diff --git a/.stats.yml b/.stats.yml
index 5cc013e4dc..563ec8b4af 100644
--- a/.stats.yml
+++ b/.stats.yml
@@ -1,2 +1,2 @@
-configured_endpoints: 1336
+configured_endpoints: 1343
openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-efdb1c15faba015f2904e7db0946e71b5bd84a6e4b96256aed210e7e0113cf17.yml
diff --git a/api.md b/api.md
index 627609dee8..bb5cf9c693 100644
--- a/api.md
+++ b/api.md
@@ -264,13 +264,6 @@ Methods:
- client.zones.activationCheck.trigger({ ...params }) -> ActivationCheckTriggerResponse
-## DNSSettings
-
-Types:
-
-- DNSSetting
-- Nameserver
-
## Settings
### ZeroRTT
@@ -1414,6 +1407,20 @@ Methods:
- client.dns.records.import({ ...params }) -> RecordImportResponse
- client.dns.records.scan({ ...params }) -> RecordScanResponse
+## Settings
+
+Types:
+
+- DNSSetting
+- Nameserver
+- SettingEditResponse
+- SettingGetResponse
+
+Methods:
+
+- client.dns.settings.edit({ ...params }) -> SettingEditResponse
+- client.dns.settings.get({ ...params }) -> SettingGetResponse
+
## Analytics
### Reports
@@ -4875,6 +4882,24 @@ Methods:
- client.zeroTrust.access.tags.delete(tagName, { ...params }) -> TagDeleteResponse
- client.zeroTrust.access.tags.get(tagName, { ...params }) -> Tag
+### Policies
+
+Types:
+
+- PolicyCreateResponse
+- PolicyUpdateResponse
+- PolicyListResponse
+- PolicyDeleteResponse
+- PolicyGetResponse
+
+Methods:
+
+- client.zeroTrust.access.policies.create({ ...params }) -> PolicyCreateResponse
+- client.zeroTrust.access.policies.update(policyId, { ...params }) -> PolicyUpdateResponse
+- client.zeroTrust.access.policies.list({ ...params }) -> PolicyListResponsesSinglePage
+- client.zeroTrust.access.policies.delete(policyId, { ...params }) -> PolicyDeleteResponse
+- client.zeroTrust.access.policies.get(policyId, { ...params }) -> PolicyGetResponse
+
## DEX
Types:
diff --git a/src/resources/dns/dns.ts b/src/resources/dns/dns.ts
index adda2d0f8e..727b7f505f 100644
--- a/src/resources/dns/dns.ts
+++ b/src/resources/dns/dns.ts
@@ -2,12 +2,14 @@
import { APIResource } from '../../resource';
import * as RecordsAPI from './records';
+import * as SettingsAPI from './settings';
import * as AnalyticsAPI from './analytics/analytics';
import * as FirewallAPI from './firewall/firewall';
import * as AnalyticsAnalyticsAPI from './firewall/analytics/analytics';
export class DNS extends APIResource {
records: RecordsAPI.Records = new RecordsAPI.Records(this._client);
+ settings: SettingsAPI.Settings = new SettingsAPI.Settings(this._client);
analytics: AnalyticsAPI.Analytics = new AnalyticsAPI.Analytics(this._client);
firewall: FirewallAPI.FirewallResource = new FirewallAPI.FirewallResource(this._client);
}
@@ -101,6 +103,13 @@ export namespace DNS {
export import RecordGetParams = RecordsAPI.RecordGetParams;
export import RecordImportParams = RecordsAPI.RecordImportParams;
export import RecordScanParams = RecordsAPI.RecordScanParams;
+ export import Settings = SettingsAPI.Settings;
+ export import DNSSetting = SettingsAPI.DNSSetting;
+ export import Nameserver = SettingsAPI.Nameserver;
+ export import SettingEditResponse = SettingsAPI.SettingEditResponse;
+ export import SettingGetResponse = SettingsAPI.SettingGetResponse;
+ export import SettingEditParams = SettingsAPI.SettingEditParams;
+ export import SettingGetParams = SettingsAPI.SettingGetParams;
export import Analytics = AnalyticsAPI.Analytics;
export import FirewallResource = FirewallAPI.FirewallResource;
export import AttackMitigation = FirewallAPI.AttackMitigation;
diff --git a/src/resources/dns/index.ts b/src/resources/dns/index.ts
index d5aacc7178..1081c10eb5 100644
--- a/src/resources/dns/index.ts
+++ b/src/resources/dns/index.ts
@@ -58,3 +58,12 @@ export {
FirewallResource,
} from './firewall/index';
export { DNS } from './dns';
+export {
+ DNSSetting,
+ Nameserver,
+ SettingEditResponse,
+ SettingGetResponse,
+ SettingEditParams,
+ SettingGetParams,
+ Settings,
+} from './settings';
diff --git a/src/resources/dns/settings.ts b/src/resources/dns/settings.ts
new file mode 100644
index 0000000000..e076e84e63
--- /dev/null
+++ b/src/resources/dns/settings.ts
@@ -0,0 +1,314 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+import * as Core from '../../core';
+import { APIResource } from '../../resource';
+import { isRequestOptions } from '../../core';
+import { CloudflareError } from '../../error';
+import * as SettingsAPI from './settings';
+
+export class Settings extends APIResource {
+ /**
+ * Update DNS settings for an account or zone
+ */
+ edit(params: SettingEditParams, options?: Core.RequestOptions): Core.APIPromise {
+ const { account_id, zone_id, ...body } = params;
+ if (!account_id && !zone_id) {
+ throw new CloudflareError('You must provide either account_id or zone_id.');
+ }
+ if (account_id && zone_id) {
+ throw new CloudflareError('You cannot provide both account_id and zone_id.');
+ }
+ const { accountOrZone, accountOrZoneId } =
+ account_id ?
+ {
+ accountOrZone: 'accounts',
+ accountOrZoneId: account_id,
+ }
+ : {
+ accountOrZone: 'zones',
+ accountOrZoneId: zone_id,
+ };
+ return (
+ this._client.patch(`/${accountOrZone}/${accountOrZoneId}/dns_settings`, {
+ body,
+ ...options,
+ }) as Core.APIPromise<{ result: SettingEditResponse }>
+ )._thenUnwrap((obj) => obj.result);
+ }
+
+ /**
+ * Show DNS settings for an account or zone
+ */
+ get(params?: SettingGetParams, options?: Core.RequestOptions): Core.APIPromise;
+ get(options?: Core.RequestOptions): Core.APIPromise;
+ get(
+ params: SettingGetParams | Core.RequestOptions = {},
+ options?: Core.RequestOptions,
+ ): Core.APIPromise {
+ if (isRequestOptions(params)) {
+ return this.get({}, params);
+ }
+ const { account_id, zone_id } = params;
+ if (!account_id && !zone_id) {
+ throw new CloudflareError('You must provide either account_id or zone_id.');
+ }
+ if (account_id && zone_id) {
+ throw new CloudflareError('You cannot provide both account_id and zone_id.');
+ }
+ const { accountOrZone, accountOrZoneId } =
+ account_id ?
+ {
+ accountOrZone: 'accounts',
+ accountOrZoneId: account_id,
+ }
+ : {
+ accountOrZone: 'zones',
+ accountOrZoneId: zone_id,
+ };
+ return (
+ this._client.get(`/${accountOrZone}/${accountOrZoneId}/dns_settings`, options) as Core.APIPromise<{
+ result: SettingGetResponse;
+ }>
+ )._thenUnwrap((obj) => obj.result);
+ }
+}
+
+export interface DNSSetting {
+ /**
+ * Whether to enable Foundation DNS Advanced Nameservers on the zone.
+ */
+ foundation_dns?: boolean;
+
+ /**
+ * Whether to enable multi-provider DNS, which causes Cloudflare to activate the
+ * zone even when non-Cloudflare NS records exist, and to respect NS records at the
+ * zone apex during outbound zone transfers.
+ */
+ multi_provider?: boolean;
+
+ /**
+ * Settings determining the nameservers through which the zone should be available.
+ */
+ nameservers?: Nameserver;
+
+ /**
+ * The time to live (TTL) of the zone's nameserver (NS) records.
+ */
+ ns_ttl?: number;
+
+ /**
+ * Allows a Secondary DNS zone to use (proxied) override records and CNAME
+ * flattening at the zone apex.
+ */
+ secondary_overrides?: boolean;
+
+ /**
+ * Components of the zone's SOA record.
+ */
+ soa?: DNSSetting.SOA;
+
+ /**
+ * Whether the zone mode is a regular or CDN/DNS only zone.
+ */
+ zone_mode?: 'standard' | 'cdn_only' | 'dns_only';
+}
+
+export namespace DNSSetting {
+ /**
+ * Components of the zone's SOA record.
+ */
+ export interface SOA {
+ /**
+ * Time in seconds of being unable to query the primary server after which
+ * secondary servers should stop serving the zone.
+ */
+ expire: number;
+
+ /**
+ * The time to live (TTL) for negative caching of records within the zone.
+ */
+ min_ttl: number;
+
+ /**
+ * The primary nameserver, which may be used for outbound zone transfers.
+ */
+ mname: string;
+
+ /**
+ * Time in seconds after which secondary servers should re-check the SOA record to
+ * see if the zone has been updated.
+ */
+ refresh: number;
+
+ /**
+ * Time in seconds after which secondary servers should retry queries after the
+ * primary server was unresponsive.
+ */
+ retry: number;
+
+ /**
+ * The email address of the zone administrator, with the first label representing
+ * the local part of the email address.
+ */
+ rname: string;
+
+ /**
+ * The time to live (TTL) of the SOA record itself.
+ */
+ ttl: number;
+ }
+}
+
+export interface DNSSettingParam {
+ /**
+ * Whether to enable Foundation DNS Advanced Nameservers on the zone.
+ */
+ foundation_dns?: boolean;
+
+ /**
+ * Whether to enable multi-provider DNS, which causes Cloudflare to activate the
+ * zone even when non-Cloudflare NS records exist, and to respect NS records at the
+ * zone apex during outbound zone transfers.
+ */
+ multi_provider?: boolean;
+
+ /**
+ * Settings determining the nameservers through which the zone should be available.
+ */
+ nameservers?: NameserverParam;
+
+ /**
+ * The time to live (TTL) of the zone's nameserver (NS) records.
+ */
+ ns_ttl?: number;
+
+ /**
+ * Allows a Secondary DNS zone to use (proxied) override records and CNAME
+ * flattening at the zone apex.
+ */
+ secondary_overrides?: boolean;
+
+ /**
+ * Components of the zone's SOA record.
+ */
+ soa?: DNSSettingParam.SOA;
+
+ /**
+ * Whether the zone mode is a regular or CDN/DNS only zone.
+ */
+ zone_mode?: 'standard' | 'cdn_only' | 'dns_only';
+}
+
+export namespace DNSSettingParam {
+ /**
+ * Components of the zone's SOA record.
+ */
+ export interface SOA {
+ /**
+ * Time in seconds of being unable to query the primary server after which
+ * secondary servers should stop serving the zone.
+ */
+ expire: number;
+
+ /**
+ * The time to live (TTL) for negative caching of records within the zone.
+ */
+ min_ttl: number;
+
+ /**
+ * The primary nameserver, which may be used for outbound zone transfers.
+ */
+ mname: string;
+
+ /**
+ * Time in seconds after which secondary servers should re-check the SOA record to
+ * see if the zone has been updated.
+ */
+ refresh: number;
+
+ /**
+ * Time in seconds after which secondary servers should retry queries after the
+ * primary server was unresponsive.
+ */
+ retry: number;
+
+ /**
+ * The email address of the zone administrator, with the first label representing
+ * the local part of the email address.
+ */
+ rname: string;
+
+ /**
+ * The time to live (TTL) of the SOA record itself.
+ */
+ ttl: number;
+ }
+}
+
+/**
+ * Settings determining the nameservers through which the zone should be available.
+ */
+export interface Nameserver {
+ /**
+ * Nameserver type
+ */
+ type: 'cloudflare.standard';
+}
+
+/**
+ * Settings determining the nameservers through which the zone should be available.
+ */
+export interface NameserverParam {
+ /**
+ * Nameserver type
+ */
+ type: 'cloudflare.standard';
+}
+
+export interface SettingEditResponse {
+ zone_defaults?: DNSSetting;
+}
+
+export interface SettingGetResponse {
+ zone_defaults?: DNSSetting;
+}
+
+export interface SettingEditParams {
+ /**
+ * Path param: The Account ID to use for this endpoint. Mutually exclusive with the
+ * Zone ID.
+ */
+ account_id?: string;
+
+ /**
+ * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the
+ * Account ID.
+ */
+ zone_id?: string;
+
+ /**
+ * Body param:
+ */
+ zone_defaults?: DNSSettingParam;
+}
+
+export interface SettingGetParams {
+ /**
+ * The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.
+ */
+ account_id?: string;
+
+ /**
+ * The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
+ */
+ zone_id?: string;
+}
+
+export namespace Settings {
+ export import DNSSetting = SettingsAPI.DNSSetting;
+ export import Nameserver = SettingsAPI.Nameserver;
+ export import SettingEditResponse = SettingsAPI.SettingEditResponse;
+ export import SettingGetResponse = SettingsAPI.SettingGetResponse;
+ export import SettingEditParams = SettingsAPI.SettingEditParams;
+ export import SettingGetParams = SettingsAPI.SettingGetParams;
+}
diff --git a/src/resources/zero-trust/access/access.ts b/src/resources/zero-trust/access/access.ts
index b0a817d781..8b4f72c7ef 100644
--- a/src/resources/zero-trust/access/access.ts
+++ b/src/resources/zero-trust/access/access.ts
@@ -6,6 +6,7 @@ import * as BookmarksAPI from './bookmarks';
import * as CustomPagesAPI from './custom-pages';
import * as GroupsAPI from './groups';
import * as KeysAPI from './keys';
+import * as PoliciesAPI from './policies';
import * as ServiceTokensAPI from './service-tokens';
import * as TagsAPI from './tags';
import * as ApplicationsAPI from './applications/applications';
@@ -24,6 +25,7 @@ export class Access extends APIResource {
users: UsersAPI.Users = new UsersAPI.Users(this._client);
customPages: CustomPagesAPI.CustomPages = new CustomPagesAPI.CustomPages(this._client);
tags: TagsAPI.Tags = new TagsAPI.Tags(this._client);
+ policies: PoliciesAPI.Policies = new PoliciesAPI.Policies(this._client);
}
/**
@@ -824,4 +826,16 @@ export namespace Access {
export import TagListParams = TagsAPI.TagListParams;
export import TagDeleteParams = TagsAPI.TagDeleteParams;
export import TagGetParams = TagsAPI.TagGetParams;
+ export import Policies = PoliciesAPI.Policies;
+ export import PolicyCreateResponse = PoliciesAPI.PolicyCreateResponse;
+ export import PolicyUpdateResponse = PoliciesAPI.PolicyUpdateResponse;
+ export import PolicyListResponse = PoliciesAPI.PolicyListResponse;
+ export import PolicyDeleteResponse = PoliciesAPI.PolicyDeleteResponse;
+ export import PolicyGetResponse = PoliciesAPI.PolicyGetResponse;
+ export import PolicyListResponsesSinglePage = PoliciesAPI.PolicyListResponsesSinglePage;
+ export import PolicyCreateParams = PoliciesAPI.PolicyCreateParams;
+ export import PolicyUpdateParams = PoliciesAPI.PolicyUpdateParams;
+ export import PolicyListParams = PoliciesAPI.PolicyListParams;
+ export import PolicyDeleteParams = PoliciesAPI.PolicyDeleteParams;
+ export import PolicyGetParams = PoliciesAPI.PolicyGetParams;
}
diff --git a/src/resources/zero-trust/access/index.ts b/src/resources/zero-trust/access/index.ts
index 3998f345b4..245c27d7e2 100644
--- a/src/resources/zero-trust/access/index.ts
+++ b/src/resources/zero-trust/access/index.ts
@@ -99,6 +99,20 @@ export {
Keys,
} from './keys';
export { Logs } from './logs/index';
+export {
+ PolicyCreateResponse,
+ PolicyUpdateResponse,
+ PolicyListResponse,
+ PolicyDeleteResponse,
+ PolicyGetResponse,
+ PolicyCreateParams,
+ PolicyUpdateParams,
+ PolicyListParams,
+ PolicyDeleteParams,
+ PolicyGetParams,
+ PolicyListResponsesSinglePage,
+ Policies,
+} from './policies';
export {
ServiceToken,
ServiceTokenCreateResponse,
diff --git a/src/resources/zero-trust/access/policies.ts b/src/resources/zero-trust/access/policies.ts
new file mode 100644
index 0000000000..a64044f869
--- /dev/null
+++ b/src/resources/zero-trust/access/policies.ts
@@ -0,0 +1,599 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+import * as Core from '../../../core';
+import { APIResource } from '../../../resource';
+import * as PoliciesAPI from './policies';
+import * as AccessAPI from './access';
+import * as ApplicationsAPI from './applications/applications';
+import * as ApplicationsPoliciesAPI from './applications/policies';
+import { SinglePage } from '../../../pagination';
+
+export class Policies extends APIResource {
+ /**
+ * Creates a new Access reusable policy.
+ */
+ create(params: PolicyCreateParams, options?: Core.RequestOptions): Core.APIPromise {
+ const { account_id, ...body } = params;
+ return (
+ this._client.post(`/accounts/${account_id}/access/policies`, { body, ...options }) as Core.APIPromise<{
+ result: PolicyCreateResponse;
+ }>
+ )._thenUnwrap((obj) => obj.result);
+ }
+
+ /**
+ * Updates a Access reusable policy.
+ */
+ update(
+ policyId: string,
+ params: PolicyUpdateParams,
+ options?: Core.RequestOptions,
+ ): Core.APIPromise {
+ const { account_id, ...body } = params;
+ return (
+ this._client.put(`/accounts/${account_id}/access/policies/${policyId}`, {
+ body,
+ ...options,
+ }) as Core.APIPromise<{ result: PolicyUpdateResponse }>
+ )._thenUnwrap((obj) => obj.result);
+ }
+
+ /**
+ * Lists Access reusable policies.
+ */
+ list(
+ params: PolicyListParams,
+ options?: Core.RequestOptions,
+ ): Core.PagePromise {
+ const { account_id } = params;
+ return this._client.getAPIList(
+ `/accounts/${account_id}/access/policies`,
+ PolicyListResponsesSinglePage,
+ options,
+ );
+ }
+
+ /**
+ * Deletes an Access reusable policy.
+ */
+ delete(
+ policyId: string,
+ params: PolicyDeleteParams,
+ options?: Core.RequestOptions,
+ ): Core.APIPromise {
+ const { account_id } = params;
+ return (
+ this._client.delete(`/accounts/${account_id}/access/policies/${policyId}`, options) as Core.APIPromise<{
+ result: PolicyDeleteResponse;
+ }>
+ )._thenUnwrap((obj) => obj.result);
+ }
+
+ /**
+ * Fetches a single Access reusable policy.
+ */
+ get(
+ policyId: string,
+ params: PolicyGetParams,
+ options?: Core.RequestOptions,
+ ): Core.APIPromise {
+ const { account_id } = params;
+ return (
+ this._client.get(`/accounts/${account_id}/access/policies/${policyId}`, options) as Core.APIPromise<{
+ result: PolicyGetResponse;
+ }>
+ )._thenUnwrap((obj) => obj.result);
+ }
+}
+
+export class PolicyListResponsesSinglePage extends SinglePage {}
+
+export interface PolicyCreateResponse {
+ /**
+ * The UUID of the policy
+ */
+ id?: string;
+
+ /**
+ * Number of access applications currently using this policy.
+ */
+ app_count?: number;
+
+ /**
+ * Administrators who can approve a temporary authentication request.
+ */
+ approval_groups?: Array;
+
+ /**
+ * Requires the user to request access from an administrator at the start of each
+ * session.
+ */
+ approval_required?: boolean;
+
+ created_at?: string;
+
+ /**
+ * The action Access will take if a user matches this policy.
+ */
+ decision?: ApplicationsAPI.Decision;
+
+ /**
+ * Rules evaluated with a NOT logical operator. To match the policy, a user cannot
+ * meet any of the Exclude rules.
+ */
+ exclude?: Array;
+
+ /**
+ * Rules evaluated with an OR logical operator. A user needs to meet only one of
+ * the Include rules.
+ */
+ include?: Array;
+
+ /**
+ * Require this application to be served in an isolated browser for users matching
+ * this policy. 'Client Web Isolation' must be on for the account in order to use
+ * this feature.
+ */
+ isolation_required?: boolean;
+
+ /**
+ * The name of the Access policy.
+ */
+ name?: string;
+
+ /**
+ * A custom message that will appear on the purpose justification screen.
+ */
+ purpose_justification_prompt?: string;
+
+ /**
+ * Require users to enter a justification when they log in to the application.
+ */
+ purpose_justification_required?: boolean;
+
+ /**
+ * Rules evaluated with an AND logical operator. To match the policy, a user must
+ * meet all of the Require rules.
+ */
+ require?: Array;
+
+ reusable?: true;
+
+ /**
+ * The amount of time that tokens issued for the application will be valid. Must be
+ * in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s,
+ * m, h.
+ */
+ session_duration?: string;
+
+ updated_at?: string;
+}
+
+export interface PolicyUpdateResponse {
+ /**
+ * The UUID of the policy
+ */
+ id?: string;
+
+ /**
+ * Number of access applications currently using this policy.
+ */
+ app_count?: number;
+
+ /**
+ * Administrators who can approve a temporary authentication request.
+ */
+ approval_groups?: Array;
+
+ /**
+ * Requires the user to request access from an administrator at the start of each
+ * session.
+ */
+ approval_required?: boolean;
+
+ created_at?: string;
+
+ /**
+ * The action Access will take if a user matches this policy.
+ */
+ decision?: ApplicationsAPI.Decision;
+
+ /**
+ * Rules evaluated with a NOT logical operator. To match the policy, a user cannot
+ * meet any of the Exclude rules.
+ */
+ exclude?: Array;
+
+ /**
+ * Rules evaluated with an OR logical operator. A user needs to meet only one of
+ * the Include rules.
+ */
+ include?: Array;
+
+ /**
+ * Require this application to be served in an isolated browser for users matching
+ * this policy. 'Client Web Isolation' must be on for the account in order to use
+ * this feature.
+ */
+ isolation_required?: boolean;
+
+ /**
+ * The name of the Access policy.
+ */
+ name?: string;
+
+ /**
+ * A custom message that will appear on the purpose justification screen.
+ */
+ purpose_justification_prompt?: string;
+
+ /**
+ * Require users to enter a justification when they log in to the application.
+ */
+ purpose_justification_required?: boolean;
+
+ /**
+ * Rules evaluated with an AND logical operator. To match the policy, a user must
+ * meet all of the Require rules.
+ */
+ require?: Array;
+
+ reusable?: true;
+
+ /**
+ * The amount of time that tokens issued for the application will be valid. Must be
+ * in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s,
+ * m, h.
+ */
+ session_duration?: string;
+
+ updated_at?: string;
+}
+
+export interface PolicyListResponse {
+ /**
+ * The UUID of the policy
+ */
+ id?: string;
+
+ /**
+ * Number of access applications currently using this policy.
+ */
+ app_count?: number;
+
+ /**
+ * Administrators who can approve a temporary authentication request.
+ */
+ approval_groups?: Array;
+
+ /**
+ * Requires the user to request access from an administrator at the start of each
+ * session.
+ */
+ approval_required?: boolean;
+
+ created_at?: string;
+
+ /**
+ * The action Access will take if a user matches this policy.
+ */
+ decision?: ApplicationsAPI.Decision;
+
+ /**
+ * Rules evaluated with a NOT logical operator. To match the policy, a user cannot
+ * meet any of the Exclude rules.
+ */
+ exclude?: Array;
+
+ /**
+ * Rules evaluated with an OR logical operator. A user needs to meet only one of
+ * the Include rules.
+ */
+ include?: Array;
+
+ /**
+ * Require this application to be served in an isolated browser for users matching
+ * this policy. 'Client Web Isolation' must be on for the account in order to use
+ * this feature.
+ */
+ isolation_required?: boolean;
+
+ /**
+ * The name of the Access policy.
+ */
+ name?: string;
+
+ /**
+ * A custom message that will appear on the purpose justification screen.
+ */
+ purpose_justification_prompt?: string;
+
+ /**
+ * Require users to enter a justification when they log in to the application.
+ */
+ purpose_justification_required?: boolean;
+
+ /**
+ * Rules evaluated with an AND logical operator. To match the policy, a user must
+ * meet all of the Require rules.
+ */
+ require?: Array;
+
+ reusable?: true;
+
+ /**
+ * The amount of time that tokens issued for the application will be valid. Must be
+ * in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s,
+ * m, h.
+ */
+ session_duration?: string;
+
+ updated_at?: string;
+}
+
+export interface PolicyDeleteResponse {
+ /**
+ * The UUID of the policy
+ */
+ id?: string;
+}
+
+export interface PolicyGetResponse {
+ /**
+ * The UUID of the policy
+ */
+ id?: string;
+
+ /**
+ * Number of access applications currently using this policy.
+ */
+ app_count?: number;
+
+ /**
+ * Administrators who can approve a temporary authentication request.
+ */
+ approval_groups?: Array;
+
+ /**
+ * Requires the user to request access from an administrator at the start of each
+ * session.
+ */
+ approval_required?: boolean;
+
+ created_at?: string;
+
+ /**
+ * The action Access will take if a user matches this policy.
+ */
+ decision?: ApplicationsAPI.Decision;
+
+ /**
+ * Rules evaluated with a NOT logical operator. To match the policy, a user cannot
+ * meet any of the Exclude rules.
+ */
+ exclude?: Array;
+
+ /**
+ * Rules evaluated with an OR logical operator. A user needs to meet only one of
+ * the Include rules.
+ */
+ include?: Array;
+
+ /**
+ * Require this application to be served in an isolated browser for users matching
+ * this policy. 'Client Web Isolation' must be on for the account in order to use
+ * this feature.
+ */
+ isolation_required?: boolean;
+
+ /**
+ * The name of the Access policy.
+ */
+ name?: string;
+
+ /**
+ * A custom message that will appear on the purpose justification screen.
+ */
+ purpose_justification_prompt?: string;
+
+ /**
+ * Require users to enter a justification when they log in to the application.
+ */
+ purpose_justification_required?: boolean;
+
+ /**
+ * Rules evaluated with an AND logical operator. To match the policy, a user must
+ * meet all of the Require rules.
+ */
+ require?: Array;
+
+ reusable?: true;
+
+ /**
+ * The amount of time that tokens issued for the application will be valid. Must be
+ * in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s,
+ * m, h.
+ */
+ session_duration?: string;
+
+ updated_at?: string;
+}
+
+export interface PolicyCreateParams {
+ /**
+ * Path param: Identifier
+ */
+ account_id: string;
+
+ /**
+ * Body param: The action Access will take if a user matches this policy.
+ */
+ decision: ApplicationsAPI.DecisionParam;
+
+ /**
+ * Body param: Rules evaluated with an OR logical operator. A user needs to meet
+ * only one of the Include rules.
+ */
+ include: Array;
+
+ /**
+ * Body param: The name of the Access policy.
+ */
+ name: string;
+
+ /**
+ * Body param: Administrators who can approve a temporary authentication request.
+ */
+ approval_groups?: Array;
+
+ /**
+ * Body param: Requires the user to request access from an administrator at the
+ * start of each session.
+ */
+ approval_required?: boolean;
+
+ /**
+ * Body param: Rules evaluated with a NOT logical operator. To match the policy, a
+ * user cannot meet any of the Exclude rules.
+ */
+ exclude?: Array;
+
+ /**
+ * Body param: Require this application to be served in an isolated browser for
+ * users matching this policy. 'Client Web Isolation' must be on for the account in
+ * order to use this feature.
+ */
+ isolation_required?: boolean;
+
+ /**
+ * Body param: A custom message that will appear on the purpose justification
+ * screen.
+ */
+ purpose_justification_prompt?: string;
+
+ /**
+ * Body param: Require users to enter a justification when they log in to the
+ * application.
+ */
+ purpose_justification_required?: boolean;
+
+ /**
+ * Body param: Rules evaluated with an AND logical operator. To match the policy, a
+ * user must meet all of the Require rules.
+ */
+ require?: Array;
+
+ /**
+ * Body param: The amount of time that tokens issued for the application will be
+ * valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us
+ * (or µs), ms, s, m, h.
+ */
+ session_duration?: string;
+}
+
+export interface PolicyUpdateParams {
+ /**
+ * Path param: Identifier
+ */
+ account_id: string;
+
+ /**
+ * Body param: The action Access will take if a user matches this policy.
+ */
+ decision: ApplicationsAPI.DecisionParam;
+
+ /**
+ * Body param: Rules evaluated with an OR logical operator. A user needs to meet
+ * only one of the Include rules.
+ */
+ include: Array;
+
+ /**
+ * Body param: The name of the Access policy.
+ */
+ name: string;
+
+ /**
+ * Body param: Administrators who can approve a temporary authentication request.
+ */
+ approval_groups?: Array;
+
+ /**
+ * Body param: Requires the user to request access from an administrator at the
+ * start of each session.
+ */
+ approval_required?: boolean;
+
+ /**
+ * Body param: Rules evaluated with a NOT logical operator. To match the policy, a
+ * user cannot meet any of the Exclude rules.
+ */
+ exclude?: Array;
+
+ /**
+ * Body param: Require this application to be served in an isolated browser for
+ * users matching this policy. 'Client Web Isolation' must be on for the account in
+ * order to use this feature.
+ */
+ isolation_required?: boolean;
+
+ /**
+ * Body param: A custom message that will appear on the purpose justification
+ * screen.
+ */
+ purpose_justification_prompt?: string;
+
+ /**
+ * Body param: Require users to enter a justification when they log in to the
+ * application.
+ */
+ purpose_justification_required?: boolean;
+
+ /**
+ * Body param: Rules evaluated with an AND logical operator. To match the policy, a
+ * user must meet all of the Require rules.
+ */
+ require?: Array;
+
+ /**
+ * Body param: The amount of time that tokens issued for the application will be
+ * valid. Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us
+ * (or µs), ms, s, m, h.
+ */
+ session_duration?: string;
+}
+
+export interface PolicyListParams {
+ /**
+ * Identifier
+ */
+ account_id: string;
+}
+
+export interface PolicyDeleteParams {
+ /**
+ * Identifier
+ */
+ account_id: string;
+}
+
+export interface PolicyGetParams {
+ /**
+ * Identifier
+ */
+ account_id: string;
+}
+
+export namespace Policies {
+ export import PolicyCreateResponse = PoliciesAPI.PolicyCreateResponse;
+ export import PolicyUpdateResponse = PoliciesAPI.PolicyUpdateResponse;
+ export import PolicyListResponse = PoliciesAPI.PolicyListResponse;
+ export import PolicyDeleteResponse = PoliciesAPI.PolicyDeleteResponse;
+ export import PolicyGetResponse = PoliciesAPI.PolicyGetResponse;
+ export import PolicyListResponsesSinglePage = PoliciesAPI.PolicyListResponsesSinglePage;
+ export import PolicyCreateParams = PoliciesAPI.PolicyCreateParams;
+ export import PolicyUpdateParams = PoliciesAPI.PolicyUpdateParams;
+ export import PolicyListParams = PoliciesAPI.PolicyListParams;
+ export import PolicyDeleteParams = PoliciesAPI.PolicyDeleteParams;
+ export import PolicyGetParams = PoliciesAPI.PolicyGetParams;
+}
diff --git a/src/resources/zones/dns-settings.ts b/src/resources/zones/dns-settings.ts
deleted file mode 100644
index a3806dfe82..0000000000
--- a/src/resources/zones/dns-settings.ts
+++ /dev/null
@@ -1,107 +0,0 @@
-// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-import { APIResource } from '../../resource';
-import * as DNSSettingsAPI from './dns-settings';
-
-export class DNSSettings extends APIResource {}
-
-export interface DNSSetting {
- /**
- * Whether to enable Foundation DNS Advanced Nameservers on the zone.
- */
- foundation_dns?: boolean;
-
- /**
- * Whether to enable multi-provider DNS, which causes Cloudflare to activate the
- * zone even when non-Cloudflare NS records exist, and to respect NS records at the
- * zone apex during outbound zone transfers.
- */
- multi_provider?: boolean;
-
- /**
- * Settings determining the nameservers through which the zone should be available.
- */
- nameservers?: Nameserver;
-
- /**
- * The time to live (TTL) of the zone's nameserver (NS) records.
- */
- ns_ttl?: number;
-
- /**
- * Allows a Secondary DNS zone to use (proxied) override records and CNAME
- * flattening at the zone apex.
- */
- secondary_overrides?: boolean;
-
- /**
- * Components of the zone's SOA record.
- */
- soa?: DNSSetting.SOA;
-
- /**
- * Whether the zone mode is a regular or CDN/DNS only zone.
- */
- zone_mode?: 'standard' | 'cdn_only' | 'dns_only';
-}
-
-export namespace DNSSetting {
- /**
- * Components of the zone's SOA record.
- */
- export interface SOA {
- /**
- * Time in seconds of being unable to query the primary server after which
- * secondary servers should stop serving the zone.
- */
- expire: number;
-
- /**
- * The time to live (TTL) for negative caching of records within the zone.
- */
- min_ttl: number;
-
- /**
- * The primary nameserver, which may be used for outbound zone transfers.
- */
- mname: string;
-
- /**
- * Time in seconds after which secondary servers should re-check the SOA record to
- * see if the zone has been updated.
- */
- refresh: number;
-
- /**
- * Time in seconds after which secondary servers should retry queries after the
- * primary server was unresponsive.
- */
- retry: number;
-
- /**
- * The email address of the zone administrator, with the first label representing
- * the local part of the email address.
- */
- rname: string;
-
- /**
- * The time to live (TTL) of the SOA record itself.
- */
- ttl: number;
- }
-}
-
-/**
- * Settings determining the nameservers through which the zone should be available.
- */
-export interface Nameserver {
- /**
- * Nameserver type
- */
- type: 'cloudflare.standard';
-}
-
-export namespace DNSSettings {
- export import DNSSetting = DNSSettingsAPI.DNSSetting;
- export import Nameserver = DNSSettingsAPI.Nameserver;
-}
diff --git a/src/resources/zones/index.ts b/src/resources/zones/index.ts
index 9a102069c9..8a628468f2 100644
--- a/src/resources/zones/index.ts
+++ b/src/resources/zones/index.ts
@@ -12,7 +12,6 @@ export {
CustomNameserverGetParams,
CustomNameservers,
} from './custom-nameservers';
-export { DNSSetting, Nameserver, DNSSettings } from './dns-settings';
export { Settings } from './settings/index';
export {
SubscriptionCreateResponse,
diff --git a/src/resources/zones/zones.ts b/src/resources/zones/zones.ts
index b0e6c94bf3..4bcdbcc039 100644
--- a/src/resources/zones/zones.ts
+++ b/src/resources/zones/zones.ts
@@ -5,7 +5,6 @@ import { APIResource } from '../../resource';
import { isRequestOptions } from '../../core';
import * as ActivationCheckAPI from './activation-check';
import * as CustomNameserversAPI from './custom-nameservers';
-import * as DNSSettingsAPI from './dns-settings';
import * as HoldsAPI from './holds';
import * as SubscriptionsAPI from './subscriptions';
import * as SettingsAPI from './settings/settings';
@@ -13,7 +12,6 @@ import { V4PagePaginationArray, type V4PagePaginationArrayParams } from '../../p
export class Zones extends APIResource {
activationCheck: ActivationCheckAPI.ActivationCheck = new ActivationCheckAPI.ActivationCheck(this._client);
- dnsSettings: DNSSettingsAPI.DNSSettings = new DNSSettingsAPI.DNSSettings(this._client);
settings: SettingsAPI.Settings = new SettingsAPI.Settings(this._client);
customNameservers: CustomNameserversAPI.CustomNameservers = new CustomNameserversAPI.CustomNameservers(
this._client,
@@ -401,9 +399,6 @@ export namespace Zones {
export import ActivationCheck = ActivationCheckAPI.ActivationCheck;
export import ActivationCheckTriggerResponse = ActivationCheckAPI.ActivationCheckTriggerResponse;
export import ActivationCheckTriggerParams = ActivationCheckAPI.ActivationCheckTriggerParams;
- export import DNSSettings = DNSSettingsAPI.DNSSettings;
- export import DNSSetting = DNSSettingsAPI.DNSSetting;
- export import Nameserver = DNSSettingsAPI.Nameserver;
export import Settings = SettingsAPI.Settings;
export import CustomNameservers = CustomNameserversAPI.CustomNameservers;
export import CustomNameserverUpdateResponse = CustomNameserversAPI.CustomNameserverUpdateResponse;
diff --git a/tests/api-resources/dns/settings.test.ts b/tests/api-resources/dns/settings.test.ts
new file mode 100644
index 0000000000..2df8c2bbff
--- /dev/null
+++ b/tests/api-resources/dns/settings.test.ts
@@ -0,0 +1,34 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+import Cloudflare from 'cloudflare';
+import { Response } from 'node-fetch';
+
+const cloudflare = new Cloudflare({
+ apiKey: '144c9defac04969c7bfad8efaa8ea194',
+ apiEmail: 'user@example.com',
+ baseURL: process.env['TEST_API_BASE_URL'] ?? 'http://127.0.0.1:4010',
+});
+
+describe('resource settings', () => {
+ test('edit', async () => {
+ const responsePromise = cloudflare.dns.settings.edit({ account_id: 'string' });
+ const rawResponse = await responsePromise.asResponse();
+ expect(rawResponse).toBeInstanceOf(Response);
+ const response = await responsePromise;
+ expect(response).not.toBeInstanceOf(Response);
+ const dataAndResponse = await responsePromise.withResponse();
+ expect(dataAndResponse.data).toBe(response);
+ expect(dataAndResponse.response).toBe(rawResponse);
+ });
+
+ test('get', async () => {
+ const responsePromise = cloudflare.dns.settings.get({ account_id: 'string' });
+ const rawResponse = await responsePromise.asResponse();
+ expect(rawResponse).toBeInstanceOf(Response);
+ const response = await responsePromise;
+ expect(response).not.toBeInstanceOf(Response);
+ const dataAndResponse = await responsePromise.withResponse();
+ expect(dataAndResponse.data).toBe(response);
+ expect(dataAndResponse.response).toBe(rawResponse);
+ });
+});
diff --git a/tests/api-resources/zero-trust/access/policies.test.ts b/tests/api-resources/zero-trust/access/policies.test.ts
new file mode 100644
index 0000000000..2cc044f82f
--- /dev/null
+++ b/tests/api-resources/zero-trust/access/policies.test.ts
@@ -0,0 +1,197 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+import Cloudflare from 'cloudflare';
+import { Response } from 'node-fetch';
+
+const cloudflare = new Cloudflare({
+ apiKey: '144c9defac04969c7bfad8efaa8ea194',
+ apiEmail: 'user@example.com',
+ baseURL: process.env['TEST_API_BASE_URL'] ?? 'http://127.0.0.1:4010',
+});
+
+describe('resource policies', () => {
+ test('create: only required params', async () => {
+ const responsePromise = cloudflare.zeroTrust.access.policies.create({
+ account_id: '023e105f4ecef8ad9ca31a8372d0c353',
+ decision: 'allow',
+ include: [
+ { email: { email: 'test@example.com' } },
+ { email: { email: 'test@example.com' } },
+ { email: { email: 'test@example.com' } },
+ ],
+ name: 'Allow devs',
+ });
+ const rawResponse = await responsePromise.asResponse();
+ expect(rawResponse).toBeInstanceOf(Response);
+ const response = await responsePromise;
+ expect(response).not.toBeInstanceOf(Response);
+ const dataAndResponse = await responsePromise.withResponse();
+ expect(dataAndResponse.data).toBe(response);
+ expect(dataAndResponse.response).toBe(rawResponse);
+ });
+
+ test('create: required and optional params', async () => {
+ const response = await cloudflare.zeroTrust.access.policies.create({
+ account_id: '023e105f4ecef8ad9ca31a8372d0c353',
+ decision: 'allow',
+ include: [
+ { email: { email: 'test@example.com' } },
+ { email: { email: 'test@example.com' } },
+ { email: { email: 'test@example.com' } },
+ ],
+ name: 'Allow devs',
+ approval_groups: [
+ {
+ approvals_needed: 1,
+ email_addresses: ['test1@cloudflare.com', 'test2@cloudflare.com'],
+ email_list_uuid: 'string',
+ },
+ {
+ approvals_needed: 3,
+ email_addresses: ['test@cloudflare.com', 'test2@cloudflare.com'],
+ email_list_uuid: '597147a1-976b-4ef2-9af0-81d5d007fc34',
+ },
+ ],
+ approval_required: true,
+ exclude: [
+ { email: { email: 'test@example.com' } },
+ { email: { email: 'test@example.com' } },
+ { email: { email: 'test@example.com' } },
+ ],
+ isolation_required: false,
+ purpose_justification_prompt: 'Please enter a justification for entering this protected domain.',
+ purpose_justification_required: true,
+ require: [
+ { email: { email: 'test@example.com' } },
+ { email: { email: 'test@example.com' } },
+ { email: { email: 'test@example.com' } },
+ ],
+ session_duration: '24h',
+ });
+ });
+
+ test('update: only required params', async () => {
+ const responsePromise = cloudflare.zeroTrust.access.policies.update(
+ 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415',
+ {
+ account_id: '023e105f4ecef8ad9ca31a8372d0c353',
+ decision: 'allow',
+ include: [
+ { email: { email: 'test@example.com' } },
+ { email: { email: 'test@example.com' } },
+ { email: { email: 'test@example.com' } },
+ ],
+ name: 'Allow devs',
+ },
+ );
+ const rawResponse = await responsePromise.asResponse();
+ expect(rawResponse).toBeInstanceOf(Response);
+ const response = await responsePromise;
+ expect(response).not.toBeInstanceOf(Response);
+ const dataAndResponse = await responsePromise.withResponse();
+ expect(dataAndResponse.data).toBe(response);
+ expect(dataAndResponse.response).toBe(rawResponse);
+ });
+
+ test('update: required and optional params', async () => {
+ const response = await cloudflare.zeroTrust.access.policies.update(
+ 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415',
+ {
+ account_id: '023e105f4ecef8ad9ca31a8372d0c353',
+ decision: 'allow',
+ include: [
+ { email: { email: 'test@example.com' } },
+ { email: { email: 'test@example.com' } },
+ { email: { email: 'test@example.com' } },
+ ],
+ name: 'Allow devs',
+ approval_groups: [
+ {
+ approvals_needed: 1,
+ email_addresses: ['test1@cloudflare.com', 'test2@cloudflare.com'],
+ email_list_uuid: 'string',
+ },
+ {
+ approvals_needed: 3,
+ email_addresses: ['test@cloudflare.com', 'test2@cloudflare.com'],
+ email_list_uuid: '597147a1-976b-4ef2-9af0-81d5d007fc34',
+ },
+ ],
+ approval_required: true,
+ exclude: [
+ { email: { email: 'test@example.com' } },
+ { email: { email: 'test@example.com' } },
+ { email: { email: 'test@example.com' } },
+ ],
+ isolation_required: false,
+ purpose_justification_prompt: 'Please enter a justification for entering this protected domain.',
+ purpose_justification_required: true,
+ require: [
+ { email: { email: 'test@example.com' } },
+ { email: { email: 'test@example.com' } },
+ { email: { email: 'test@example.com' } },
+ ],
+ session_duration: '24h',
+ },
+ );
+ });
+
+ test('list: only required params', async () => {
+ const responsePromise = cloudflare.zeroTrust.access.policies.list({
+ account_id: '023e105f4ecef8ad9ca31a8372d0c353',
+ });
+ const rawResponse = await responsePromise.asResponse();
+ expect(rawResponse).toBeInstanceOf(Response);
+ const response = await responsePromise;
+ expect(response).not.toBeInstanceOf(Response);
+ const dataAndResponse = await responsePromise.withResponse();
+ expect(dataAndResponse.data).toBe(response);
+ expect(dataAndResponse.response).toBe(rawResponse);
+ });
+
+ test('list: required and optional params', async () => {
+ const response = await cloudflare.zeroTrust.access.policies.list({
+ account_id: '023e105f4ecef8ad9ca31a8372d0c353',
+ });
+ });
+
+ test('delete: only required params', async () => {
+ const responsePromise = cloudflare.zeroTrust.access.policies.delete(
+ 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415',
+ { account_id: '023e105f4ecef8ad9ca31a8372d0c353' },
+ );
+ const rawResponse = await responsePromise.asResponse();
+ expect(rawResponse).toBeInstanceOf(Response);
+ const response = await responsePromise;
+ expect(response).not.toBeInstanceOf(Response);
+ const dataAndResponse = await responsePromise.withResponse();
+ expect(dataAndResponse.data).toBe(response);
+ expect(dataAndResponse.response).toBe(rawResponse);
+ });
+
+ test('delete: required and optional params', async () => {
+ const response = await cloudflare.zeroTrust.access.policies.delete(
+ 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415',
+ { account_id: '023e105f4ecef8ad9ca31a8372d0c353' },
+ );
+ });
+
+ test('get: only required params', async () => {
+ const responsePromise = cloudflare.zeroTrust.access.policies.get('f174e90a-fafe-4643-bbbc-4a0ed4fc8415', {
+ account_id: '023e105f4ecef8ad9ca31a8372d0c353',
+ });
+ const rawResponse = await responsePromise.asResponse();
+ expect(rawResponse).toBeInstanceOf(Response);
+ const response = await responsePromise;
+ expect(response).not.toBeInstanceOf(Response);
+ const dataAndResponse = await responsePromise.withResponse();
+ expect(dataAndResponse.data).toBe(response);
+ expect(dataAndResponse.response).toBe(rawResponse);
+ });
+
+ test('get: required and optional params', async () => {
+ const response = await cloudflare.zeroTrust.access.policies.get('f174e90a-fafe-4643-bbbc-4a0ed4fc8415', {
+ account_id: '023e105f4ecef8ad9ca31a8372d0c353',
+ });
+ });
+});