AUTH-5608 added warp auth fields to access organizations and apps

.changelog/1496.txt

@@ -0,0 +1,4 @@
+```release-note:enhancement
+access_application: Add support for allow_authenticate_via_warp
+access_organization: Add support for allow_authenticate_via_warp and warp_auth_session_duration
+```

access_application.go

@@ -52,6 +52,7 @@ type AccessApplication struct {
 	HttpOnlyCookieAttribute  *bool                          `json:"http_only_cookie_attribute,omitempty"`
 	ServiceAuth401Redirect   *bool                          `json:"service_auth_401_redirect,omitempty"`
 	PathCookieAttribute      *bool                          `json:"path_cookie_attribute,omitempty"`
+	AllowAuthenticateViaWarp *bool                          `json:"allow_authenticate_via_warp,omitempty"`
 	CustomPages              []string                       `json:"custom_pages,omitempty"`
 	Tags                     []string                       `json:"tags,omitempty"`
 	AccessAppLauncherCustomization
@@ -166,6 +167,7 @@ type CreateAccessApplicationParams struct {
 	SessionDuration          string                         `json:"session_duration,omitempty"`
 	SkipInterstitial         *bool                          `json:"skip_interstitial,omitempty"`
 	Type                     AccessApplicationType          `json:"type,omitempty"`
+	AllowAuthenticateViaWarp *bool                          `json:"allow_authenticate_via_warp,omitempty"`
 	CustomPages              []string                       `json:"custom_pages,omitempty"`
 	Tags                     []string                       `json:"tags,omitempty"`
 	AccessAppLauncherCustomization
@@ -196,6 +198,7 @@ type UpdateAccessApplicationParams struct {
 	SessionDuration          string                         `json:"session_duration,omitempty"`
 	SkipInterstitial         *bool                          `json:"skip_interstitial,omitempty"`
 	Type                     AccessApplicationType          `json:"type,omitempty"`
+	AllowAuthenticateViaWarp *bool                          `json:"allow_authenticate_via_warp,omitempty"`
 	CustomPages              []string                       `json:"custom_pages,omitempty"`
 	Tags                     []string                       `json:"tags,omitempty"`
 	AccessAppLauncherCustomization

access_application_test.go

@@ -49,7 +49,8 @@ func TestAccessApplications(t *testing.T) {
 					"service_auth_401_redirect": true,
 					"path_cookie_attribute": true,
 					"custom_pages": ["480f4f69-1a28-4fdd-9240-1ed29f0ac1dc"],
-					"tags": ["engineers"]
+					"tags": ["engineers"],
+					"allow_authenticate_via_warp": true
 				}
 			],
 			"result_info": {
@@ -89,6 +90,7 @@ func TestAccessApplications(t *testing.T) {
 		CustomPages:              []string{"480f4f69-1a28-4fdd-9240-1ed29f0ac1dc"},
 		Tags:                     []string{"engineers"},
 		CustomNonIdentityDenyURL: "https://blocked.com",
+		AllowAuthenticateViaWarp: BoolPtr(true),
 	}}
 
 	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps", handler)
@@ -140,7 +142,8 @@ func TestAccessApplication(t *testing.T) {
 				"app_launcher_visible": true,
 				"service_auth_401_redirect": true,
 				"http_only_cookie_attribute": false,
-				"path_cookie_attribute": false
+				"path_cookie_attribute": false,
+				"allow_authenticate_via_warp": false
 			}
 		}
 		`)
@@ -171,6 +174,7 @@ func TestAccessApplication(t *testing.T) {
 		HttpOnlyCookieAttribute:  BoolPtr(false),
 		PathCookieAttribute:      BoolPtr(false),
 		CustomNonIdentityDenyURL: "https://blocked.com",
+		AllowAuthenticateViaWarp: BoolPtr(false),
 	}
 
 	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
@@ -221,7 +225,8 @@ func TestCreateAccessApplications(t *testing.T) {
 				"skip_interstitial": true,
 				"app_launcher_visible": true,
 				"service_auth_401_redirect": true,
-				"tags": ["engineers"]
+				"tags": ["engineers"],
+				"allow_authenticate_via_warp": false
 			}
 		}
 		`)
@@ -250,6 +255,7 @@ func TestCreateAccessApplications(t *testing.T) {
 		UpdatedAt:                &updatedAt,
 		CustomNonIdentityDenyURL: "https://blocked.com",
 		Tags:                     []string{"engineers"},
+		AllowAuthenticateViaWarp: BoolPtr(false),
 	}
 
 	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps", handler)
@@ -308,7 +314,8 @@ func TestUpdateAccessApplication(t *testing.T) {
 				"skip_interstitial": true,
 				"app_launcher_visible": true,
 				"service_auth_401_redirect": true,
-				"tags": ["engineers"]
+				"tags": ["engineers"],
+				"allow_authenticate_via_warp": true
 			}
 		}
 		`)
@@ -333,6 +340,7 @@ func TestUpdateAccessApplication(t *testing.T) {
 		CustomNonIdentityDenyURL: "https://blocked.com",
 		Tags:                     []string{"engineers"},
 		SkipInterstitial:         BoolPtr(true),
+		AllowAuthenticateViaWarp: BoolPtr(true),
 		CreatedAt:                &createdAt,
 		UpdatedAt:                &updatedAt,
 	}
@@ -356,6 +364,7 @@ func TestUpdateAccessApplication(t *testing.T) {
 		SkipInterstitial:         BoolPtr(true),
 		CustomNonIdentityDenyURL: "https://blocked.com",
 		Tags:                     []string{"engineers"},
+		AllowAuthenticateViaWarp: BoolPtr(true),
 	}
 
 	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)

access_organization.go

@@ -22,6 +22,8 @@ type AccessOrganization struct {
 	AutoRedirectToIdentity         *bool                         `json:"auto_redirect_to_identity,omitempty"`
 	SessionDuration                *string                       `json:"session_duration,omitempty"`
 	CustomPages                    AccessOrganizationCustomPages `json:"custom_pages,omitempty"`
+	WarpAuthSessionDuration        *string                       `json:"warp_auth_session_duration,omitempty"`
+	AllowAuthenticateViaWarp       *bool                         `json:"allow_authenticate_via_warp,omitempty"`
 }
 
 // AccessOrganizationLoginDesign represents the login design options.
@@ -67,6 +69,8 @@ type CreateAccessOrganizationParams struct {
 	AutoRedirectToIdentity         *bool                         `json:"auto_redirect_to_identity,omitempty"`
 	SessionDuration                *string                       `json:"session_duration,omitempty"`
 	CustomPages                    AccessOrganizationCustomPages `json:"custom_pages,omitempty"`
+	WarpAuthSessionDuration        *string                       `json:"warp_auth_session_duration,omitempty"`
+	AllowAuthenticateViaWarp       *bool                         `json:"allow_authenticate_via_warp,omitempty"`
 }
 
 type UpdateAccessOrganizationParams struct {
@@ -79,6 +83,8 @@ type UpdateAccessOrganizationParams struct {
 	AutoRedirectToIdentity         *bool                         `json:"auto_redirect_to_identity,omitempty"`
 	SessionDuration                *string                       `json:"session_duration,omitempty"`
 	CustomPages                    AccessOrganizationCustomPages `json:"custom_pages,omitempty"`
+	WarpAuthSessionDuration        *string                       `json:"warp_auth_session_duration,omitempty"`
+	AllowAuthenticateViaWarp       *bool                         `json:"allow_authenticate_via_warp,omitempty"`
 }
 
 func (api *API) GetAccessOrganization(ctx context.Context, rc *ResourceContainer, params GetAccessOrganizationParams) (AccessOrganization, ResultInfo, error) {

access_organization_test.go

@@ -29,6 +29,8 @@ func TestAccessOrganization(t *testing.T) {
 				"is_ui_read_only": false,
 				"user_seat_expiration_inactive_time": "720h",
 				"auto_redirect_to_identity": true,
+				"allow_authenticate_via_warp": true,
+				"warp_auth_session_duration": "24h",
 				"session_duration": "12h",
 				"login_design": {
 					"background_color": "#c5ed1b",
@@ -46,10 +48,12 @@ func TestAccessOrganization(t *testing.T) {
 	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
 
 	want := AccessOrganization{
-		Name:       "Widget Corps Internal Applications",
-		CreatedAt:  &createdAt,
-		UpdatedAt:  &updatedAt,
-		AuthDomain: "test.cloudflareaccess.com",
+		Name:                     "Widget Corps Internal Applications",
+		CreatedAt:                &createdAt,
+		UpdatedAt:                &updatedAt,
+		AuthDomain:               "test.cloudflareaccess.com",
+		AllowAuthenticateViaWarp: BoolPtr(true),
+		WarpAuthSessionDuration:  StringPtr("24h"),
 		LoginDesign: AccessOrganizationLoginDesign{
 			BackgroundColor: "#c5ed1b",
 			LogoPath:        "https://example.com/logo.png",
@@ -96,6 +100,8 @@ func TestCreateAccessOrganization(t *testing.T) {
 				"updated_at": "2014-01-01T05:20:00.12345Z",
 				"name": "Widget Corps Internal Applications",
 				"auth_domain": "test.cloudflareaccess.com",
+				"allow_authenticate_via_warp": true,
+				"warp_auth_session_duration": "24h",
 				"is_ui_read_only": true,
 				"session_duration": "12h",
 				"login_design": {
@@ -114,10 +120,12 @@ func TestCreateAccessOrganization(t *testing.T) {
 	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
 
 	want := AccessOrganization{
-		CreatedAt:  &createdAt,
-		UpdatedAt:  &updatedAt,
-		Name:       "Widget Corps Internal Applications",
-		AuthDomain: "test.cloudflareaccess.com",
+		CreatedAt:                &createdAt,
+		UpdatedAt:                &updatedAt,
+		Name:                     "Widget Corps Internal Applications",
+		AuthDomain:               "test.cloudflareaccess.com",
+		AllowAuthenticateViaWarp: BoolPtr(true),
+		WarpAuthSessionDuration:  StringPtr("24h"),
 		LoginDesign: AccessOrganizationLoginDesign{
 			BackgroundColor: "#c5ed1b",
 			LogoPath:        "https://example.com/logo.png",
@@ -186,6 +194,8 @@ func TestUpdateAccessOrganization(t *testing.T) {
 				"updated_at": "2014-01-01T05:20:00.12345Z",
 				"name": "Widget Corps Internal Applications",
 				"auth_domain": "test.cloudflareaccess.com",
+				"allow_authenticate_via_warp": false,
+				"warp_auth_session_duration": "18h",
 				"login_design": {
 					"background_color": "#c5ed1b",
 					"logo_path": "https://example.com/logo.png",
@@ -205,10 +215,12 @@ func TestUpdateAccessOrganization(t *testing.T) {
 	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
 
 	want := AccessOrganization{
-		CreatedAt:  &createdAt,
-		UpdatedAt:  &updatedAt,
-		Name:       "Widget Corps Internal Applications",
-		AuthDomain: "test.cloudflareaccess.com",
+		CreatedAt:                &createdAt,
+		UpdatedAt:                &updatedAt,
+		Name:                     "Widget Corps Internal Applications",
+		AuthDomain:               "test.cloudflareaccess.com",
+		WarpAuthSessionDuration:  StringPtr("18h"),
+		AllowAuthenticateViaWarp: BoolPtr(false),
 		LoginDesign: AccessOrganizationLoginDesign{
 			BackgroundColor: "#c5ed1b",
 			LogoPath:        "https://example.com/logo.png",
@@ -233,9 +245,11 @@ func TestUpdateAccessOrganization(t *testing.T) {
 			HeaderText:      "Widget Corp",
 			FooterText:      "© Widget Corp",
 		},
-		IsUIReadOnly:           BoolPtr(false),
-		SessionDuration:        StringPtr("12h"),
-		UIReadOnlyToggleReason: "this is my reason",
+		WarpAuthSessionDuration:  StringPtr("18h"),
+		AllowAuthenticateViaWarp: BoolPtr(false),
+		IsUIReadOnly:             BoolPtr(false),
+		SessionDuration:          StringPtr("12h"),
+		UIReadOnlyToggleReason:   "this is my reason",
 	})
 
 	if assert.NoError(t, err) {
@@ -254,9 +268,11 @@ func TestUpdateAccessOrganization(t *testing.T) {
 			HeaderText:      "Widget Corp",
 			FooterText:      "© Widget Corp",
 		},
-		IsUIReadOnly:           BoolPtr(false),
-		UIReadOnlyToggleReason: "this is my reason",
-		SessionDuration:        StringPtr("12h"),
+		WarpAuthSessionDuration:  StringPtr("18h"),
+		AllowAuthenticateViaWarp: BoolPtr(false),
+		IsUIReadOnly:             BoolPtr(false),
+		UIReadOnlyToggleReason:   "this is my reason",
+		SessionDuration:          StringPtr("12h"),
 	})
 
 	if assert.NoError(t, err) {