delete": True, + "update": True, + }, + "strictness": "strict", + "transform_jsonata": "$merge([$, {'userName': $substringBefore($.userName, '@') & '+test@' & $substringAfter($.userName, '@')}])", + } + ], + }, + self_hosted_domains=["test.example.com/admin", "test.anotherexample.com/staff"], + service_auth_401_redirect=True, + session_duration="24h", + skip_interstitial=True, + tags=["engineers"], + ) + assert_matches_type(Optional[ApplicationCreateResponse], application, path=["response"]) + + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + def test_raw_response_create_overload_10(self, client: Cloudflare) -> None: + response = client.zero_trust.access.applications.with_raw_response.create( + domain="test.example.com/admin", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="rdp", + account_id="account_id", + ) + + assert response.is_closed is True + assert response.http_request.headers.get("X-Stainless-Lang") == "python" + application = response.parse() + assert_matches_type(Optional[ApplicationCreateResponse], application, path=["response"]) + + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + def test_streaming_response_create_overload_10(self, client: Cloudflare) -> None: + with client.zero_trust.access.applications.with_streaming_response.create( + domain="test.example.com/admin", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="rdp", + account_id="account_id", + ) as response: + assert not response.is_closed + assert response.http_request.headers.get("X-Stainless-Lang") == "python" + + application = response.parse() + assert_matches_type(Optional[ApplicationCreateResponse], application, path=["response"]) + + assert cast(Any, response.is_closed) is True + + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + def test_path_params_create_overload_10(self, client: Cloudflare) -> None: + with pytest.raises(ValueError, match=r"You must provide either account_id or zone_id"): + client.zero_trust.access.applications.with_raw_response.create( + domain="test.example.com/admin", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="rdp", + account_id="", + ) + + with pytest.raises(ValueError, match=r"You must provide either account_id or zone_id"): + client.zero_trust.access.applications.with_raw_response.create( + domain="test.example.com/admin", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="rdp", + account_id="account_id", + ) + @pytest.mark.skip(reason="TODO: investigate broken test") @parametrize def test_method_update_overload_1(self, client: Cloudflare) -> None: @@ -2334,37 +2538,258 @@ def test_method_update_with_all_params_overload_9(self, client: Cloudflare) -> N app_id="023e105f4ecef8ad9ca31a8372d0c353", target_criteria=[ { - "port": 22, - "protocol": "ssh", - "target_attributes": {"hostname": ["test-server", "production-server"]}, - } + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="self_hosted", + account_id="account_id", + name="Admin Site", + policies=[ + { + "decision": "allow", + "include": [{"group": {"id": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f"}}], + "name": "Allow devs", + "connection_rules": { + "ssh": { + "usernames": ["root", "ubuntu"], + "allow_email_alias": True, + } + }, + "exclude": [{"group": {"id": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f"}}], + "require": [{"group": {"id": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f"}}], + } + ], + ) + assert_matches_type(Optional[ApplicationUpdateResponse], application, path=["response"]) + + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + def test_raw_response_update_overload_9(self, client: Cloudflare) -> None: + response = client.zero_trust.access.applications.with_raw_response.update( + app_id="023e105f4ecef8ad9ca31a8372d0c353", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="self_hosted", + account_id="account_id", + ) + + assert response.is_closed is True + assert response.http_request.headers.get("X-Stainless-Lang") == "python" + application = response.parse() + assert_matches_type(Optional[ApplicationUpdateResponse], application, path=["response"]) + + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + def test_streaming_response_update_overload_9(self, client: Cloudflare) -> None: + with client.zero_trust.access.applications.with_streaming_response.update( + app_id="023e105f4ecef8ad9ca31a8372d0c353", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="self_hosted", + account_id="account_id", + ) as response: + assert not response.is_closed + assert response.http_request.headers.get("X-Stainless-Lang") == "python" + + application = response.parse() + assert_matches_type(Optional[ApplicationUpdateResponse], application, path=["response"]) + + assert cast(Any, response.is_closed) is True + + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + def test_path_params_update_overload_9(self, client: Cloudflare) -> None: + with pytest.raises(ValueError, match=r"Expected a non-empty value for `app_id` but received ''"): + client.zero_trust.access.applications.with_raw_response.update( + app_id="", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="self_hosted", + account_id="account_id", + ) + + with pytest.raises(ValueError, match=r"You must provide either account_id or zone_id"): + client.zero_trust.access.applications.with_raw_response.update( + app_id="023e105f4ecef8ad9ca31a8372d0c353", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="self_hosted", + account_id="", + ) + + with pytest.raises(ValueError, match=r"You must provide either account_id or zone_id"): + client.zero_trust.access.applications.with_raw_response.update( + app_id="023e105f4ecef8ad9ca31a8372d0c353", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="self_hosted", + account_id="account_id", + ) + + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + def test_method_update_overload_10(self, client: Cloudflare) -> None: + application = client.zero_trust.access.applications.update( + app_id="023e105f4ecef8ad9ca31a8372d0c353", + domain="test.example.com/admin", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="rdp", + account_id="account_id", + ) + assert_matches_type(Optional[ApplicationUpdateResponse], application, path=["response"]) + + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + def test_method_update_with_all_params_overload_10(self, client: Cloudflare) -> None: + application = client.zero_trust.access.applications.update( + app_id="023e105f4ecef8ad9ca31a8372d0c353", + domain="test.example.com/admin", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="rdp", + account_id="account_id", + allow_authenticate_via_warp=True, + allowed_idps=["699d98642c564d2e855e9661899b7252"], + app_launcher_visible=True, + auto_redirect_to_identity=True, + cors_headers={ + "allow_all_headers": True, + "allow_all_methods": True, + "allow_all_origins": True, + "allow_credentials": True, + "allowed_headers": ["string"], + "allowed_methods": ["GET"], + "allowed_origins": ["https://example.com"], + "max_age": -1, + }, + custom_deny_message="custom_deny_message", + custom_deny_url="custom_deny_url", + custom_non_identity_deny_url="custom_non_identity_deny_url", + custom_pages=["699d98642c564d2e855e9661899b7252"], + destinations=[ + { + "type": "public", + "uri": "test.example.com/admin", + }, + { + "type": "public", + "uri": "test.anotherexample.com/staff", + }, + { + "cidr": "10.5.0.0/24", + "hostname": "hostname", + "l4_protocol": "tcp", + "port_range": "80-90", + "type": "private", + "vnet_id": "vnet_id", + }, + { + "cidr": "10.5.0.3/32", + "hostname": "hostname", + "l4_protocol": "tcp", + "port_range": "80", + "type": "private", + "vnet_id": "vnet_id", + }, + { + "cidr": "cidr", + "hostname": "hostname", + "l4_protocol": "tcp", + "port_range": "port_range", + "type": "private", + "vnet_id": "vnet_id", + }, ], - type="self_hosted", - account_id="account_id", + enable_binding_cookie=True, + http_only_cookie_attribute=True, + logo_url="https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg", name="Admin Site", + options_preflight_bypass=True, + path_cookie_attribute=True, policies=[ { - "decision": "allow", - "include": [{"group": {"id": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f"}}], - "name": "Allow devs", - "connection_rules": { - "ssh": { - "usernames": ["root", "ubuntu"], - "allow_email_alias": True, - } - }, - "exclude": [{"group": {"id": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f"}}], - "require": [{"group": {"id": "aa0a4aab-672b-4bdb-bc33-a59f1130a11f"}}], + "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", + "precedence": 0, } ], + same_site_cookie_attribute="strict", + scim_config={ + "idp_uid": "idp_uid", + "remote_uri": "remote_uri", + "authentication": { + "password": "password", + "scheme": "httpbasic", + "user": "user", + }, + "deactivate_on_delete": True, + "enabled": True, + "mappings": [ + { + "schema": "urn:ietf:params:scim:schemas:core:2.0:User", + "enabled": True, + "filter": 'title pr or userType eq "Intern"', + "operations": { + "create": True, + "delete": True, + "update": True, + }, + "strictness": "strict", + "transform_jsonata": "$merge([$, {'userName': $substringBefore($.userName, '@') & '+test@' & $substringAfter($.userName, '@')}])", + } + ], + }, + self_hosted_domains=["test.example.com/admin", "test.anotherexample.com/staff"], + service_auth_401_redirect=True, + session_duration="24h", + skip_interstitial=True, + tags=["engineers"], ) assert_matches_type(Optional[ApplicationUpdateResponse], application, path=["response"]) @pytest.mark.skip(reason="TODO: investigate broken test") @parametrize - def test_raw_response_update_overload_9(self, client: Cloudflare) -> None: + def test_raw_response_update_overload_10(self, client: Cloudflare) -> None: response = client.zero_trust.access.applications.with_raw_response.update( app_id="023e105f4ecef8ad9ca31a8372d0c353", + domain="test.example.com/admin", target_criteria=[ { "port": 22, @@ -2372,7 +2797,7 @@ def test_raw_response_update_overload_9(self, client: Cloudflare) -> None: "target_attributes": {"hostname": ["test-server", "production-server"]}, } ], - type="self_hosted", + type="rdp", account_id="account_id", ) @@ -2383,9 +2808,10 @@ def test_raw_response_update_overload_9(self, client: Cloudflare) -> None: @pytest.mark.skip(reason="TODO: investigate broken test") @parametrize - def test_streaming_response_update_overload_9(self, client: Cloudflare) -> None: + def test_streaming_response_update_overload_10(self, client: Cloudflare) -> None: with client.zero_trust.access.applications.with_streaming_response.update( app_id="023e105f4ecef8ad9ca31a8372d0c353", + domain="test.example.com/admin", target_criteria=[ { "port": 22, @@ -2393,7 +2819,7 @@ def test_streaming_response_update_overload_9(self, client: Cloudflare) -> None: "target_attributes": {"hostname": ["test-server", "production-server"]}, } ], - type="self_hosted", + type="rdp", account_id="account_id", ) as response: assert not response.is_closed @@ -2406,10 +2832,11 @@ def test_streaming_response_update_overload_9(self, client: Cloudflare) -> None: @pytest.mark.skip(reason="TODO: investigate broken test") @parametrize - def test_path_params_update_overload_9(self, client: Cloudflare) -> None: + def test_path_params_update_overload_10(self, client: Cloudflare) -> None: with pytest.raises(ValueError, match=r"Expected a non-empty value for `app_id` but received ''"): client.zero_trust.access.applications.with_raw_response.update( app_id="", + domain="test.example.com/admin", target_criteria=[ { "port": 22, @@ -2417,13 +2844,14 @@ def test_path_params_update_overload_9(self, client: Cloudflare) -> None: "target_attributes": {"hostname": ["test-server", "production-server"]}, } ], - type="self_hosted", + type="rdp", account_id="account_id", ) with pytest.raises(ValueError, match=r"You must provide either account_id or zone_id"): client.zero_trust.access.applications.with_raw_response.update( app_id="023e105f4ecef8ad9ca31a8372d0c353", + domain="test.example.com/admin", target_criteria=[ { "port": 22, @@ -2431,13 +2859,14 @@ def test_path_params_update_overload_9(self, client: Cloudflare) -> None: "target_attributes": {"hostname": ["test-server", "production-server"]}, } ], - type="self_hosted", + type="rdp", account_id="", ) with pytest.raises(ValueError, match=r"You must provide either account_id or zone_id"): client.zero_trust.access.applications.with_raw_response.update( app_id="023e105f4ecef8ad9ca31a8372d0c353", + domain="test.example.com/admin", target_criteria=[ { "port": 22, @@ -2445,7 +2874,7 @@ def test_path_params_update_overload_9(self, client: Cloudflare) -> None: "target_attributes": {"hostname": ["test-server", "production-server"]}, } ], - type="self_hosted", + type="rdp", account_id="account_id", ) @@ -3794,8 +4223,209 @@ async def test_method_create_with_all_params_overload_9(self, async_client: Asyn @pytest.mark.skip(reason="TODO: investigate broken test") @parametrize - async def test_raw_response_create_overload_9(self, async_client: AsyncCloudflare) -> None: + async def test_raw_response_create_overload_9(self, async_client: AsyncCloudflare) -> None: + response = await async_client.zero_trust.access.applications.with_raw_response.create( + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="self_hosted", + account_id="account_id", + ) + + assert response.is_closed is True + assert response.http_request.headers.get("X-Stainless-Lang") == "python" + application = await response.parse() + assert_matches_type(Optional[ApplicationCreateResponse], application, path=["response"]) + + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + async def test_streaming_response_create_overload_9(self, async_client: AsyncCloudflare) -> None: + async with async_client.zero_trust.access.applications.with_streaming_response.create( + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="self_hosted", + account_id="account_id", + ) as response: + assert not response.is_closed + assert response.http_request.headers.get("X-Stainless-Lang") == "python" + + application = await response.parse() + assert_matches_type(Optional[ApplicationCreateResponse], application, path=["response"]) + + assert cast(Any, response.is_closed) is True + + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + async def test_path_params_create_overload_9(self, async_client: AsyncCloudflare) -> None: + with pytest.raises(ValueError, match=r"You must provide either account_id or zone_id"): + await async_client.zero_trust.access.applications.with_raw_response.create( + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="self_hosted", + account_id="", + ) + + with pytest.raises(ValueError, match=r"You must provide either account_id or zone_id"): + await async_client.zero_trust.access.applications.with_raw_response.create( + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="self_hosted", + account_id="account_id", + ) + + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + async def test_method_create_overload_10(self, async_client: AsyncCloudflare) -> None: + application = await async_client.zero_trust.access.applications.create( + domain="test.example.com/admin", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="rdp", + account_id="account_id", + ) + assert_matches_type(Optional[ApplicationCreateResponse], application, path=["response"]) + + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + async def test_method_create_with_all_params_overload_10(self, async_client: AsyncCloudflare) -> None: + application = await async_client.zero_trust.access.applications.create( + domain="test.example.com/admin", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="rdp", + account_id="account_id", + allow_authenticate_via_warp=True, + allowed_idps=["699d98642c564d2e855e9661899b7252"], + app_launcher_visible=True, + auto_redirect_to_identity=True, + cors_headers={ + "allow_all_headers": True, + "allow_all_methods": True, + "allow_all_origins": True, + "allow_credentials": True, + "allowed_headers": ["string"], + "allowed_methods": ["GET"], + "allowed_origins": ["https://example.com"], + "max_age": -1, + }, + custom_deny_message="custom_deny_message", + custom_deny_url="custom_deny_url", + custom_non_identity_deny_url="custom_non_identity_deny_url", + custom_pages=["699d98642c564d2e855e9661899b7252"], + destinations=[ + { + "type": "public", + "uri": "test.example.com/admin", + }, + { + "type": "public", + "uri": "test.anotherexample.com/staff", + }, + { + "cidr": "10.5.0.0/24", + "hostname": "hostname", + "l4_protocol": "tcp", + "port_range": "80-90", + "type": "private", + "vnet_id": "vnet_id", + }, + { + "cidr": "10.5.0.3/32", + "hostname": "hostname", + "l4_protocol": "tcp", + "port_range": "80", + "type": "private", + "vnet_id": "vnet_id", + }, + { + "cidr": "cidr", + "hostname": "hostname", + "l4_protocol": "tcp", + "port_range": "port_range", + "type": "private", + "vnet_id": "vnet_id", + }, + ], + enable_binding_cookie=True, + http_only_cookie_attribute=True, + logo_url="https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg", + name="Admin Site", + options_preflight_bypass=True, + path_cookie_attribute=True, + policies=[ + { + "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", + "precedence": 0, + } + ], + same_site_cookie_attribute="strict", + scim_config={ + "idp_uid": "idp_uid", + "remote_uri": "remote_uri", + "authentication": { + "password": "password", + "scheme": "httpbasic", + "user": "user", + }, + "deactivate_on_delete": True, + "enabled": True, + "mappings": [ + { + "schema": "urn:ietf:params:scim:schemas:core:2.0:User", + "enabled": True, + "filter": 'title pr or userType eq "Intern"', + "operations": { + "create": True, + "delete": True, + "update": True, + }, + "strictness": "strict", + "transform_jsonata": "$merge([$, {'userName': $substringBefore($.userName, '@') & '+test@' & $substringAfter($.userName, '@')}])", + } + ], + }, + self_hosted_domains=["test.example.com/admin", "test.anotherexample.com/staff"], + service_auth_401_redirect=True, + session_duration="24h", + skip_interstitial=True, + tags=["engineers"], + ) + assert_matches_type(Optional[ApplicationCreateResponse], application, path=["response"]) + + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + async def test_raw_response_create_overload_10(self, async_client: AsyncCloudflare) -> None: response = await async_client.zero_trust.access.applications.with_raw_response.create( + domain="test.example.com/admin", target_criteria=[ { "port": 22, @@ -3803,7 +4433,7 @@ async def test_raw_response_create_overload_9(self, async_client: AsyncCloudflar "target_attributes": {"hostname": ["test-server", "production-server"]}, } ], - type="self_hosted", + type="rdp", account_id="account_id", ) @@ -3814,8 +4444,9 @@ async def test_raw_response_create_overload_9(self, async_client: AsyncCloudflar @pytest.mark.skip(reason="TODO: investigate broken test") @parametrize - async def test_streaming_response_create_overload_9(self, async_client: AsyncCloudflare) -> None: + async def test_streaming_response_create_overload_10(self, async_client: AsyncCloudflare) -> None: async with async_client.zero_trust.access.applications.with_streaming_response.create( + domain="test.example.com/admin", target_criteria=[ { "port": 22, @@ -3823,7 +4454,7 @@ async def test_streaming_response_create_overload_9(self, async_client: AsyncClo "target_attributes": {"hostname": ["test-server", "production-server"]}, } ], - type="self_hosted", + type="rdp", account_id="account_id", ) as response: assert not response.is_closed @@ -3836,9 +4467,10 @@ async def test_streaming_response_create_overload_9(self, async_client: AsyncClo @pytest.mark.skip(reason="TODO: investigate broken test") @parametrize - async def test_path_params_create_overload_9(self, async_client: AsyncCloudflare) -> None: + async def test_path_params_create_overload_10(self, async_client: AsyncCloudflare) -> None: with pytest.raises(ValueError, match=r"You must provide either account_id or zone_id"): await async_client.zero_trust.access.applications.with_raw_response.create( + domain="test.example.com/admin", target_criteria=[ { "port": 22, @@ -3846,12 +4478,13 @@ async def test_path_params_create_overload_9(self, async_client: AsyncCloudflare "target_attributes": {"hostname": ["test-server", "production-server"]}, } ], - type="self_hosted", + type="rdp", account_id="", ) with pytest.raises(ValueError, match=r"You must provide either account_id or zone_id"): await async_client.zero_trust.access.applications.with_raw_response.create( + domain="test.example.com/admin", target_criteria=[ { "port": 22, @@ -3859,7 +4492,7 @@ async def test_path_params_create_overload_9(self, async_client: AsyncCloudflare "target_attributes": {"hostname": ["test-server", "production-server"]}, } ], - type="self_hosted", + type="rdp", account_id="account_id", ) @@ -5138,6 +5771,231 @@ async def test_path_params_update_overload_9(self, async_client: AsyncCloudflare account_id="account_id", ) + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + async def test_method_update_overload_10(self, async_client: AsyncCloudflare) -> None: + application = await async_client.zero_trust.access.applications.update( + app_id="023e105f4ecef8ad9ca31a8372d0c353", + domain="test.example.com/admin", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="rdp", + account_id="account_id", + ) + assert_matches_type(Optional[ApplicationUpdateResponse], application, path=["response"]) + + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + async def test_method_update_with_all_params_overload_10(self, async_client: AsyncCloudflare) -> None: + application = await async_client.zero_trust.access.applications.update( + app_id="023e105f4ecef8ad9ca31a8372d0c353", + domain="test.example.com/admin", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="rdp", + account_id="account_id", + allow_authenticate_via_warp=True, + allowed_idps=["699d98642c564d2e855e9661899b7252"], + app_launcher_visible=True, + auto_redirect_to_identity=True, + cors_headers={ + "allow_all_headers": True, + "allow_all_methods": True, + "allow_all_origins": True, + "allow_credentials": True, + "allowed_headers": ["string"], + "allowed_methods": ["GET"], + "allowed_origins": ["https://example.com"], + "max_age": -1, + }, + custom_deny_message="custom_deny_message", + custom_deny_url="custom_deny_url", + custom_non_identity_deny_url="custom_non_identity_deny_url", + custom_pages=["699d98642c564d2e855e9661899b7252"], + destinations=[ + { + "type": "public", + "uri": "test.example.com/admin", + }, + { + "type": "public", + "uri": "test.anotherexample.com/staff", + }, + { + "cidr": "10.5.0.0/24", + "hostname": "hostname", + "l4_protocol": "tcp", + "port_range": "80-90", + "type": "private", + "vnet_id": "vnet_id", + }, + { + "cidr": "10.5.0.3/32", + "hostname": "hostname", + "l4_protocol": "tcp", + "port_range": "80", + "type": "private", + "vnet_id": "vnet_id", + }, + { + "cidr": "cidr", + "hostname": "hostname", + "l4_protocol": "tcp", + "port_range": "port_range", + "type": "private", + "vnet_id": "vnet_id", + }, + ], + enable_binding_cookie=True, + http_only_cookie_attribute=True, + logo_url="https://www.cloudflare.com/img/logo-web-badges/cf-logo-on-white-bg.svg", + name="Admin Site", + options_preflight_bypass=True, + path_cookie_attribute=True, + policies=[ + { + "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", + "precedence": 0, + } + ], + same_site_cookie_attribute="strict", + scim_config={ + "idp_uid": "idp_uid", + "remote_uri": "remote_uri", + "authentication": { + "password": "password", + "scheme": "httpbasic", + "user": "user", + }, + "deactivate_on_delete": True, + "enabled": True, + "mappings": [ + { + "schema": "urn:ietf:params:scim:schemas:core:2.0:User", + "enabled": True, + "filter": 'title pr or userType eq "Intern"', + "operations": { + "create": True, + "delete": True, + "update": True, + }, + "strictness": "strict", + "transform_jsonata": "$merge([$, {'userName': $substringBefore($.userName, '@') & '+test@' & $substringAfter($.userName, '@')}])", + } + ], + }, + self_hosted_domains=["test.example.com/admin", "test.anotherexample.com/staff"], + service_auth_401_redirect=True, + session_duration="24h", + skip_interstitial=True, + tags=["engineers"], + ) + assert_matches_type(Optional[ApplicationUpdateResponse], application, path=["response"]) + + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + async def test_raw_response_update_overload_10(self, async_client: AsyncCloudflare) -> None: + response = await async_client.zero_trust.access.applications.with_raw_response.update( + app_id="023e105f4ecef8ad9ca31a8372d0c353", + domain="test.example.com/admin", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="rdp", + account_id="account_id", + ) + + assert response.is_closed is True + assert response.http_request.headers.get("X-Stainless-Lang") == "python" + application = await response.parse() + assert_matches_type(Optional[ApplicationUpdateResponse], application, path=["response"]) + + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + async def test_streaming_response_update_overload_10(self, async_client: AsyncCloudflare) -> None: + async with async_client.zero_trust.access.applications.with_streaming_response.update( + app_id="023e105f4ecef8ad9ca31a8372d0c353", + domain="test.example.com/admin", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="rdp", + account_id="account_id", + ) as response: + assert not response.is_closed + assert response.http_request.headers.get("X-Stainless-Lang") == "python" + + application = await response.parse() + assert_matches_type(Optional[ApplicationUpdateResponse], application, path=["response"]) + + assert cast(Any, response.is_closed) is True + + @pytest.mark.skip(reason="TODO: investigate broken test") + @parametrize + async def test_path_params_update_overload_10(self, async_client: AsyncCloudflare) -> None: + with pytest.raises(ValueError, match=r"Expected a non-empty value for `app_id` but received ''"): + await async_client.zero_trust.access.applications.with_raw_response.update( + app_id="", + domain="test.example.com/admin", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="rdp", + account_id="account_id", + ) + + with pytest.raises(ValueError, match=r"You must provide either account_id or zone_id"): + await async_client.zero_trust.access.applications.with_raw_response.update( + app_id="023e105f4ecef8ad9ca31a8372d0c353", + domain="test.example.com/admin", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="rdp", + account_id="", + ) + + with pytest.raises(ValueError, match=r"You must provide either account_id or zone_id"): + await async_client.zero_trust.access.applications.with_raw_response.update( + app_id="023e105f4ecef8ad9ca31a8372d0c353", + domain="test.example.com/admin", + target_criteria=[ + { + "port": 22, + "protocol": "ssh", + "target_attributes": {"hostname": ["test-server", "production-server"]}, + } + ], + type="rdp", + account_id="account_id", + ) + @pytest.mark.skip(reason="TODO: investigate broken test") @parametrize async def test_method_list(self, async_client: AsyncCloudflare) -> None: