feat(api): api update (#2530)

Author: stainless-app[bot]

.stats.yml

@@ -1,2 +1,2 @@
 configured_endpoints: 1610
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-91d71a629cc30d744baf4c6a66cdb1e555771ed0db80e1b087382ac18cf74320.yml
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-c67ca5f54093e3d909783554271864f85662d971a37d24f98ac81f68db5c79fc.yml

src/cloudflare/resources/zero_trust/access/applications/applications.py

@@ -111,6 +111,19 @@
     "InfrastructureApplicationPolicy",
     "InfrastructureApplicationPolicyConnectionRules",
     "InfrastructureApplicationPolicyConnectionRulesSSH",
+    "BrowserRdpApplication",
+    "BrowserRdpApplicationTargetCriterion",
+    "BrowserRdpApplicationDestination",
+    "BrowserRdpApplicationDestinationPublicDestination",
+    "BrowserRdpApplicationDestinationPrivateDestination",
+    "BrowserRdpApplicationPolicy",
+    "BrowserRdpApplicationPolicyAccessAppPolicyLink",
+    "BrowserRdpApplicationPolicyUnionMember2",
+    "BrowserRdpApplicationSCIMConfig",
+    "BrowserRdpApplicationSCIMConfigAuthentication",
+    "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
+    "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication",
+    "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken",
 ]
 
 
@@ -2217,6 +2230,355 @@ class InfrastructureApplicationPolicy(TypedDict, total=False):
     """
 
 
+class BrowserRdpApplication(TypedDict, total=False):
+    domain: Required[str]
+    """The primary hostname and path secured by Access.
+
+    This domain will be displayed if the app is visible in the App Launcher.
+    """
+
+    target_criteria: Required[Iterable[BrowserRdpApplicationTargetCriterion]]
+
+    type: Required[str]
+    """The application type."""
+
+    account_id: str
+    """The Account ID to use for this endpoint. Mutually exclusive with the Zone ID."""
+
+    zone_id: str
+    """The Zone ID to use for this endpoint. Mutually exclusive with the Account ID."""
+
+    allow_authenticate_via_warp: bool
+    """
+    When set to true, users can authenticate to this application using their WARP
+    session. When set to false this application will always require direct IdP
+    authentication. This setting always overrides the organization setting for WARP
+    authentication.
+    """
+
+    allowed_idps: List[AllowedIdPs]
+    """The identity providers your users can select when connecting to this
+    application.
+
+    Defaults to all IdPs configured in your account.
+    """
+
+    app_launcher_visible: bool
+    """Displays the application in the App Launcher."""
+
+    auto_redirect_to_identity: bool
+    """When set to `true`, users skip the identity provider selection step during
+    login.
+
+    You must specify only one identity provider in allowed_idps.
+    """
+
+    cors_headers: CORSHeadersParam
+
+    custom_deny_message: str
+    """
+    The custom error message shown to a user when they are denied access to the
+    application.
+    """
+
+    custom_deny_url: str
+    """
+    The custom URL a user is redirected to when they are denied access to the
+    application when failing identity-based rules.
+    """
+
+    custom_non_identity_deny_url: str
+    """
+    The custom URL a user is redirected to when they are denied access to the
+    application when failing non-identity rules.
+    """
+
+    custom_pages: List[str]
+    """The custom pages that will be displayed when applicable for this application"""
+
+    destinations: Iterable[BrowserRdpApplicationDestination]
+    """List of destinations secured by Access.
+
+    This supersedes `self_hosted_domains` to allow for more flexibility in defining
+    different types of domains. If `destinations` are provided, then
+    `self_hosted_domains` will be ignored.
+    """
+
+    enable_binding_cookie: bool
+    """
+    Enables the binding cookie, which increases security against compromised
+    authorization tokens and CSRF attacks.
+    """
+
+    http_only_cookie_attribute: bool
+    """
+    Enables the HttpOnly cookie attribute, which increases security against XSS
+    attacks.
+    """
+
+    logo_url: str
+    """The image URL for the logo shown in the App Launcher dashboard."""
+
+    name: str
+    """The name of the application."""
+
+    options_preflight_bypass: bool
+    """
+    Allows options preflight requests to bypass Access authentication and go
+    directly to the origin. Cannot turn on if cors_headers is set.
+    """
+
+    path_cookie_attribute: bool
+    """Enables cookie paths to scope an application's JWT to the application path.
+
+    If disabled, the JWT will scope to the hostname by default
+    """
+
+    policies: List[BrowserRdpApplicationPolicy]
+    """
+    The policies that Access applies to the application, in ascending order of
+    precedence. Items can reference existing policies or create new policies
+    exclusive to the application.
+    """
+
+    same_site_cookie_attribute: str
+    """
+    Sets the SameSite cookie setting, which provides increased security against CSRF
+    attacks.
+    """
+
+    scim_config: BrowserRdpApplicationSCIMConfig
+    """Configuration for provisioning to this application via SCIM.
+
+    This is currently in closed beta.
+    """
+
+    self_hosted_domains: List[SelfHostedDomains]
+    """List of public domains that Access will secure.
+
+    This field is deprecated in favor of `destinations` and will be supported until
+    **November 21, 2025.** If `destinations` are provided, then
+    `self_hosted_domains` will be ignored.
+    """
+
+    service_auth_401_redirect: bool
+    """Returns a 401 status code when the request is blocked by a Service Auth policy."""
+
+    session_duration: str
+    """The amount of time that tokens issued for this application will be valid.
+
+    Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs),
+    ms, s, m, h.
+    """
+
+    skip_interstitial: bool
+    """Enables automatic authentication through cloudflared."""
+
+    tags: List[str]
+    """The tags you want assigned to an application.
+
+    Tags are used to filter applications in the App Launcher dashboard.
+    """
+
+
+class BrowserRdpApplicationTargetCriterion(TypedDict, total=False):
+    port: Required[int]
+    """The port that the targets use for the chosen communication protocol.
+
+    A port cannot be assigned to multiple protocols.
+    """
+
+    protocol: Required[Literal["ssh"]]
+    """The communication protocol your application secures."""
+
+    target_attributes: Required[Dict[str, List[str]]]
+    """Contains a map of target attribute keys to target attribute values."""
+
+
+class BrowserRdpApplicationDestinationPublicDestination(TypedDict, total=False):
+    type: Literal["public"]
+
+    uri: str
+    """The URI of the destination.
+
+    Public destinations' URIs can include a domain and path with
+    [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/).
+    """
+
+
+class BrowserRdpApplicationDestinationPrivateDestination(TypedDict, total=False):
+    cidr: str
+    """The CIDR range of the destination. Single IPs will be computed as /32."""
+
+    hostname: str
+    """The hostname of the destination. Matches a valid SNI served by an HTTPS origin."""
+
+    l4_protocol: Literal["tcp", "udp"]
+    """The L4 protocol of the destination.
+
+    When omitted, both UDP and TCP traffic will match.
+    """
+
+    port_range: str
+    """The port range of the destination.
+
+    Can be a single port or a range of ports. When omitted, all ports will match.
+    """
+
+    type: Literal["private"]
+
+    vnet_id: str
+    """The VNET ID to match the destination. When omitted, all VNETs will match."""
+
+
+BrowserRdpApplicationDestination: TypeAlias = Union[
+    BrowserRdpApplicationDestinationPublicDestination, BrowserRdpApplicationDestinationPrivateDestination
+]
+
+
+class BrowserRdpApplicationPolicyAccessAppPolicyLink(TypedDict, total=False):
+    id: str
+    """The UUID of the policy"""
+
+    precedence: int
+    """The order of execution for this policy.
+
+    Must be unique for each policy within an app.
+    """
+
+
+class BrowserRdpApplicationPolicyUnionMember2(TypedDict, total=False):
+    id: str
+    """The UUID of the policy"""
+
+    approval_groups: Iterable[ApprovalGroupParam]
+    """Administrators who can approve a temporary authentication request."""
+
+    approval_required: bool
+    """
+    Requires the user to request access from an administrator at the start of each
+    session.
+    """
+
+    isolation_required: bool
+    """
+    Require this application to be served in an isolated browser for users matching
+    this policy. 'Client Web Isolation' must be on for the account in order to use
+    this feature.
+    """
+
+    precedence: int
+    """The order of execution for this policy.
+
+    Must be unique for each policy within an app.
+    """
+
+    purpose_justification_prompt: str
+    """A custom message that will appear on the purpose justification screen."""
+
+    purpose_justification_required: bool
+    """Require users to enter a justification when they log in to the application."""
+
+    session_duration: str
+    """The amount of time that tokens issued for the application will be valid.
+
+    Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs),
+    ms, s, m, h.
+    """
+
+
+BrowserRdpApplicationPolicy: TypeAlias = Union[
+    BrowserRdpApplicationPolicyAccessAppPolicyLink, str, BrowserRdpApplicationPolicyUnionMember2
+]
+
+
+class BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+class BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken(
+    TypedDict, total=False
+):
+    client_id: Required[str]
+    """
+    Client ID of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    client_secret: Required[str]
+    """
+    Client secret of the Access service token used to authenticate with the remote
+    service.
+    """
+
+    scheme: Required[Literal["access_service_token"]]
+    """The authentication scheme to use when making SCIM requests to this application."""
+
+
+BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasicParam,
+    SCIMConfigAuthenticationOAuthBearerTokenParam,
+    SCIMConfigAuthenticationOauth2Param,
+    BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+]
+
+BrowserRdpApplicationSCIMConfigAuthentication: TypeAlias = Union[
+    SCIMConfigAuthenticationHTTPBasicParam,
+    SCIMConfigAuthenticationOAuthBearerTokenParam,
+    SCIMConfigAuthenticationOauth2Param,
+    BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken,
+    Iterable[BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication],
+]
+
+
+class BrowserRdpApplicationSCIMConfig(TypedDict, total=False):
+    idp_uid: Required[str]
+    """
+    The UID of the IdP to use as the source for SCIM resources to provision to this
+    application.
+    """
+
+    remote_uri: Required[str]
+    """The base URI for the application's SCIM-compatible API."""
+
+    authentication: BrowserRdpApplicationSCIMConfigAuthentication
+    """
+    Attributes for configuring HTTP Basic authentication scheme for SCIM
+    provisioning to an application.
+    """
+
+    deactivate_on_delete: bool
+    """
+    If false, propagates DELETE requests to the target application for SCIM
+    resources. If true, sets 'active' to false on the SCIM resource. Note: Some
+    targets do not support DELETE operations.
+    """
+
+    enabled: bool
+    """Whether SCIM provisioning is turned on for this application."""
+
+    mappings: Iterable[SCIMConfigMappingParam]
+    """
+    A list of mappings to apply to SCIM resources before provisioning them in this
+    application. These can transform or filter the resources to be provisioned.
+    """
+
+
 ApplicationCreateParams: TypeAlias = Union[
     SelfHostedApplication,
     SaaSApplication,
@@ -2227,4 +2589,5 @@ class InfrastructureApplicationPolicy(TypedDict, total=False):
     BrowserIsolationPermissionsApplication,
     BookmarkApplication,
     InfrastructureApplication,
+    BrowserRdpApplication,
 ]