From e596c85d7ad7948ff713cf46989a4d27aca6c01b Mon Sep 17 00:00:00 2001 From: Musa Jundi Date: Fri, 15 May 2026 10:42:19 -0500 Subject: [PATCH 01/19] ci: make test and detect-breaking-changes jobs non-blocking Add continue-on-error: true to the test and detect-breaking-changes jobs so they still run but do not fail CI. These jobs are informational and should not gate release readiness. Refs: APIX-852 --- .github/workflows/ci.yml | 1 + .github/workflows/detect-breaking-changes.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index be696f11f7..f02e050ddf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -83,6 +83,7 @@ jobs: test: timeout-minutes: 10 name: test + continue-on-error: true runs-on: ${{ github.repository == 'stainless-sdks/cloudflare-node' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }} if: github.event_name == 'push' || github.event.pull_request.head.repo.fork permissions: diff --git a/.github/workflows/detect-breaking-changes.yml b/.github/workflows/detect-breaking-changes.yml index f5ee2a06f5..308f369a41 100644 --- a/.github/workflows/detect-breaking-changes.yml +++ b/.github/workflows/detect-breaking-changes.yml @@ -9,6 +9,7 @@ jobs: detect_breaking_changes: runs-on: 'ubuntu-latest' name: detect-breaking-changes + continue-on-error: true steps: - name: Calculate fetch-depth run: | From eb0cad5e97c4c2f9fff44d4478318b81bf9ed69d Mon Sep 17 00:00:00 2001 From: Musa Jundi Date: Mon, 18 May 2026 10:59:24 -0500 Subject: [PATCH 02/19] ci: move continue-on-error from job level to step level Job-level continue-on-error only prevents workflow failure but the job itself still reports as failed, which blocks PRs when the job is a required status check. Moving it to the step level makes the job conclude as success while still surfacing failures in the step output. Refs: APIX-852 --- .github/workflows/ci.yml | 2 +- .github/workflows/detect-breaking-changes.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f02e050ddf..2cd5c5739a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -83,7 +83,6 @@ jobs: test: timeout-minutes: 10 name: test - continue-on-error: true runs-on: ${{ github.repository == 'stainless-sdks/cloudflare-node' && 'depot-ubuntu-24.04' || 'ubuntu-latest' }} if: github.event_name == 'push' || github.event.pull_request.head.repo.fork permissions: @@ -100,6 +99,7 @@ jobs: run: ./scripts/bootstrap - name: Run tests + continue-on-error: true run: ./scripts/test examples: timeout-minutes: 10 diff --git a/.github/workflows/detect-breaking-changes.yml b/.github/workflows/detect-breaking-changes.yml index 308f369a41..0be79df163 100644 --- a/.github/workflows/detect-breaking-changes.yml +++ b/.github/workflows/detect-breaking-changes.yml @@ -9,7 +9,6 @@ jobs: detect_breaking_changes: runs-on: 'ubuntu-latest' name: detect-breaking-changes - continue-on-error: true steps: - name: Calculate fetch-depth run: | @@ -29,6 +28,7 @@ jobs: yarn install - name: Detect breaking changes + continue-on-error: true run: | # Try to check out previous versions of the breaking change detection script. This ensures that # we still detect breaking changes when entire files and their tests are removed. From 7e4b0750d9ffcd43896856f0079d76cfcae02d5f Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Tue, 19 May 2026 11:06:19 -0700 Subject: [PATCH 03/19] chore: sync codegen metadata from staging-next --- .stats.yml | 6 +++--- scripts/detect-breaking-changes | 7 ++++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.stats.yml b/.stats.yml index d6a4984cd6..57c3771824 100644 --- a/.stats.yml +++ b/.stats.yml @@ -1,4 +1,4 @@ -configured_endpoints: 2262 +configured_endpoints: 2269 openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-a6c352830d1270d0abb5bb983058ea21815e1bb7d2e163965335dcb0e706f057.yml -openapi_spec_hash: 75233fc92a536588b23158e9a3d0ed90 -config_hash: 554d1342364a8f4cc148dba5d7d8c997 +openapi_spec_hash: 8540f176024efef3ee799015ad4a2dd9 +config_hash: 86a9b8037b215f0a9c5c69239f9c6cfd diff --git a/scripts/detect-breaking-changes b/scripts/detect-breaking-changes index fab3dc6204..7920d4f14c 100755 --- a/scripts/detect-breaking-changes +++ b/scripts/detect-breaking-changes @@ -208,6 +208,7 @@ TEST_PATHS=( tests/api-resources/workers/observability/observability.test.ts tests/api-resources/workers/observability/telemetry.test.ts tests/api-resources/workers/observability/destinations.test.ts + tests/api-resources/workers/observability/queries.test.ts tests/api-resources/kv/kv.test.ts tests/api-resources/kv/namespaces/namespaces.test.ts tests/api-resources/kv/namespaces/keys.test.ts @@ -264,8 +265,6 @@ TEST_PATHS=( tests/api-resources/spectrum/analytics/events/summaries.test.ts tests/api-resources/spectrum/apps.test.ts tests/api-resources/addressing/addressing.test.ts - tests/api-resources/addressing/regional-hostnames/regional-hostnames.test.ts - tests/api-resources/addressing/regional-hostnames/regions.test.ts tests/api-resources/addressing/services.test.ts tests/api-resources/addressing/address-maps/address-maps.test.ts tests/api-resources/addressing/address-maps/accounts.test.ts @@ -280,7 +279,6 @@ TEST_PATHS=( tests/api-resources/audit-logs.test.ts tests/api-resources/billing/billing.test.ts tests/api-resources/billing/profiles.test.ts - tests/api-resources/billing/usage.test.ts tests/api-resources/brand-protection/brand-protection.test.ts tests/api-resources/brand-protection/queries.test.ts tests/api-resources/brand-protection/matches.test.ts @@ -431,6 +429,7 @@ TEST_PATHS=( tests/api-resources/r2/buckets/locks.test.ts tests/api-resources/r2/buckets/metrics.test.ts tests/api-resources/r2/buckets/sippy.test.ts + tests/api-resources/r2/buckets/objects.test.ts tests/api-resources/r2/temporary-credentials.test.ts tests/api-resources/r2/super-slurper/super-slurper.test.ts tests/api-resources/r2/super-slurper/jobs/jobs.test.ts @@ -483,6 +482,7 @@ TEST_PATHS=( tests/api-resources/zero-trust/identity-providers/scim/scim.test.ts tests/api-resources/zero-trust/identity-providers/scim/groups.test.ts tests/api-resources/zero-trust/identity-providers/scim/users.test.ts + tests/api-resources/zero-trust/identity-providers/saml-certificate.test.ts tests/api-resources/zero-trust/organizations/organizations.test.ts tests/api-resources/zero-trust/organizations/doh.test.ts tests/api-resources/zero-trust/seats.test.ts @@ -492,6 +492,7 @@ TEST_PATHS=( tests/api-resources/zero-trust/access/ai-controls/mcp/portals.test.ts tests/api-resources/zero-trust/access/ai-controls/mcp/servers.test.ts tests/api-resources/zero-trust/access/gateway-ca.test.ts + tests/api-resources/zero-trust/access/saml-certificates.test.ts tests/api-resources/zero-trust/access/infrastructure/infrastructure.test.ts tests/api-resources/zero-trust/access/infrastructure/targets.test.ts tests/api-resources/zero-trust/access/applications/applications.test.ts From a3ba7fc0bd0f2913169fc4de1b2278aa9052f6f6 Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Tue, 19 May 2026 11:14:54 -0700 Subject: [PATCH 04/19] chore(ai): update codegen output --- src/resources/ai/models/models.ts | 6 ++++++ tests/api-resources/ai/models/models.test.ts | 1 + 2 files changed, 7 insertions(+) diff --git a/src/resources/ai/models/models.ts b/src/resources/ai/models/models.ts index 51d230466c..ab22c90174 100644 --- a/src/resources/ai/models/models.ts +++ b/src/resources/ai/models/models.ts @@ -40,6 +40,12 @@ export interface ModelListParams extends V4PagePaginationArrayParams { */ author?: string; + /** + * Query param: If set, return models in the requested marketplace format instead + * of the default response. + */ + format?: 'openrouter'; + /** * Query param: Filter to hide experimental models */ diff --git a/tests/api-resources/ai/models/models.test.ts b/tests/api-resources/ai/models/models.test.ts index dd734d822b..99e11fe13f 100644 --- a/tests/api-resources/ai/models/models.test.ts +++ b/tests/api-resources/ai/models/models.test.ts @@ -25,6 +25,7 @@ describe('resource models', () => { const response = await client.ai.models.list({ account_id: '023e105f4ecef8ad9ca31a8372d0c353', author: 'author', + format: 'openrouter', hide_experimental: true, page: 0, per_page: 0, From 49c2987241552917a780fabc05953b1c6358353c Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Tue, 19 May 2026 11:14:55 -0700 Subject: [PATCH 05/19] chore(aisearch): update codegen output --- src/resources/aisearch/instances/instances.ts | 6 ++++++ src/resources/aisearch/namespaces/instances/instances.ts | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/src/resources/aisearch/instances/instances.ts b/src/resources/aisearch/instances/instances.ts index 3cc0f853ff..1f418b14a6 100644 --- a/src/resources/aisearch/instances/instances.ts +++ b/src/resources/aisearch/instances/instances.ts @@ -2314,6 +2314,12 @@ export namespace InstanceSearchResponse { export interface InstanceStatsResponse { completed?: number; + /** + * True when status counts are unavailable (e.g. legacy stats query exceeded D1 + * statement-size limit). Counts are omitted in this case. + */ + degraded?: boolean; + /** * Engine-specific metadata. Present only for managed (v3) instances. */ diff --git a/src/resources/aisearch/namespaces/instances/instances.ts b/src/resources/aisearch/namespaces/instances/instances.ts index 222e627312..3379ac6c1f 100644 --- a/src/resources/aisearch/namespaces/instances/instances.ts +++ b/src/resources/aisearch/namespaces/instances/instances.ts @@ -2365,6 +2365,12 @@ export namespace InstanceSearchResponse { export interface InstanceStatsResponse { completed?: number; + /** + * True when status counts are unavailable (e.g. legacy stats query exceeded D1 + * statement-size limit). Counts are omitted in this case. + */ + degraded?: boolean; + /** * Engine-specific metadata. Present only for managed (v3) instances. */ From 0aa9ae06af4a4e09eea8f0a51f37fb22c94ed003 Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Tue, 19 May 2026 11:14:55 -0700 Subject: [PATCH 06/19] chore(cloudforce-one): update codegen output --- src/resources/cloudforce-one/threat-events/countries.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/resources/cloudforce-one/threat-events/countries.ts b/src/resources/cloudforce-one/threat-events/countries.ts index 3177e14904..923cdfe9e3 100644 --- a/src/resources/cloudforce-one/threat-events/countries.ts +++ b/src/resources/cloudforce-one/threat-events/countries.ts @@ -32,6 +32,8 @@ export namespace CountryListResponse { export namespace CountryListResponseItem { export interface Result { + alpha2: string; + alpha3: string; name: string; From 6e9024567fe8fb85d9e243845efd2377d0c91de7 Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Tue, 19 May 2026 11:14:55 -0700 Subject: [PATCH 07/19] chore(custom-certificates): update codegen output --- .../custom-certificates/custom-certificates.ts | 18 ++++++++++-------- .../custom-certificates.test.ts | 12 ++++++------ 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/src/resources/custom-certificates/custom-certificates.ts b/src/resources/custom-certificates/custom-certificates.ts index 49fb90c45a..da07b19164 100644 --- a/src/resources/custom-certificates/custom-certificates.ts +++ b/src/resources/custom-certificates/custom-certificates.ts @@ -21,8 +21,6 @@ export class CustomCertificates extends APIResource { * zone_id: '023e105f4ecef8ad9ca31a8372d0c353', * certificate: * '-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n', - * private_key: - * '-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmG\ndtcGbg/1CGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKn\nabIRuGvBKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpid\ntnKX/a+50GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+py\nFxIXjbEIdZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pE\newooaeO2izNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABAoIBACbhTYXBZYKmYPCb\nHBR1IBlCQA2nLGf0qRuJNJZg5iEzXows/6tc8YymZkQE7nolapWsQ+upk2y5Xdp/\naxiuprIs9JzkYK8Ox0r+dlwCG1kSW+UAbX0bQ/qUqlsTvU6muVuMP8vZYHxJ3wmb\n+ufRBKztPTQ/rYWaYQcgC0RWI20HTFBMxlTAyNxYNWzX7RKFkGVVyB9RsAtmcc8g\n+j4OdosbfNoJPS0HeIfNpAznDfHKdxDk2Yc1tV6RHBrC1ynyLE9+TaflIAdo2MVv\nKLMLq51GqYKtgJFIlBRPQqKoyXdz3fGvXrTkf/WY9QNq0J1Vk5ERePZ54mN8iZB7\n9lwy/AkCgYEA6FXzosxswaJ2wQLeoYc7ceaweX/SwTvxHgXzRyJIIT0eJWgx13Wo\n/WA3Iziimsjf6qE+SI/8laxPp2A86VMaIt3Z3mJN/CqSVGw8LK2AQst+OwdPyDMu\niacE8lj/IFGC8mwNUAb9CzGU3JpU4PxxGFjS/eMtGeRXCWkK4NE+G08CgYEA1Kp9\nN2JrVlqUz+gAX+LPmE9OEMAS9WQSQsfCHGogIFDGGcNf7+uwBM7GAaSJIP01zcoe\nVAgWdzXCv3FLhsaZoJ6RyLOLay5phbu1iaTr4UNYm5WtYTzMzqh8l1+MFFDl9xDB\nvULuCIIrglM5MeS/qnSg1uMoH2oVPj9TVst/ir8CgYEAxrI7Ws9Zc4Bt70N1As+U\nlySjaEVZCMkqvHJ6TCuVZFfQoE0r0whdLdRLU2PsLFP+q7qaeZQqgBaNSKeVcDYR\n9B+nY/jOmQoPewPVsp/vQTCnE/R81spu0mp0YI6cIheT1Z9zAy322svcc43JaWB7\nmEbeqyLOP4Z4qSOcmghZBSECgYACvR9Xs0DGn+wCsW4vze/2ei77MD4OQvepPIFX\ndFZtlBy5ADcgE9z0cuVB6CiL8DbdK5kwY9pGNr8HUCI03iHkW6Zs+0L0YmihfEVe\nPG19PSzK9CaDdhD9KFZSbLyVFmWfxOt50H7YRTTiPMgjyFpfi5j2q348yVT0tEQS\nfhRqaQKBgAcWPokmJ7EbYQGeMbS7HC8eWO/RyamlnSffdCdSc7ue3zdVJxpAkQ8W\nqu80pEIF6raIQfAf8MXiiZ7auFOSnHQTXUbhCpvDLKi0Mwq3G8Pl07l+2s6dQG6T\nlv6XTQaMyf6n1yjzL+fzDrH3qXMxHMO/b13EePXpDMpY7HQpoLDi\n-----END RSA PRIVATE KEY-----\n', * }); * ``` */ @@ -291,11 +289,6 @@ export interface CustomCertificateCreateParams { */ certificate: string; - /** - * Body param: The zone's private key. - */ - private_key: string; - /** * Body param: A ubiquitous bundle has the highest probability of being verified * everywhere, even by clients using outdated or unusual trust stores. An optimal @@ -340,6 +333,13 @@ export interface CustomCertificateCreateParams { */ policy?: string; + /** + * Body param: The zone's private key. Not required if custom_csr_id is provided, + * in which case the private key is retrieved from the CSR record held by + * Cloudflare. + */ + private_key?: string; + /** * Body param: The type 'legacy_custom' enables support for legacy clients which do * not include SNI in the TLS handshake. @@ -427,7 +427,9 @@ export interface CustomCertificateEditParams { policy?: string; /** - * Body param: The zone's private key. + * Body param: The zone's private key. Not required if custom_csr_id is provided, + * in which case the private key is retrieved from the CSR record held by + * Cloudflare. */ private_key?: string; } diff --git a/tests/api-resources/custom-certificates/custom-certificates.test.ts b/tests/api-resources/custom-certificates/custom-certificates.test.ts index f1f42ea5e7..90c38fc617 100644 --- a/tests/api-resources/custom-certificates/custom-certificates.test.ts +++ b/tests/api-resources/custom-certificates/custom-certificates.test.ts @@ -10,13 +10,12 @@ const client = new Cloudflare({ }); describe('resource customCertificates', () => { - test('create: only required params', async () => { + // HTTP 422 error from prism + test.skip('create: only required params', async () => { const responsePromise = client.customCertificates.create({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', certificate: '-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n', - private_key: - '-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmG\ndtcGbg/1CGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKn\nabIRuGvBKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpid\ntnKX/a+50GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+py\nFxIXjbEIdZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pE\newooaeO2izNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABAoIBACbhTYXBZYKmYPCb\nHBR1IBlCQA2nLGf0qRuJNJZg5iEzXows/6tc8YymZkQE7nolapWsQ+upk2y5Xdp/\naxiuprIs9JzkYK8Ox0r+dlwCG1kSW+UAbX0bQ/qUqlsTvU6muVuMP8vZYHxJ3wmb\n+ufRBKztPTQ/rYWaYQcgC0RWI20HTFBMxlTAyNxYNWzX7RKFkGVVyB9RsAtmcc8g\n+j4OdosbfNoJPS0HeIfNpAznDfHKdxDk2Yc1tV6RHBrC1ynyLE9+TaflIAdo2MVv\nKLMLq51GqYKtgJFIlBRPQqKoyXdz3fGvXrTkf/WY9QNq0J1Vk5ERePZ54mN8iZB7\n9lwy/AkCgYEA6FXzosxswaJ2wQLeoYc7ceaweX/SwTvxHgXzRyJIIT0eJWgx13Wo\n/WA3Iziimsjf6qE+SI/8laxPp2A86VMaIt3Z3mJN/CqSVGw8LK2AQst+OwdPyDMu\niacE8lj/IFGC8mwNUAb9CzGU3JpU4PxxGFjS/eMtGeRXCWkK4NE+G08CgYEA1Kp9\nN2JrVlqUz+gAX+LPmE9OEMAS9WQSQsfCHGogIFDGGcNf7+uwBM7GAaSJIP01zcoe\nVAgWdzXCv3FLhsaZoJ6RyLOLay5phbu1iaTr4UNYm5WtYTzMzqh8l1+MFFDl9xDB\nvULuCIIrglM5MeS/qnSg1uMoH2oVPj9TVst/ir8CgYEAxrI7Ws9Zc4Bt70N1As+U\nlySjaEVZCMkqvHJ6TCuVZFfQoE0r0whdLdRLU2PsLFP+q7qaeZQqgBaNSKeVcDYR\n9B+nY/jOmQoPewPVsp/vQTCnE/R81spu0mp0YI6cIheT1Z9zAy322svcc43JaWB7\nmEbeqyLOP4Z4qSOcmghZBSECgYACvR9Xs0DGn+wCsW4vze/2ei77MD4OQvepPIFX\ndFZtlBy5ADcgE9z0cuVB6CiL8DbdK5kwY9pGNr8HUCI03iHkW6Zs+0L0YmihfEVe\nPG19PSzK9CaDdhD9KFZSbLyVFmWfxOt50H7YRTTiPMgjyFpfi5j2q348yVT0tEQS\nfhRqaQKBgAcWPokmJ7EbYQGeMbS7HC8eWO/RyamlnSffdCdSc7ue3zdVJxpAkQ8W\nqu80pEIF6raIQfAf8MXiiZ7auFOSnHQTXUbhCpvDLKi0Mwq3G8Pl07l+2s6dQG6T\nlv6XTQaMyf6n1yjzL+fzDrH3qXMxHMO/b13EePXpDMpY7HQpoLDi\n-----END RSA PRIVATE KEY-----\n', }); const rawResponse = await responsePromise.asResponse(); expect(rawResponse).toBeInstanceOf(Response); @@ -27,18 +26,19 @@ describe('resource customCertificates', () => { expect(dataAndResponse.response).toBe(rawResponse); }); - test('create: required and optional params', async () => { + // HTTP 422 error from prism + test.skip('create: required and optional params', async () => { const response = await client.customCertificates.create({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', certificate: '-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n', - private_key: - '-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmG\ndtcGbg/1CGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKn\nabIRuGvBKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpid\ntnKX/a+50GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+py\nFxIXjbEIdZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pE\newooaeO2izNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABAoIBACbhTYXBZYKmYPCb\nHBR1IBlCQA2nLGf0qRuJNJZg5iEzXows/6tc8YymZkQE7nolapWsQ+upk2y5Xdp/\naxiuprIs9JzkYK8Ox0r+dlwCG1kSW+UAbX0bQ/qUqlsTvU6muVuMP8vZYHxJ3wmb\n+ufRBKztPTQ/rYWaYQcgC0RWI20HTFBMxlTAyNxYNWzX7RKFkGVVyB9RsAtmcc8g\n+j4OdosbfNoJPS0HeIfNpAznDfHKdxDk2Yc1tV6RHBrC1ynyLE9+TaflIAdo2MVv\nKLMLq51GqYKtgJFIlBRPQqKoyXdz3fGvXrTkf/WY9QNq0J1Vk5ERePZ54mN8iZB7\n9lwy/AkCgYEA6FXzosxswaJ2wQLeoYc7ceaweX/SwTvxHgXzRyJIIT0eJWgx13Wo\n/WA3Iziimsjf6qE+SI/8laxPp2A86VMaIt3Z3mJN/CqSVGw8LK2AQst+OwdPyDMu\niacE8lj/IFGC8mwNUAb9CzGU3JpU4PxxGFjS/eMtGeRXCWkK4NE+G08CgYEA1Kp9\nN2JrVlqUz+gAX+LPmE9OEMAS9WQSQsfCHGogIFDGGcNf7+uwBM7GAaSJIP01zcoe\nVAgWdzXCv3FLhsaZoJ6RyLOLay5phbu1iaTr4UNYm5WtYTzMzqh8l1+MFFDl9xDB\nvULuCIIrglM5MeS/qnSg1uMoH2oVPj9TVst/ir8CgYEAxrI7Ws9Zc4Bt70N1As+U\nlySjaEVZCMkqvHJ6TCuVZFfQoE0r0whdLdRLU2PsLFP+q7qaeZQqgBaNSKeVcDYR\n9B+nY/jOmQoPewPVsp/vQTCnE/R81spu0mp0YI6cIheT1Z9zAy322svcc43JaWB7\nmEbeqyLOP4Z4qSOcmghZBSECgYACvR9Xs0DGn+wCsW4vze/2ei77MD4OQvepPIFX\ndFZtlBy5ADcgE9z0cuVB6CiL8DbdK5kwY9pGNr8HUCI03iHkW6Zs+0L0YmihfEVe\nPG19PSzK9CaDdhD9KFZSbLyVFmWfxOt50H7YRTTiPMgjyFpfi5j2q348yVT0tEQS\nfhRqaQKBgAcWPokmJ7EbYQGeMbS7HC8eWO/RyamlnSffdCdSc7ue3zdVJxpAkQ8W\nqu80pEIF6raIQfAf8MXiiZ7auFOSnHQTXUbhCpvDLKi0Mwq3G8Pl07l+2s6dQG6T\nlv6XTQaMyf6n1yjzL+fzDrH3qXMxHMO/b13EePXpDMpY7HQpoLDi\n-----END RSA PRIVATE KEY-----\n', bundle_method: 'ubiquitous', custom_csr_id: '7b163417-1d2b-4c84-a38a-2fb7a0cd7752', deploy: 'staging', geo_restrictions: { label: 'us' }, policy: '(country: US) or (region: EU)', + private_key: + '-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmG\ndtcGbg/1CGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKn\nabIRuGvBKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpid\ntnKX/a+50GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+py\nFxIXjbEIdZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pE\newooaeO2izNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABAoIBACbhTYXBZYKmYPCb\nHBR1IBlCQA2nLGf0qRuJNJZg5iEzXows/6tc8YymZkQE7nolapWsQ+upk2y5Xdp/\naxiuprIs9JzkYK8Ox0r+dlwCG1kSW+UAbX0bQ/qUqlsTvU6muVuMP8vZYHxJ3wmb\n+ufRBKztPTQ/rYWaYQcgC0RWI20HTFBMxlTAyNxYNWzX7RKFkGVVyB9RsAtmcc8g\n+j4OdosbfNoJPS0HeIfNpAznDfHKdxDk2Yc1tV6RHBrC1ynyLE9+TaflIAdo2MVv\nKLMLq51GqYKtgJFIlBRPQqKoyXdz3fGvXrTkf/WY9QNq0J1Vk5ERePZ54mN8iZB7\n9lwy/AkCgYEA6FXzosxswaJ2wQLeoYc7ceaweX/SwTvxHgXzRyJIIT0eJWgx13Wo\n/WA3Iziimsjf6qE+SI/8laxPp2A86VMaIt3Z3mJN/CqSVGw8LK2AQst+OwdPyDMu\niacE8lj/IFGC8mwNUAb9CzGU3JpU4PxxGFjS/eMtGeRXCWkK4NE+G08CgYEA1Kp9\nN2JrVlqUz+gAX+LPmE9OEMAS9WQSQsfCHGogIFDGGcNf7+uwBM7GAaSJIP01zcoe\nVAgWdzXCv3FLhsaZoJ6RyLOLay5phbu1iaTr4UNYm5WtYTzMzqh8l1+MFFDl9xDB\nvULuCIIrglM5MeS/qnSg1uMoH2oVPj9TVst/ir8CgYEAxrI7Ws9Zc4Bt70N1As+U\nlySjaEVZCMkqvHJ6TCuVZFfQoE0r0whdLdRLU2PsLFP+q7qaeZQqgBaNSKeVcDYR\n9B+nY/jOmQoPewPVsp/vQTCnE/R81spu0mp0YI6cIheT1Z9zAy322svcc43JaWB7\nmEbeqyLOP4Z4qSOcmghZBSECgYACvR9Xs0DGn+wCsW4vze/2ei77MD4OQvepPIFX\ndFZtlBy5ADcgE9z0cuVB6CiL8DbdK5kwY9pGNr8HUCI03iHkW6Zs+0L0YmihfEVe\nPG19PSzK9CaDdhD9KFZSbLyVFmWfxOt50H7YRTTiPMgjyFpfi5j2q348yVT0tEQS\nfhRqaQKBgAcWPokmJ7EbYQGeMbS7HC8eWO/RyamlnSffdCdSc7ue3zdVJxpAkQ8W\nqu80pEIF6raIQfAf8MXiiZ7auFOSnHQTXUbhCpvDLKi0Mwq3G8Pl07l+2s6dQG6T\nlv6XTQaMyf6n1yjzL+fzDrH3qXMxHMO/b13EePXpDMpY7HQpoLDi\n-----END RSA PRIVATE KEY-----\n', type: 'sni_custom', }); }); From b471160c54197be75971f3467165c244cd998d57 Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Tue, 19 May 2026 11:14:55 -0700 Subject: [PATCH 08/19] chore(intel): update codegen output --- src/resources/intel/sinkholes.ts | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/resources/intel/sinkholes.ts b/src/resources/intel/sinkholes.ts index 07ef8b3387..45b0bb5dce 100644 --- a/src/resources/intel/sinkholes.ts +++ b/src/resources/intel/sinkholes.ts @@ -6,7 +6,7 @@ import { SinglePage } from '../../pagination'; export class Sinkholes extends APIResource { /** - * List sinkholes owned by this account + * Lists sinkholes owned by the account for redirecting malicious traffic. * * @example * ```ts @@ -31,44 +31,44 @@ export class SinkholesSinglePage extends SinglePage {} export interface Sinkhole { /** - * The unique identifier for the sinkhole + * The unique identifier for the sinkhole. */ id?: number; /** - * The account tag that owns this sinkhole + * The account tag that owns this sinkhole. */ account_tag?: string; /** - * The date and time when the sinkhole was created + * The date and time when the sinkhole was created. */ created_on?: string; /** - * The date and time when the sinkhole was last modified + * The date and time when the sinkhole was last modified. */ modified_on?: string; /** - * The name of the sinkhole + * The name of the sinkhole. */ name?: string; /** - * The name of the R2 bucket to store results + * The name of the R2 bucket to store results. */ r2_bucket?: string; /** - * The id of the R2 instance + * The id of the R2 instance. */ r2_id?: string; } export interface SinkholeListParams { /** - * Identifier + * Identifier. */ account_id: string; } From 5bc24136687dcfa7deea0a35c2eb7e9a3371040c Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Tue, 19 May 2026 11:14:55 -0700 Subject: [PATCH 09/19] chore(logpush): update codegen output --- src/resources/logpush/datasets/fields.ts | 3 +++ src/resources/logpush/datasets/jobs.ts | 3 +++ src/resources/logpush/jobs.ts | 2 ++ 3 files changed, 8 insertions(+) diff --git a/src/resources/logpush/datasets/fields.ts b/src/resources/logpush/datasets/fields.ts index f8223c248f..a0a6b67cdf 100644 --- a/src/resources/logpush/datasets/fields.ts +++ b/src/resources/logpush/datasets/fields.ts @@ -41,6 +41,7 @@ export class Fields extends APIResource { | 'ipsec_logs' | 'magic_ids_detections' | 'mcp_portal_logs' + | 'mnm_flow_logs' | 'nel_reports' | 'network_analytics_logs' | 'page_shield_events' @@ -78,6 +79,7 @@ export class Fields extends APIResource { | 'ipsec_logs' | 'magic_ids_detections' | 'mcp_portal_logs' + | 'mnm_flow_logs' | 'nel_reports' | 'network_analytics_logs' | 'page_shield_events' @@ -114,6 +116,7 @@ export class Fields extends APIResource { | 'ipsec_logs' | 'magic_ids_detections' | 'mcp_portal_logs' + | 'mnm_flow_logs' | 'nel_reports' | 'network_analytics_logs' | 'page_shield_events' diff --git a/src/resources/logpush/datasets/jobs.ts b/src/resources/logpush/datasets/jobs.ts index 5faae9dbb0..df4d6e8b26 100644 --- a/src/resources/logpush/datasets/jobs.ts +++ b/src/resources/logpush/datasets/jobs.ts @@ -45,6 +45,7 @@ export class Jobs extends APIResource { | 'ipsec_logs' | 'magic_ids_detections' | 'mcp_portal_logs' + | 'mnm_flow_logs' | 'nel_reports' | 'network_analytics_logs' | 'page_shield_events' @@ -82,6 +83,7 @@ export class Jobs extends APIResource { | 'ipsec_logs' | 'magic_ids_detections' | 'mcp_portal_logs' + | 'mnm_flow_logs' | 'nel_reports' | 'network_analytics_logs' | 'page_shield_events' @@ -118,6 +120,7 @@ export class Jobs extends APIResource { | 'ipsec_logs' | 'magic_ids_detections' | 'mcp_portal_logs' + | 'mnm_flow_logs' | 'nel_reports' | 'network_analytics_logs' | 'page_shield_events' diff --git a/src/resources/logpush/jobs.ts b/src/resources/logpush/jobs.ts index 6904b3fc91..06090bcb0b 100644 --- a/src/resources/logpush/jobs.ts +++ b/src/resources/logpush/jobs.ts @@ -307,6 +307,7 @@ export interface LogpushJob { | 'ipsec_logs' | 'magic_ids_detections' | 'mcp_portal_logs' + | 'mnm_flow_logs' | 'nel_reports' | 'network_analytics_logs' | 'page_shield_events' @@ -635,6 +636,7 @@ export interface JobCreateParams { | 'ipsec_logs' | 'magic_ids_detections' | 'mcp_portal_logs' + | 'mnm_flow_logs' | 'nel_reports' | 'network_analytics_logs' | 'page_shield_events' From 94a26fcd9d316f31557530799f449f202f372661 Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Tue, 19 May 2026 11:14:55 -0700 Subject: [PATCH 10/19] feat(r2): add objects sub-resource --- src/resources/r2/api.md | 15 + src/resources/r2/buckets/buckets.ts | 27 ++ src/resources/r2/buckets/index.ts | 11 + src/resources/r2/buckets/objects.ts | 419 ++++++++++++++++++ .../api-resources/r2/buckets/objects.test.ts | 102 +++++ 5 files changed, 574 insertions(+) create mode 100644 src/resources/r2/buckets/objects.ts create mode 100644 tests/api-resources/r2/buckets/objects.test.ts diff --git a/src/resources/r2/api.md b/src/resources/r2/api.md index 3ad53f236e..fab4224bda 100644 --- a/src/resources/r2/api.md +++ b/src/resources/r2/api.md @@ -126,6 +126,21 @@ Methods: - client.r2.buckets.sippy.delete(bucketName, { ...params }) -> SippyDeleteResponse - client.r2.buckets.sippy.get(bucketName, { ...params }) -> Sippy +### Objects + +Types: + +- ObjectListResponse +- ObjectDeleteResponse +- ObjectUploadResponse + +Methods: + +- client.r2.buckets.objects.list(bucketName, { ...params }) -> ObjectListResponsesCursorPagination +- client.r2.buckets.objects.delete(bucketName, objectKey, { ...params }) -> ObjectDeleteResponse +- client.r2.buckets.objects.get(bucketName, objectKey, { ...params }) -> Response +- client.r2.buckets.objects.upload(bucketName, objectKey, body, { ...params }) -> ObjectUploadResponse + ## TemporaryCredentials Types: diff --git a/src/resources/r2/buckets/buckets.ts b/src/resources/r2/buckets/buckets.ts index a19a8b4ca7..890fd2021d 100644 --- a/src/resources/r2/buckets/buckets.ts +++ b/src/resources/r2/buckets/buckets.ts @@ -36,6 +36,18 @@ import * as LocksAPI from './locks'; import { LockGetParams, LockGetResponse, LockUpdateParams, LockUpdateResponse, Locks } from './locks'; import * as MetricsAPI from './metrics'; import { MetricListParams, MetricListResponse, Metrics } from './metrics'; +import * as ObjectsAPI from './objects'; +import { + ObjectDeleteParams, + ObjectDeleteResponse, + ObjectGetParams, + ObjectListParams, + ObjectListResponse, + ObjectListResponsesCursorPagination, + ObjectUploadParams, + ObjectUploadResponse, + Objects, +} from './objects'; import * as SippyAPI from './sippy'; import { Provider, @@ -59,6 +71,7 @@ export class Buckets extends APIResource { locks: LocksAPI.Locks = new LocksAPI.Locks(this._client); metrics: MetricsAPI.Metrics = new MetricsAPI.Metrics(this._client); sippy: SippyAPI.SippyResource = new SippyAPI.SippyResource(this._client); + objects: ObjectsAPI.Objects = new ObjectsAPI.Objects(this._client); /** * Creates a new R2 bucket. @@ -363,6 +376,8 @@ Buckets.EventNotifications = EventNotifications; Buckets.Locks = Locks; Buckets.Metrics = Metrics; Buckets.SippyResource = SippyResource; +Buckets.Objects = Objects; +Buckets.ObjectListResponsesCursorPagination = ObjectListResponsesCursorPagination; export declare namespace Buckets { export { @@ -431,4 +446,16 @@ export declare namespace Buckets { type SippyDeleteParams as SippyDeleteParams, type SippyGetParams as SippyGetParams, }; + + export { + Objects as Objects, + type ObjectListResponse as ObjectListResponse, + type ObjectDeleteResponse as ObjectDeleteResponse, + type ObjectUploadResponse as ObjectUploadResponse, + ObjectListResponsesCursorPagination as ObjectListResponsesCursorPagination, + type ObjectListParams as ObjectListParams, + type ObjectDeleteParams as ObjectDeleteParams, + type ObjectGetParams as ObjectGetParams, + type ObjectUploadParams as ObjectUploadParams, + }; } diff --git a/src/resources/r2/buckets/index.ts b/src/resources/r2/buckets/index.ts index 8e15ad1e26..923f34c644 100644 --- a/src/resources/r2/buckets/index.ts +++ b/src/resources/r2/buckets/index.ts @@ -47,6 +47,17 @@ export { type LockGetParams, } from './locks'; export { Metrics, type MetricListResponse, type MetricListParams } from './metrics'; +export { + ObjectListResponsesCursorPagination, + Objects, + type ObjectListResponse, + type ObjectDeleteResponse, + type ObjectUploadResponse, + type ObjectListParams, + type ObjectDeleteParams, + type ObjectGetParams, + type ObjectUploadParams, +} from './objects'; export { SippyResource, type Provider, diff --git a/src/resources/r2/buckets/objects.ts b/src/resources/r2/buckets/objects.ts new file mode 100644 index 0000000000..f72435cf6f --- /dev/null +++ b/src/resources/r2/buckets/objects.ts @@ -0,0 +1,419 @@ +// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. + +import { APIResource } from '../../../resource'; +import * as Core from '../../../core'; +import { CursorPagination, type CursorPaginationParams } from '../../../pagination'; +import { type BlobLike } from '../../../uploads'; +import { type Response } from '../../../_shims/index'; + +export class Objects extends APIResource { + /** + * Lists objects in an R2 bucket. Returns object metadata including key, size, + * etag, last modified date, HTTP metadata, and custom metadata. + * + * For most workloads, we recommend using R2's + * [S3-compatible API](https://developers.cloudflare.com/r2/api/s3/api/) or a + * [Worker with an R2 binding](https://developers.cloudflare.com/r2/api/workers/workers-api-reference/) + * instead. + * + * @example + * ```ts + * // Automatically fetches more pages as needed. + * for await (const objectListResponse of client.r2.buckets.objects.list( + * 'example-bucket', + * { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + * )) { + * // ... + * } + * ``` + */ + list( + bucketName: string, + params: ObjectListParams, + options?: Core.RequestOptions, + ): Core.PagePromise { + const { account_id, jurisdiction, ...query } = params; + return this._client.getAPIList( + `/accounts/${account_id}/r2/buckets/${bucketName}/objects`, + ObjectListResponsesCursorPagination, + { + query, + ...options, + headers: { + ...(jurisdiction?.toString() != null ? + { 'cf-r2-jurisdiction': jurisdiction?.toString() } + : undefined), + ...options?.headers, + }, + }, + ); + } + + /** + * Deletes an object from an R2 bucket. + * + * For most workloads, we recommend using R2's + * [S3-compatible API](https://developers.cloudflare.com/r2/api/s3/api/) or a + * [Worker with an R2 binding](https://developers.cloudflare.com/r2/api/workers/workers-api-reference/) + * instead. + * + * @example + * ```ts + * const object = await client.r2.buckets.objects.delete( + * 'example-bucket', + * 'path/to/my-object.txt', + * { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + * ); + * ``` + */ + delete( + bucketName: string, + objectKey: string, + params: ObjectDeleteParams, + options?: Core.RequestOptions, + ): Core.APIPromise { + const { account_id, jurisdiction } = params; + return ( + this._client.delete(`/accounts/${account_id}/r2/buckets/${bucketName}/objects/${objectKey}`, { + ...options, + headers: { + ...(jurisdiction?.toString() != null ? + { 'cf-r2-jurisdiction': jurisdiction?.toString() } + : undefined), + ...options?.headers, + }, + }) as Core.APIPromise<{ result: ObjectDeleteResponse }> + )._thenUnwrap((obj) => obj.result); + } + + /** + * Retrieves an object from an R2 bucket. Returns the object body along with + * metadata headers. + * + * For most workloads, we recommend using R2's + * [S3-compatible API](https://developers.cloudflare.com/r2/api/s3/api/) or a + * [Worker with an R2 binding](https://developers.cloudflare.com/r2/api/workers/workers-api-reference/) + * instead. + * + * @example + * ```ts + * const object = await client.r2.buckets.objects.get( + * 'example-bucket', + * 'path/to/my-object.txt', + * { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + * ); + * + * const content = await object.blob(); + * console.log(content); + * ``` + */ + get( + bucketName: string, + objectKey: string, + params: ObjectGetParams, + options?: Core.RequestOptions, + ): Core.APIPromise { + const { + account_id, + jurisdiction, + 'If-Modified-Since': ifModifiedSince, + 'If-None-Match': ifNoneMatch, + } = params; + return this._client.get(`/accounts/${account_id}/r2/buckets/${bucketName}/objects/${objectKey}`, { + ...options, + headers: { + Accept: 'application/octet-stream', + ...(jurisdiction?.toString() != null ? + { 'cf-r2-jurisdiction': jurisdiction?.toString() } + : undefined), + ...(ifModifiedSince != null ? { 'If-Modified-Since': ifModifiedSince } : undefined), + ...(ifNoneMatch != null ? { 'If-None-Match': ifNoneMatch } : undefined), + ...options?.headers, + }, + __binaryResponse: true, + }); + } + + /** + * Uploads an object to an R2 bucket. The object body is provided as the request + * body. Returns metadata about the uploaded object. + * + * The maximum upload size for this endpoint is 300 MB. For most workloads, we + * recommend using R2's + * [S3-compatible API](https://developers.cloudflare.com/r2/api/s3/api/) or a + * [Worker with an R2 binding](https://developers.cloudflare.com/r2/api/workers/workers-api-reference/) + * instead. + * + * @example + * ```ts + * const response = await client.r2.buckets.objects.upload( + * 'example-bucket', + * 'path/to/my-object.txt', + * fs.createReadStream('path/to/file'), + * { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + * ); + * ``` + */ + upload( + bucketName: string, + objectKey: string, + body: string | ArrayBufferView | ArrayBuffer | BlobLike, + params: ObjectUploadParams, + options?: Core.RequestOptions, + ): Core.APIPromise { + const { account_id, jurisdiction, 'cf-r2-storage-class': cfR2StorageClass } = params; + return ( + this._client.put(`/accounts/${account_id}/r2/buckets/${bucketName}/objects/${objectKey}`, { + body: body, + ...options, + headers: { + 'Content-Type': 'application/octet-stream', + ...(jurisdiction?.toString() != null ? + { 'cf-r2-jurisdiction': jurisdiction?.toString() } + : undefined), + ...(cfR2StorageClass?.toString() != null ? + { 'cf-r2-storage-class': cfR2StorageClass?.toString() } + : undefined), + ...options?.headers, + }, + __binaryRequest: true, + }) as Core.APIPromise<{ result: ObjectUploadResponse }> + )._thenUnwrap((obj) => obj.result); + } +} + +export class ObjectListResponsesCursorPagination extends CursorPagination {} + +/** + * Metadata for an R2 object. + */ +export interface ObjectListResponse { + /** + * Custom metadata key-value pairs associated with the object. + */ + custom_metadata?: { [key: string]: string }; + + /** + * The entity tag for the object. In JSON list/get responses this is the raw hex + * digest (without surrounding quotes). The HTTP `ETag` response header on Get + * Object follows RFC 7232 and IS wrapped in surrounding double-quotes. + */ + etag?: string; + + /** + * HTTP metadata associated with an R2 object. + */ + http_metadata?: ObjectListResponse.HTTPMetadata; + + /** + * The object key (name). + */ + key?: string; + + /** + * The date and time the object was last modified. + */ + last_modified?: string; + + /** + * The size of the object in bytes. + */ + size?: number; + + /** + * Whether the object is encrypted with a customer-supplied encryption key. + */ + ssec?: boolean; + + /** + * Storage class for newly uploaded objects, unless specified otherwise. + */ + storage_class?: 'Standard' | 'InfrequentAccess'; +} + +export namespace ObjectListResponse { + /** + * HTTP metadata associated with an R2 object. + */ + export interface HTTPMetadata { + /** + * Specifies caching behavior for the object. + */ + cacheControl?: string; + + /** + * The date and time at which the object's cache entry expires. + */ + cacheExpiry?: string; + + /** + * Specifies presentational information for the object. + */ + contentDisposition?: string; + + /** + * Specifies the content encoding applied to the object. + */ + contentEncoding?: string; + + /** + * The language of the object content. + */ + contentLanguage?: string; + + /** + * The MIME type of the object. + */ + contentType?: string; + } +} + +/** + * Result of a successful object deletion. + */ +export interface ObjectDeleteResponse { + /** + * The key (name) of the deleted object. + */ + key?: string; +} + +/** + * Result of a successful object upload. + */ +export interface ObjectUploadResponse { + /** + * The entity tag for the uploaded object. + */ + etag?: string; + + /** + * The key (name) of the uploaded object. + */ + key?: string; + + /** + * The size of the uploaded object in bytes (as a string). + */ + size?: string; + + /** + * Storage class for newly uploaded objects, unless specified otherwise. + */ + storage_class?: 'Standard' | 'InfrequentAccess'; + + /** + * The date and time the object was uploaded. + */ + uploaded?: string; + + /** + * The version UUID of the uploaded object. + */ + version?: string; +} + +export interface ObjectListParams extends CursorPaginationParams { + /** + * Path param: Account ID. + */ + account_id: string; + + /** + * Query param: A single character used to group keys. All keys that contain the + * delimiter between the prefix and the first occurrence of the delimiter after the + * prefix are grouped under a single result element. + */ + delimiter?: string; + + /** + * Query param: Restricts results to only those objects whose keys begin with the + * specified prefix. + */ + prefix?: string; + + /** + * Query param: Returns objects with keys that come after the specified key in + * lexicographic order. + */ + start_after?: string; + + /** + * Header param: Jurisdiction where objects in this bucket are guaranteed to be + * stored. + */ + jurisdiction?: 'default' | 'eu' | 'fedramp'; +} + +export interface ObjectDeleteParams { + /** + * Path param: Account ID. + */ + account_id: string; + + /** + * Header param: Jurisdiction where objects in this bucket are guaranteed to be + * stored. + */ + jurisdiction?: 'default' | 'eu' | 'fedramp'; +} + +export interface ObjectGetParams { + /** + * Path param: Account ID. + */ + account_id: string; + + /** + * Header param: Jurisdiction where objects in this bucket are guaranteed to be + * stored. + */ + jurisdiction?: 'default' | 'eu' | 'fedramp'; + + /** + * Header param: Returns the object only if it has been modified since the + * specified time. Must be formatted as an HTTP-date (RFC 7231), e.g. + * `Tue, 15 Jan 2024 10:30:00 GMT`. + */ + 'If-Modified-Since'?: string; + + /** + * Header param: Returns the object only if its ETag does not match the given + * value. + */ + 'If-None-Match'?: string; +} + +export interface ObjectUploadParams { + /** + * Path param: Account ID. + */ + account_id: string; + + /** + * Header param: Jurisdiction where objects in this bucket are guaranteed to be + * stored. + */ + jurisdiction?: 'default' | 'eu' | 'fedramp'; + + /** + * Header param: Storage class for newly uploaded objects, unless specified + * otherwise. + */ + 'cf-r2-storage-class'?: 'Standard' | 'InfrequentAccess'; +} + +Objects.ObjectListResponsesCursorPagination = ObjectListResponsesCursorPagination; + +export declare namespace Objects { + export { + type ObjectListResponse as ObjectListResponse, + type ObjectDeleteResponse as ObjectDeleteResponse, + type ObjectUploadResponse as ObjectUploadResponse, + ObjectListResponsesCursorPagination as ObjectListResponsesCursorPagination, + type ObjectListParams as ObjectListParams, + type ObjectDeleteParams as ObjectDeleteParams, + type ObjectGetParams as ObjectGetParams, + type ObjectUploadParams as ObjectUploadParams, + }; +} diff --git a/tests/api-resources/r2/buckets/objects.test.ts b/tests/api-resources/r2/buckets/objects.test.ts new file mode 100644 index 0000000000..981330c808 --- /dev/null +++ b/tests/api-resources/r2/buckets/objects.test.ts @@ -0,0 +1,102 @@ +// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. + +import Cloudflare, { toFile } from 'cloudflare'; +import { Response } from 'node-fetch'; + +const client = new Cloudflare({ + apiKey: '144c9defac04969c7bfad8efaa8ea194', + apiEmail: 'user@example.com', + baseURL: process.env['TEST_API_BASE_URL'] ?? 'http://127.0.0.1:4010', +}); + +describe('resource objects', () => { + // HTTP 404 error from prism + test.skip('list: only required params', async () => { + const responsePromise = client.r2.buckets.objects.list('example-bucket', { + account_id: '023e105f4ecef8ad9ca31a8372d0c353', + }); + const rawResponse = await responsePromise.asResponse(); + expect(rawResponse).toBeInstanceOf(Response); + const response = await responsePromise; + expect(response).not.toBeInstanceOf(Response); + const dataAndResponse = await responsePromise.withResponse(); + expect(dataAndResponse.data).toBe(response); + expect(dataAndResponse.response).toBe(rawResponse); + }); + + // HTTP 404 error from prism + test.skip('list: required and optional params', async () => { + const response = await client.r2.buckets.objects.list('example-bucket', { + account_id: '023e105f4ecef8ad9ca31a8372d0c353', + cursor: 'cursor', + delimiter: 'delimiter', + per_page: 1, + prefix: 'prefix', + start_after: 'start_after', + jurisdiction: 'default', + }); + }); + + // HTTP 404 error from prism + test.skip('delete: only required params', async () => { + const responsePromise = client.r2.buckets.objects.delete('example-bucket', 'path/to/my-object.txt', { + account_id: '023e105f4ecef8ad9ca31a8372d0c353', + }); + const rawResponse = await responsePromise.asResponse(); + expect(rawResponse).toBeInstanceOf(Response); + const response = await responsePromise; + expect(response).not.toBeInstanceOf(Response); + const dataAndResponse = await responsePromise.withResponse(); + expect(dataAndResponse.data).toBe(response); + expect(dataAndResponse.response).toBe(rawResponse); + }); + + // HTTP 404 error from prism + test.skip('delete: required and optional params', async () => { + const response = await client.r2.buckets.objects.delete('example-bucket', 'path/to/my-object.txt', { + account_id: '023e105f4ecef8ad9ca31a8372d0c353', + jurisdiction: 'default', + }); + }); + + // Mock server doesn't support application/octet-stream responses + test.skip('get: required and optional params', async () => { + const response = await client.r2.buckets.objects.get('example-bucket', 'path/to/my-object.txt', { + account_id: '023e105f4ecef8ad9ca31a8372d0c353', + jurisdiction: 'default', + 'If-Modified-Since': 'If-Modified-Since', + 'If-None-Match': 'If-None-Match', + }); + }); + + // HTTP 404 error from prism + test.skip('upload: only required params', async () => { + const responsePromise = client.r2.buckets.objects.upload( + 'example-bucket', + 'path/to/my-object.txt', + await toFile(Buffer.from('Example data'), 'README.md'), + { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + ); + const rawResponse = await responsePromise.asResponse(); + expect(rawResponse).toBeInstanceOf(Response); + const response = await responsePromise; + expect(response).not.toBeInstanceOf(Response); + const dataAndResponse = await responsePromise.withResponse(); + expect(dataAndResponse.data).toBe(response); + expect(dataAndResponse.response).toBe(rawResponse); + }); + + // HTTP 404 error from prism + test.skip('upload: required and optional params', async () => { + const response = await client.r2.buckets.objects.upload( + 'example-bucket', + 'path/to/my-object.txt', + await toFile(Buffer.from('Example data'), 'README.md'), + { + account_id: '023e105f4ecef8ad9ca31a8372d0c353', + jurisdiction: 'default', + 'cf-r2-storage-class': 'Standard', + }, + ); + }); +}); From d5bc24acb9898fcb40e66690d87808186a03788e Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Tue, 19 May 2026 11:14:56 -0700 Subject: [PATCH 11/19] chore(radar): update codegen output --- src/resources/radar/http/http.ts | 50 +++++++++++++++++++++ tests/api-resources/radar/http/http.test.ts | 2 + 2 files changed, 52 insertions(+) diff --git a/src/resources/radar/http/http.ts b/src/resources/radar/http/http.ts index b37a5a2eb9..ab2fc7f5de 100644 --- a/src/resources/radar/http/http.ts +++ b/src/resources/radar/http/http.ts @@ -85,6 +85,7 @@ export class HTTP extends APIResource { | 'BOT_CLASS' | 'BROWSER' | 'BROWSER_FAMILY' + | 'CONTENT_TYPE' | 'DEVICE_TYPE' | 'HTTP_PROTOCOL' | 'HTTP_VERSION' @@ -104,6 +105,7 @@ export class HTTP extends APIResource { | 'BOT_CLASS' | 'BROWSER' | 'BROWSER_FAMILY' + | 'CONTENT_TYPE' | 'DEVICE_TYPE' | 'HTTP_PROTOCOL' | 'HTTP_VERSION' @@ -122,6 +124,7 @@ export class HTTP extends APIResource { | 'BOT_CLASS' | 'BROWSER' | 'BROWSER_FAMILY' + | 'CONTENT_TYPE' | 'DEVICE_TYPE' | 'HTTP_PROTOCOL' | 'HTTP_VERSION' @@ -188,6 +191,7 @@ export class HTTP extends APIResource { | 'BOT_CLASS' | 'BROWSER' | 'BROWSER_FAMILY' + | 'CONTENT_TYPE' | 'DEVICE_TYPE' | 'HTTP_PROTOCOL' | 'HTTP_VERSION' @@ -207,6 +211,7 @@ export class HTTP extends APIResource { | 'BOT_CLASS' | 'BROWSER' | 'BROWSER_FAMILY' + | 'CONTENT_TYPE' | 'DEVICE_TYPE' | 'HTTP_PROTOCOL' | 'HTTP_VERSION' @@ -225,6 +230,7 @@ export class HTTP extends APIResource { | 'BOT_CLASS' | 'BROWSER' | 'BROWSER_FAMILY' + | 'CONTENT_TYPE' | 'DEVICE_TYPE' | 'HTTP_PROTOCOL' | 'HTTP_VERSION' @@ -682,6 +688,28 @@ export interface HTTPSummaryV2Params { */ botClass?: Array<'LIKELY_AUTOMATED' | 'LIKELY_HUMAN'>; + /** + * Filters results by content type category. + */ + contentType?: Array< + | 'HTML' + | 'IMAGES' + | 'JSON' + | 'JAVASCRIPT' + | 'CSS' + | 'PLAIN_TEXT' + | 'FONTS' + | 'XML' + | 'YAML' + | 'VIDEO' + | 'AUDIO' + | 'MARKDOWN' + | 'DOCUMENTS' + | 'BINARY' + | 'SERIALIZATION' + | 'OTHER' + >; + /** * Filters results by continent. Specify a comma-separated list of alpha-2 codes. * Prefix with `-` to exclude continents from results. For example, `-EU,NA` @@ -916,6 +944,28 @@ export interface HTTPTimeseriesGroupsV2Params { */ botClass?: Array<'LIKELY_AUTOMATED' | 'LIKELY_HUMAN'>; + /** + * Filters results by content type category. + */ + contentType?: Array< + | 'HTML' + | 'IMAGES' + | 'JSON' + | 'JAVASCRIPT' + | 'CSS' + | 'PLAIN_TEXT' + | 'FONTS' + | 'XML' + | 'YAML' + | 'VIDEO' + | 'AUDIO' + | 'MARKDOWN' + | 'DOCUMENTS' + | 'BINARY' + | 'SERIALIZATION' + | 'OTHER' + >; + /** * Filters results by continent. Specify a comma-separated list of alpha-2 codes. * Prefix with `-` to exclude continents from results. For example, `-EU,NA` diff --git a/tests/api-resources/radar/http/http.test.ts b/tests/api-resources/radar/http/http.test.ts index 473eb3fcdf..75ee7e9102 100644 --- a/tests/api-resources/radar/http/http.test.ts +++ b/tests/api-resources/radar/http/http.test.ts @@ -37,6 +37,7 @@ describe('resource http', () => { apiTraffic: ['API'], asn: ['string'], botClass: ['LIKELY_AUTOMATED'], + contentType: ['HTML'], continent: ['string'], dateEnd: ['2019-12-27T18:11:19.117Z'], dateRange: ['7d'], @@ -135,6 +136,7 @@ describe('resource http', () => { apiTraffic: ['API'], asn: ['string'], botClass: ['LIKELY_AUTOMATED'], + contentType: ['HTML'], continent: ['string'], dateEnd: ['2019-12-27T18:11:19.117Z'], dateRange: ['7d'], From 542f312097c920c73cb0a6934033483cb4052c64 Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Tue, 19 May 2026 11:14:56 -0700 Subject: [PATCH 12/19] feat(secrets-store): add stores.get method --- src/resources/secrets-store/api.md | 2 + src/resources/secrets-store/index.ts | 2 + src/resources/secrets-store/secrets-store.ts | 4 ++ src/resources/secrets-store/stores/index.ts | 2 + src/resources/secrets-store/stores/stores.ts | 61 +++++++++++++++++++ .../secrets-store/stores/stores.test.ts | 21 +++++++ 6 files changed, 92 insertions(+) diff --git a/src/resources/secrets-store/api.md b/src/resources/secrets-store/api.md index bd8c15b265..e6fb1c65c1 100644 --- a/src/resources/secrets-store/api.md +++ b/src/resources/secrets-store/api.md @@ -7,12 +7,14 @@ Types: - StoreCreateResponse - StoreListResponse - StoreDeleteResponse +- StoreGetResponse Methods: - client.secretsStore.stores.create({ ...params }) -> StoreCreateResponse - client.secretsStore.stores.list({ ...params }) -> StoreListResponsesV4PagePaginationArray - client.secretsStore.stores.delete(storeId, { ...params }) -> StoreDeleteResponse | null +- client.secretsStore.stores.get(storeId, { ...params }) -> StoreGetResponse ### Secrets diff --git a/src/resources/secrets-store/index.ts b/src/resources/secrets-store/index.ts index 0f363f4238..52d7a498c7 100644 --- a/src/resources/secrets-store/index.ts +++ b/src/resources/secrets-store/index.ts @@ -8,7 +8,9 @@ export { type StoreCreateResponse, type StoreListResponse, type StoreDeleteResponse, + type StoreGetResponse, type StoreCreateParams, type StoreListParams, type StoreDeleteParams, + type StoreGetParams, } from './stores/index'; diff --git a/src/resources/secrets-store/secrets-store.ts b/src/resources/secrets-store/secrets-store.ts index 2e4055006d..a9590c4e42 100644 --- a/src/resources/secrets-store/secrets-store.ts +++ b/src/resources/secrets-store/secrets-store.ts @@ -9,6 +9,8 @@ import { StoreCreateResponse, StoreDeleteParams, StoreDeleteResponse, + StoreGetParams, + StoreGetResponse, StoreListParams, StoreListResponse, StoreListResponsesV4PagePaginationArray, @@ -30,10 +32,12 @@ export declare namespace SecretsStore { type StoreCreateResponse as StoreCreateResponse, type StoreListResponse as StoreListResponse, type StoreDeleteResponse as StoreDeleteResponse, + type StoreGetResponse as StoreGetResponse, StoreListResponsesV4PagePaginationArray as StoreListResponsesV4PagePaginationArray, type StoreCreateParams as StoreCreateParams, type StoreListParams as StoreListParams, type StoreDeleteParams as StoreDeleteParams, + type StoreGetParams as StoreGetParams, }; export { Quota as Quota, type QuotaGetResponse as QuotaGetResponse, type QuotaGetParams as QuotaGetParams }; diff --git a/src/resources/secrets-store/stores/index.ts b/src/resources/secrets-store/stores/index.ts index 742c7b989d..2faa8b5c34 100644 --- a/src/resources/secrets-store/stores/index.ts +++ b/src/resources/secrets-store/stores/index.ts @@ -25,7 +25,9 @@ export { type StoreCreateResponse, type StoreListResponse, type StoreDeleteResponse, + type StoreGetResponse, type StoreCreateParams, type StoreListParams, type StoreDeleteParams, + type StoreGetParams, } from './stores'; diff --git a/src/resources/secrets-store/stores/stores.ts b/src/resources/secrets-store/stores/stores.ts index 8bee25ccec..e5a55e67f0 100644 --- a/src/resources/secrets-store/stores/stores.ts +++ b/src/resources/secrets-store/stores/stores.ts @@ -100,6 +100,31 @@ export class Stores extends APIResource { }) as Core.APIPromise<{ result: StoreDeleteResponse | null }> )._thenUnwrap((obj) => obj.result); } + + /** + * Returns details of a single store + * + * @example + * ```ts + * const store = await client.secretsStore.stores.get( + * '023e105f4ecef8ad9ca31a8372d0c353', + * { account_id: '985e105f4ecef8ad9ca31a8372d0c353' }, + * ); + * ``` + */ + get( + storeId: string, + params: StoreGetParams, + options?: Core.RequestOptions, + ): Core.APIPromise { + const { account_id } = params; + return ( + this._client.get( + `/accounts/${account_id}/secrets_store/stores/${storeId}`, + options, + ) as Core.APIPromise<{ result: StoreGetResponse }> + )._thenUnwrap((obj) => obj.result); + } } export class StoreListResponsesV4PagePaginationArray extends V4PagePaginationArray {} @@ -163,6 +188,33 @@ export interface StoreListResponse { */ export type StoreDeleteResponse = unknown; +export interface StoreGetResponse { + /** + * Store Identifier + */ + id: string; + + /** + * Whenthe secret was created. + */ + created: string; + + /** + * When the secret was modified. + */ + modified: string; + + /** + * The name of the store + */ + name: string; + + /** + * Account Identifier + */ + account_id?: string; +} + export interface StoreCreateParams { /** * Path param: Account Identifier @@ -206,6 +258,13 @@ export interface StoreDeleteParams { force?: boolean; } +export interface StoreGetParams { + /** + * Account Identifier + */ + account_id: string; +} + Stores.StoreListResponsesV4PagePaginationArray = StoreListResponsesV4PagePaginationArray; Stores.Secrets = Secrets; Stores.SecretCreateResponsesSinglePage = SecretCreateResponsesSinglePage; @@ -216,10 +275,12 @@ export declare namespace Stores { type StoreCreateResponse as StoreCreateResponse, type StoreListResponse as StoreListResponse, type StoreDeleteResponse as StoreDeleteResponse, + type StoreGetResponse as StoreGetResponse, StoreListResponsesV4PagePaginationArray as StoreListResponsesV4PagePaginationArray, type StoreCreateParams as StoreCreateParams, type StoreListParams as StoreListParams, type StoreDeleteParams as StoreDeleteParams, + type StoreGetParams as StoreGetParams, }; export { diff --git a/tests/api-resources/secrets-store/stores/stores.test.ts b/tests/api-resources/secrets-store/stores/stores.test.ts index 4ff2b6cf41..1e2f26bb1d 100644 --- a/tests/api-resources/secrets-store/stores/stores.test.ts +++ b/tests/api-resources/secrets-store/stores/stores.test.ts @@ -79,4 +79,25 @@ describe('resource stores', () => { force: true, }); }); + + // SKIP: prism error for 422 Unprocessable Entity + test.skip('get: only required params', async () => { + const responsePromise = client.secretsStore.stores.get('023e105f4ecef8ad9ca31a8372d0c353', { + account_id: '985e105f4ecef8ad9ca31a8372d0c353', + }); + const rawResponse = await responsePromise.asResponse(); + expect(rawResponse).toBeInstanceOf(Response); + const response = await responsePromise; + expect(response).not.toBeInstanceOf(Response); + const dataAndResponse = await responsePromise.withResponse(); + expect(dataAndResponse.data).toBe(response); + expect(dataAndResponse.response).toBe(rawResponse); + }); + + // SKIP: prism error for 422 Unprocessable Entity + test.skip('get: required and optional params', async () => { + const response = await client.secretsStore.stores.get('023e105f4ecef8ad9ca31a8372d0c353', { + account_id: '985e105f4ecef8ad9ca31a8372d0c353', + }); + }); }); From 1afad1fcad0f6d6804e8f1bb91aa02346d14967f Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Tue, 19 May 2026 11:14:56 -0700 Subject: [PATCH 13/19] chore(spectrum): update codegen output --- src/resources/spectrum/apps.ts | 36 +++++++++++++++++++++++ tests/api-resources/spectrum/apps.test.ts | 2 ++ 2 files changed, 38 insertions(+) diff --git a/src/resources/spectrum/apps.ts b/src/resources/spectrum/apps.ts index ffc5617994..78829d4f58 100644 --- a/src/resources/spectrum/apps.ts +++ b/src/resources/spectrum/apps.ts @@ -194,6 +194,12 @@ export namespace AppCreateResponse { * The type of TLS termination associated with the application. */ tls?: 'off' | 'flexible' | 'full' | 'strict'; + + /** + * Optional UUID of a virtual network for routing origin traffic through tunnel + * virtual networks. + */ + virtual_network_id?: string; } export interface SpectrumConfigPaygoAppConfig { @@ -321,6 +327,12 @@ export namespace AppUpdateResponse { * The type of TLS termination associated with the application. */ tls?: 'off' | 'flexible' | 'full' | 'strict'; + + /** + * Optional UUID of a virtual network for routing origin traffic through tunnel + * virtual networks. + */ + virtual_network_id?: string; } export interface SpectrumConfigPaygoAppConfig { @@ -448,6 +460,12 @@ export namespace AppListResponse { * The type of TLS termination associated with the application. */ tls?: 'off' | 'flexible' | 'full' | 'strict'; + + /** + * Optional UUID of a virtual network for routing origin traffic through tunnel + * virtual networks. + */ + virtual_network_id?: string; } export interface SpectrumConfigPaygoAppConfig { @@ -582,6 +600,12 @@ export namespace AppGetResponse { * The type of TLS termination associated with the application. */ tls?: 'off' | 'flexible' | 'full' | 'strict'; + + /** + * Optional UUID of a virtual network for routing origin traffic through tunnel + * virtual networks. + */ + virtual_network_id?: string; } export interface SpectrumConfigPaygoAppConfig { @@ -701,6 +725,12 @@ export declare namespace AppCreateParams { * Body param: The type of TLS termination associated with the application. */ tls?: 'off' | 'flexible' | 'full' | 'strict'; + + /** + * Body param: Optional UUID of a virtual network for routing origin traffic + * through tunnel virtual networks. + */ + virtual_network_id?: string; } export interface SpectrumConfigPaygoAppConfig { @@ -811,6 +841,12 @@ export declare namespace AppUpdateParams { * Body param: The type of TLS termination associated with the application. */ tls?: 'off' | 'flexible' | 'full' | 'strict'; + + /** + * Body param: Optional UUID of a virtual network for routing origin traffic + * through tunnel virtual networks. + */ + virtual_network_id?: string; } export interface SpectrumConfigPaygoAppConfig { diff --git a/tests/api-resources/spectrum/apps.test.ts b/tests/api-resources/spectrum/apps.test.ts index a0eb7bc824..011ac68fac 100644 --- a/tests/api-resources/spectrum/apps.test.ts +++ b/tests/api-resources/spectrum/apps.test.ts @@ -46,6 +46,7 @@ describe('resource apps', () => { origin_port: 22, proxy_protocol: 'off', tls: 'off', + virtual_network_id: '182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e', }); }); @@ -85,6 +86,7 @@ describe('resource apps', () => { origin_port: 22, proxy_protocol: 'off', tls: 'off', + virtual_network_id: '182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e', }); }); From d1f8d27e71125cce1c27287603c8c11845edf574 Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Tue, 19 May 2026 11:14:56 -0700 Subject: [PATCH 14/19] feat(workers): add observability.queries sub-resource --- src/resources/workers/api.md | 14 + .../workers/observability/destinations.ts | 10 +- src/resources/workers/observability/index.ts | 8 + .../workers/observability/observability.ts | 21 + .../workers/observability/queries.ts | 825 ++++++++++++++++++ .../workers/observability/telemetry.ts | 120 ++- src/resources/workers/scripts/index.ts | 2 + src/resources/workers/scripts/scripts.ts | 4 + src/resources/workers/scripts/secrets.ts | 180 ++++ .../workers/observability/queries.test.ts | 93 ++ .../workers/scripts/secrets.test.ts | 27 + 11 files changed, 1263 insertions(+), 41 deletions(-) create mode 100644 src/resources/workers/observability/queries.ts create mode 100644 tests/api-resources/workers/observability/queries.test.ts diff --git a/src/resources/workers/api.md b/src/resources/workers/api.md index a19304a789..3d3d269fcb 100644 --- a/src/resources/workers/api.md +++ b/src/resources/workers/api.md @@ -191,6 +191,7 @@ Types: - SecretUpdateResponse - SecretListResponse - SecretDeleteResponse +- SecretBulkUpdateResponse - SecretGetResponse Methods: @@ -198,6 +199,7 @@ Methods: - client.workers.scripts.secrets.update(scriptName, { ...params }) -> SecretUpdateResponse - client.workers.scripts.secrets.list(scriptName, { ...params }) -> SecretListResponsesSinglePage - client.workers.scripts.secrets.delete(scriptName, secretName, { ...params }) -> SecretDeleteResponse | null +- client.workers.scripts.secrets.bulkUpdate(scriptName, { ...params }) -> SecretBulkUpdateResponse - client.workers.scripts.secrets.get(scriptName, secretName, { ...params }) -> SecretGetResponse ### ScriptAndVersionSettings @@ -284,3 +286,15 @@ Methods: - client.workers.observability.destinations.update(slug, { ...params }) -> DestinationUpdateResponse - client.workers.observability.destinations.list({ ...params }) -> DestinationListResponsesSinglePage - client.workers.observability.destinations.delete(slug, { ...params }) -> DestinationDeleteResponse + +### Queries + +Types: + +- QueryCreateResponse +- QueryListResponse + +Methods: + +- client.workers.observability.queries.create({ ...params }) -> QueryCreateResponse +- client.workers.observability.queries.list({ ...params }) -> QueryListResponsesSinglePage diff --git a/src/resources/workers/observability/destinations.ts b/src/resources/workers/observability/destinations.ts index 273255990a..ba4409287c 100644 --- a/src/resources/workers/observability/destinations.ts +++ b/src/resources/workers/observability/destinations.ts @@ -141,7 +141,7 @@ export namespace DestinationCreateResponse { export interface Configuration { destination_conf: string; - logpushDataset: 'opentelemetry-traces' | 'opentelemetry-logs'; + logpushDataset: 'opentelemetry-traces' | 'opentelemetry-logs' | 'opentelemetry-metrics'; logpushJob: number; @@ -167,7 +167,7 @@ export namespace DestinationUpdateResponse { export interface Configuration { destination_conf: string; - logpushDataset: 'opentelemetry-traces' | 'opentelemetry-logs'; + logpushDataset: 'opentelemetry-traces' | 'opentelemetry-logs' | 'opentelemetry-metrics'; logpushJob: number; @@ -197,7 +197,7 @@ export namespace DestinationListResponse { jobStatus: Configuration.JobStatus; - logpushDataset: 'opentelemetry-traces' | 'opentelemetry-logs'; + logpushDataset: 'opentelemetry-traces' | 'opentelemetry-logs' | 'opentelemetry-metrics'; type: 'logpush'; @@ -231,7 +231,7 @@ export namespace DestinationDeleteResponse { export interface Configuration { destination_conf: string; - logpushDataset: 'opentelemetry-traces' | 'opentelemetry-logs'; + logpushDataset: 'opentelemetry-traces' | 'opentelemetry-logs' | 'opentelemetry-metrics'; logpushJob: number; @@ -272,7 +272,7 @@ export namespace DestinationCreateParams { export interface Configuration { headers: { [key: string]: string }; - logpushDataset: 'opentelemetry-traces' | 'opentelemetry-logs'; + logpushDataset: 'opentelemetry-traces' | 'opentelemetry-logs' | 'opentelemetry-metrics'; type: 'logpush'; diff --git a/src/resources/workers/observability/index.ts b/src/resources/workers/observability/index.ts index 03c6076857..bf6b2f2066 100644 --- a/src/resources/workers/observability/index.ts +++ b/src/resources/workers/observability/index.ts @@ -13,6 +13,14 @@ export { type DestinationDeleteParams, } from './destinations'; export { Observability } from './observability'; +export { + QueryListResponsesSinglePage, + Queries, + type QueryCreateResponse, + type QueryListResponse, + type QueryCreateParams, + type QueryListParams, +} from './queries'; export { TelemetryKeysResponsesSinglePage, TelemetryValuesResponsesSinglePage, diff --git a/src/resources/workers/observability/observability.ts b/src/resources/workers/observability/observability.ts index 72f7cac7b4..434b53083b 100644 --- a/src/resources/workers/observability/observability.ts +++ b/src/resources/workers/observability/observability.ts @@ -14,6 +14,15 @@ import { DestinationUpdateResponse, Destinations, } from './destinations'; +import * as QueriesAPI from './queries'; +import { + Queries, + QueryCreateParams, + QueryCreateResponse, + QueryListParams, + QueryListResponse, + QueryListResponsesSinglePage, +} from './queries'; import * as TelemetryAPI from './telemetry'; import { Telemetry, @@ -30,6 +39,7 @@ import { export class Observability extends APIResource { telemetry: TelemetryAPI.Telemetry = new TelemetryAPI.Telemetry(this._client); destinations: DestinationsAPI.Destinations = new DestinationsAPI.Destinations(this._client); + queries: QueriesAPI.Queries = new QueriesAPI.Queries(this._client); } Observability.Telemetry = Telemetry; @@ -37,6 +47,8 @@ Observability.TelemetryKeysResponsesSinglePage = TelemetryKeysResponsesSinglePag Observability.TelemetryValuesResponsesSinglePage = TelemetryValuesResponsesSinglePage; Observability.Destinations = Destinations; Observability.DestinationListResponsesSinglePage = DestinationListResponsesSinglePage; +Observability.Queries = Queries; +Observability.QueryListResponsesSinglePage = QueryListResponsesSinglePage; export declare namespace Observability { export { @@ -63,4 +75,13 @@ export declare namespace Observability { type DestinationListParams as DestinationListParams, type DestinationDeleteParams as DestinationDeleteParams, }; + + export { + Queries as Queries, + type QueryCreateResponse as QueryCreateResponse, + type QueryListResponse as QueryListResponse, + QueryListResponsesSinglePage as QueryListResponsesSinglePage, + type QueryCreateParams as QueryCreateParams, + type QueryListParams as QueryListParams, + }; } diff --git a/src/resources/workers/observability/queries.ts b/src/resources/workers/observability/queries.ts new file mode 100644 index 0000000000..d780d19d95 --- /dev/null +++ b/src/resources/workers/observability/queries.ts @@ -0,0 +1,825 @@ +// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. + +import { APIResource } from '../../../resource'; +import * as Core from '../../../core'; +import { SinglePage } from '../../../pagination'; + +export class Queries extends APIResource { + /** + * Persist query for later use. + * + * @example + * ```ts + * const query = + * await client.workers.observability.queries.create({ + * account_id: 'account_id', + * description: 'Query description', + * name: 'x', + * parameters: {}, + * }); + * ``` + */ + create(params: QueryCreateParams, options?: Core.RequestOptions): Core.APIPromise { + const { account_id, ...body } = params; + return ( + this._client.post(`/accounts/${account_id}/workers/observability/queries`, { + body, + ...options, + }) as Core.APIPromise<{ result: QueryCreateResponse }> + )._thenUnwrap((obj) => obj.result); + } + + /** + * List saved queries. + * + * @example + * ```ts + * // Automatically fetches more pages as needed. + * for await (const queryListResponse of client.workers.observability.queries.list( + * { account_id: 'account_id' }, + * )) { + * // ... + * } + * ``` + */ + list( + params: QueryListParams, + options?: Core.RequestOptions, + ): Core.PagePromise { + const { account_id, ...query } = params; + return this._client.getAPIList( + `/accounts/${account_id}/workers/observability/queries`, + QueryListResponsesSinglePage, + { query, ...options }, + ); + } +} + +export class QueryListResponsesSinglePage extends SinglePage {} + +export interface QueryCreateResponse { + id: string; + + /** + * If the query wasn't explcitly saved + */ + adhoc: boolean; + + created: string; + + createdBy: string; + + description: string | null; + + /** + * Query name + */ + name: string; + + parameters: QueryCreateResponse.Parameters; + + updated: string; + + updatedBy: string; +} + +export namespace QueryCreateResponse { + export interface Parameters { + /** + * Create Calculations to compute as part of the query. + */ + calculations?: Array; + + /** + * Set the Datasets to query. Leave it empty to query all the datasets. + */ + datasets?: Array; + + /** + * Set a Flag to describe how to combine the filters on the query. + */ + filterCombination?: 'and' | 'or' | 'AND' | 'OR'; + + /** + * Configure the Filters to apply to the query. Supports nested groups via kind: + * 'group'. + */ + filters?: Array; + + /** + * Define how to group the results of the query. + */ + groupBys?: Array; + + /** + * Configure the Having clauses that filter on calculations in the query result. + */ + havings?: Array; + + /** + * Set a limit on the number of results / records returned by the query + */ + limit?: number; + + /** + * Define an expression to search using full-text search. + */ + needle?: Parameters.Needle; + + /** + * Configure the order of the results returned by the query. + */ + orderBy?: Parameters.OrderBy; + } + + export namespace Parameters { + export interface Calculation { + operator: + | 'uniq' + | 'count' + | 'max' + | 'min' + | 'sum' + | 'avg' + | 'median' + | 'p001' + | 'p01' + | 'p05' + | 'p10' + | 'p25' + | 'p75' + | 'p90' + | 'p95' + | 'p99' + | 'p999' + | 'stddev' + | 'variance' + | 'COUNT_DISTINCT' + | 'COUNT' + | 'MAX' + | 'MIN' + | 'SUM' + | 'AVG' + | 'MEDIAN' + | 'P001' + | 'P01' + | 'P05' + | 'P10' + | 'P25' + | 'P75' + | 'P90' + | 'P95' + | 'P99' + | 'P999' + | 'STDDEV' + | 'VARIANCE'; + + alias?: string; + + key?: string; + + keyType?: 'string' | 'number' | 'boolean'; + } + + export interface UnionMember0 { + filterCombination: 'and' | 'or' | 'AND' | 'OR'; + + filters: Array; + + kind: 'group'; + } + + /** + * A filter condition applied to query results. Use the keys and values endpoints + * to discover available fields and their values before constructing filters. + */ + export interface WorkersObservabilityFilterLeaf { + /** + * Filter field name. Use verified keys from previous query results or the keys + * endpoint. Common keys include $metadata.service, $metadata.origin, + * $metadata.trigger, $metadata.message, and $metadata.error. + */ + key: string; + + /** + * Comparison operator. String operators: includes, not_includes, starts_with, + * ends_with, regex. Existence: exists, is_null. Set membership: in, not_in + * (comma-separated values). Numeric: eq, neq, gt, gte, lt, lte. + */ + operation: + | 'includes' + | 'not_includes' + | 'starts_with' + | 'ends_with' + | 'regex' + | 'exists' + | 'is_null' + | 'in' + | 'not_in' + | 'eq' + | 'neq' + | 'gt' + | 'gte' + | 'lt' + | 'lte' + | '=' + | '!=' + | '>' + | '>=' + | '<' + | '<=' + | 'INCLUDES' + | 'DOES_NOT_INCLUDE' + | 'MATCH_REGEX' + | 'EXISTS' + | 'DOES_NOT_EXIST' + | 'IN' + | 'NOT_IN' + | 'STARTS_WITH' + | 'ENDS_WITH'; + + /** + * Data type of the filter field. Must match the actual type of the key being + * filtered. + */ + type: 'string' | 'number' | 'boolean'; + + /** + * Discriminator for leaf filter nodes. Always 'filter' when present; may be + * omitted. + */ + kind?: 'filter'; + + /** + * Comparison value. Must match actual values in your data — verify with the values + * endpoint. Ensure the value type (string/number/boolean) matches the field type. + * String comparisons are case-sensitive. Regex uses RE2 syntax (no + * lookaheads/lookbehinds). + */ + value?: string | number | boolean; + } + + export interface GroupBy { + type: 'string' | 'number' | 'boolean'; + + value: string; + } + + export interface Having { + key: string; + + operation: 'eq' | 'neq' | 'gt' | 'gte' | 'lt' | 'lte'; + + value: number; + } + + /** + * Define an expression to search using full-text search. + */ + export interface Needle { + value: string | number | boolean; + + isRegex?: boolean; + + matchCase?: boolean; + } + + /** + * Configure the order of the results returned by the query. + */ + export interface OrderBy { + /** + * Configure which Calculation to order the results by. + */ + value: string; + + /** + * Set the order of the results + */ + order?: 'asc' | 'desc'; + } + } +} + +export interface QueryListResponse { + id: string; + + /** + * If the query wasn't explcitly saved + */ + adhoc: boolean; + + created: string; + + createdBy: string; + + description: string | null; + + /** + * Query name + */ + name: string; + + parameters: QueryListResponse.Parameters; + + updated: string; + + updatedBy: string; +} + +export namespace QueryListResponse { + export interface Parameters { + /** + * Create Calculations to compute as part of the query. + */ + calculations?: Array; + + /** + * Set the Datasets to query. Leave it empty to query all the datasets. + */ + datasets?: Array; + + /** + * Set a Flag to describe how to combine the filters on the query. + */ + filterCombination?: 'and' | 'or' | 'AND' | 'OR'; + + /** + * Configure the Filters to apply to the query. Supports nested groups via kind: + * 'group'. + */ + filters?: Array; + + /** + * Define how to group the results of the query. + */ + groupBys?: Array; + + /** + * Configure the Having clauses that filter on calculations in the query result. + */ + havings?: Array; + + /** + * Set a limit on the number of results / records returned by the query + */ + limit?: number; + + /** + * Define an expression to search using full-text search. + */ + needle?: Parameters.Needle; + + /** + * Configure the order of the results returned by the query. + */ + orderBy?: Parameters.OrderBy; + } + + export namespace Parameters { + export interface Calculation { + operator: + | 'uniq' + | 'count' + | 'max' + | 'min' + | 'sum' + | 'avg' + | 'median' + | 'p001' + | 'p01' + | 'p05' + | 'p10' + | 'p25' + | 'p75' + | 'p90' + | 'p95' + | 'p99' + | 'p999' + | 'stddev' + | 'variance' + | 'COUNT_DISTINCT' + | 'COUNT' + | 'MAX' + | 'MIN' + | 'SUM' + | 'AVG' + | 'MEDIAN' + | 'P001' + | 'P01' + | 'P05' + | 'P10' + | 'P25' + | 'P75' + | 'P90' + | 'P95' + | 'P99' + | 'P999' + | 'STDDEV' + | 'VARIANCE'; + + alias?: string; + + key?: string; + + keyType?: 'string' | 'number' | 'boolean'; + } + + export interface UnionMember0 { + filterCombination: 'and' | 'or' | 'AND' | 'OR'; + + filters: Array; + + kind: 'group'; + } + + /** + * A filter condition applied to query results. Use the keys and values endpoints + * to discover available fields and their values before constructing filters. + */ + export interface WorkersObservabilityFilterLeaf { + /** + * Filter field name. Use verified keys from previous query results or the keys + * endpoint. Common keys include $metadata.service, $metadata.origin, + * $metadata.trigger, $metadata.message, and $metadata.error. + */ + key: string; + + /** + * Comparison operator. String operators: includes, not_includes, starts_with, + * ends_with, regex. Existence: exists, is_null. Set membership: in, not_in + * (comma-separated values). Numeric: eq, neq, gt, gte, lt, lte. + */ + operation: + | 'includes' + | 'not_includes' + | 'starts_with' + | 'ends_with' + | 'regex' + | 'exists' + | 'is_null' + | 'in' + | 'not_in' + | 'eq' + | 'neq' + | 'gt' + | 'gte' + | 'lt' + | 'lte' + | '=' + | '!=' + | '>' + | '>=' + | '<' + | '<=' + | 'INCLUDES' + | 'DOES_NOT_INCLUDE' + | 'MATCH_REGEX' + | 'EXISTS' + | 'DOES_NOT_EXIST' + | 'IN' + | 'NOT_IN' + | 'STARTS_WITH' + | 'ENDS_WITH'; + + /** + * Data type of the filter field. Must match the actual type of the key being + * filtered. + */ + type: 'string' | 'number' | 'boolean'; + + /** + * Discriminator for leaf filter nodes. Always 'filter' when present; may be + * omitted. + */ + kind?: 'filter'; + + /** + * Comparison value. Must match actual values in your data — verify with the values + * endpoint. Ensure the value type (string/number/boolean) matches the field type. + * String comparisons are case-sensitive. Regex uses RE2 syntax (no + * lookaheads/lookbehinds). + */ + value?: string | number | boolean; + } + + export interface GroupBy { + type: 'string' | 'number' | 'boolean'; + + value: string; + } + + export interface Having { + key: string; + + operation: 'eq' | 'neq' | 'gt' | 'gte' | 'lt' | 'lte'; + + value: number; + } + + /** + * Define an expression to search using full-text search. + */ + export interface Needle { + value: string | number | boolean; + + isRegex?: boolean; + + matchCase?: boolean; + } + + /** + * Configure the order of the results returned by the query. + */ + export interface OrderBy { + /** + * Configure which Calculation to order the results by. + */ + value: string; + + /** + * Set the order of the results + */ + order?: 'asc' | 'desc'; + } + } +} + +export interface QueryCreateParams { + /** + * Path param: Your Cloudflare account ID. + */ + account_id: string; + + /** + * Body param + */ + description: string | null; + + /** + * Body param: Query name + */ + name: string; + + /** + * Body param + */ + parameters: QueryCreateParams.Parameters; +} + +export namespace QueryCreateParams { + export interface Parameters { + /** + * Create Calculations to compute as part of the query. + */ + calculations?: Array; + + /** + * Set the Datasets to query. Leave it empty to query all the datasets. + */ + datasets?: Array; + + /** + * Set a Flag to describe how to combine the filters on the query. + */ + filterCombination?: 'and' | 'or' | 'AND' | 'OR'; + + /** + * Configure the Filters to apply to the query. Supports nested groups via kind: + * 'group'. + */ + filters?: Array; + + /** + * Define how to group the results of the query. + */ + groupBys?: Array; + + /** + * Configure the Having clauses that filter on calculations in the query result. + */ + havings?: Array; + + /** + * Set a limit on the number of results / records returned by the query + */ + limit?: number; + + /** + * Define an expression to search using full-text search. + */ + needle?: Parameters.Needle; + + /** + * Configure the order of the results returned by the query. + */ + orderBy?: Parameters.OrderBy; + } + + export namespace Parameters { + export interface Calculation { + operator: + | 'uniq' + | 'count' + | 'max' + | 'min' + | 'sum' + | 'avg' + | 'median' + | 'p001' + | 'p01' + | 'p05' + | 'p10' + | 'p25' + | 'p75' + | 'p90' + | 'p95' + | 'p99' + | 'p999' + | 'stddev' + | 'variance' + | 'COUNT_DISTINCT' + | 'COUNT' + | 'MAX' + | 'MIN' + | 'SUM' + | 'AVG' + | 'MEDIAN' + | 'P001' + | 'P01' + | 'P05' + | 'P10' + | 'P25' + | 'P75' + | 'P90' + | 'P95' + | 'P99' + | 'P999' + | 'STDDEV' + | 'VARIANCE'; + + alias?: string; + + key?: string; + + keyType?: 'string' | 'number' | 'boolean'; + } + + export interface UnionMember0 { + filterCombination: 'and' | 'or' | 'AND' | 'OR'; + + filters: Array; + + kind: 'group'; + } + + /** + * A filter condition applied to query results. Use the keys and values endpoints + * to discover available fields and their values before constructing filters. + */ + export interface WorkersObservabilityFilterLeaf { + /** + * Filter field name. Use verified keys from previous query results or the keys + * endpoint. Common keys include $metadata.service, $metadata.origin, + * $metadata.trigger, $metadata.message, and $metadata.error. + */ + key: string; + + /** + * Comparison operator. String operators: includes, not_includes, starts_with, + * ends_with, regex. Existence: exists, is_null. Set membership: in, not_in + * (comma-separated values). Numeric: eq, neq, gt, gte, lt, lte. + */ + operation: + | 'includes' + | 'not_includes' + | 'starts_with' + | 'ends_with' + | 'regex' + | 'exists' + | 'is_null' + | 'in' + | 'not_in' + | 'eq' + | 'neq' + | 'gt' + | 'gte' + | 'lt' + | 'lte' + | '=' + | '!=' + | '>' + | '>=' + | '<' + | '<=' + | 'INCLUDES' + | 'DOES_NOT_INCLUDE' + | 'MATCH_REGEX' + | 'EXISTS' + | 'DOES_NOT_EXIST' + | 'IN' + | 'NOT_IN' + | 'STARTS_WITH' + | 'ENDS_WITH'; + + /** + * Data type of the filter field. Must match the actual type of the key being + * filtered. + */ + type: 'string' | 'number' | 'boolean'; + + /** + * Discriminator for leaf filter nodes. Always 'filter' when present; may be + * omitted. + */ + kind?: 'filter'; + + /** + * Comparison value. Must match actual values in your data — verify with the values + * endpoint. Ensure the value type (string/number/boolean) matches the field type. + * String comparisons are case-sensitive. Regex uses RE2 syntax (no + * lookaheads/lookbehinds). + */ + value?: string | number | boolean; + } + + export interface GroupBy { + type: 'string' | 'number' | 'boolean'; + + value: string; + } + + export interface Having { + key: string; + + operation: 'eq' | 'neq' | 'gt' | 'gte' | 'lt' | 'lte'; + + value: number; + } + + /** + * Define an expression to search using full-text search. + */ + export interface Needle { + value: string | number | boolean; + + isRegex?: boolean; + + matchCase?: boolean; + } + + /** + * Configure the order of the results returned by the query. + */ + export interface OrderBy { + /** + * Configure which Calculation to order the results by. + */ + value: string; + + /** + * Set the order of the results + */ + order?: 'asc' | 'desc'; + } + } +} + +export interface QueryListParams { + /** + * Path param: Your Cloudflare account ID. + */ + account_id: string; + + /** + * Query param + */ + order?: 'asc' | 'desc'; + + /** + * Query param + */ + orderBy?: 'created' | 'updated'; + + /** + * Query param + */ + page?: number; + + /** + * Query param + */ + perPage?: number; +} + +Queries.QueryListResponsesSinglePage = QueryListResponsesSinglePage; + +export declare namespace Queries { + export { + type QueryCreateResponse as QueryCreateResponse, + type QueryListResponse as QueryListResponse, + QueryListResponsesSinglePage as QueryListResponsesSinglePage, + type QueryCreateParams as QueryCreateParams, + type QueryListParams as QueryListParams, + }; +} diff --git a/src/resources/workers/observability/telemetry.ts b/src/resources/workers/observability/telemetry.ts index 0e896e41b6..91a342f6dc 100644 --- a/src/resources/workers/observability/telemetry.ts +++ b/src/resources/workers/observability/telemetry.ts @@ -106,8 +106,8 @@ export interface TelemetryKeysResponse { */ export interface TelemetryQueryResponse { /** - * The query run metadata including the query definition, execution status, and - * timeframe. + * Represents a single execution of a query against Workers Observability data, + * including the query definition, execution status, and performance statistics. */ run: TelemetryQueryResponse.Run; @@ -159,8 +159,8 @@ export interface TelemetryQueryResponse { export namespace TelemetryQueryResponse { /** - * The query run metadata including the query definition, execution status, and - * timeframe. + * Represents a single execution of a query against Workers Observability data, + * including the query definition, execution status, and performance statistics. */ export interface Run { /** @@ -373,13 +373,14 @@ export namespace TelemetryQueryResponse { /** * Comparison operator. String operators: includes, not_includes, starts_with, - * regex. Existence: exists, is_null. Set membership: in, not_in (comma-separated - * values). Numeric: eq, neq, gt, gte, lt, lte. + * ends_with, regex. Existence: exists, is_null. Set membership: in, not_in + * (comma-separated values). Numeric: eq, neq, gt, gte, lt, lte. */ operation: | 'includes' | 'not_includes' | 'starts_with' + | 'ends_with' | 'regex' | 'exists' | 'is_null' @@ -404,7 +405,8 @@ export namespace TelemetryQueryResponse { | 'DOES_NOT_EXIST' | 'IN' | 'NOT_IN' - | 'STARTS_WITH'; + | 'STARTS_WITH' + | 'ENDS_WITH'; /** * Data type of the filter field. Must match the actual type of the key being @@ -763,7 +765,7 @@ export namespace TelemetryQueryResponse { * Raw log payload. May be a string or a structured object depending on how the log * was emitted. */ - source: string | unknown; + source: string | { [key: string]: unknown }; /** * Event timestamp as a Unix epoch in milliseconds. @@ -774,7 +776,7 @@ export namespace TelemetryQueryResponse { * Cloudflare Containers event information that enriches your logs for identifying * and debugging issues. */ - $containers?: unknown; + $containers?: { [key: string]: unknown }; /** * Cloudflare Workers event information that enriches your logs for identifying and @@ -804,9 +806,6 @@ export namespace TelemetryQueryResponse { */ cloudService?: string; - /** - * Whether this was a cold start (1) or warm invocation (0). - */ coldStart?: number; /** @@ -973,6 +972,8 @@ export namespace TelemetryQueryResponse { outcome?: string; + preview?: UnionMember0.Preview; + scriptVersion?: UnionMember0.ScriptVersion; spanId?: string; @@ -983,6 +984,14 @@ export namespace TelemetryQueryResponse { } export namespace UnionMember0 { + export interface Preview { + id?: string; + + name?: string; + + slug?: string; + } + export interface ScriptVersion { id?: string; @@ -1028,6 +1037,8 @@ export namespace TelemetryQueryResponse { executionModel?: 'durableObject' | 'stateless'; + preview?: UnionMember1.Preview; + scriptVersion?: UnionMember1.ScriptVersion; spanId?: string; @@ -1046,6 +1057,14 @@ export namespace TelemetryQueryResponse { timestamp: number; } + export interface Preview { + id?: string; + + name?: string; + + slug?: string; + } + export interface ScriptVersion { id?: string; @@ -1143,7 +1162,7 @@ export namespace TelemetryQueryResponse { * Raw log payload. May be a string or a structured object depending on how the log * was emitted. */ - source: string | unknown; + source: string | { [key: string]: unknown }; /** * Event timestamp as a Unix epoch in milliseconds. @@ -1154,7 +1173,7 @@ export namespace TelemetryQueryResponse { * Cloudflare Containers event information that enriches your logs for identifying * and debugging issues. */ - $containers?: unknown; + $containers?: { [key: string]: unknown }; /** * Cloudflare Workers event information that enriches your logs for identifying and @@ -1184,9 +1203,6 @@ export namespace TelemetryQueryResponse { */ cloudService?: string; - /** - * Whether this was a cold start (1) or warm invocation (0). - */ coldStart?: number; /** @@ -1353,6 +1369,8 @@ export namespace TelemetryQueryResponse { outcome?: string; + preview?: UnionMember0.Preview; + scriptVersion?: UnionMember0.ScriptVersion; spanId?: string; @@ -1363,6 +1381,14 @@ export namespace TelemetryQueryResponse { } export namespace UnionMember0 { + export interface Preview { + id?: string; + + name?: string; + + slug?: string; + } + export interface ScriptVersion { id?: string; @@ -1408,6 +1434,8 @@ export namespace TelemetryQueryResponse { executionModel?: 'durableObject' | 'stateless'; + preview?: UnionMember1.Preview; + scriptVersion?: UnionMember1.ScriptVersion; spanId?: string; @@ -1426,6 +1454,14 @@ export namespace TelemetryQueryResponse { timestamp: number; } + export interface Preview { + id?: string; + + name?: string; + + slug?: string; + } + export interface ScriptVersion { id?: string; @@ -1571,13 +1607,14 @@ export namespace TelemetryKeysParams { /** * Comparison operator. String operators: includes, not_includes, starts_with, - * regex. Existence: exists, is_null. Set membership: in, not_in (comma-separated - * values). Numeric: eq, neq, gt, gte, lt, lte. + * ends_with, regex. Existence: exists, is_null. Set membership: in, not_in + * (comma-separated values). Numeric: eq, neq, gt, gte, lt, lte. */ operation: | 'includes' | 'not_includes' | 'starts_with' + | 'ends_with' | 'regex' | 'exists' | 'is_null' @@ -1602,7 +1639,8 @@ export namespace TelemetryKeysParams { | 'DOES_NOT_EXIST' | 'IN' | 'NOT_IN' - | 'STARTS_WITH'; + | 'STARTS_WITH' + | 'ENDS_WITH'; /** * Data type of the filter field. Must match the actual type of the key being @@ -1640,13 +1678,14 @@ export namespace TelemetryKeysParams { /** * Comparison operator. String operators: includes, not_includes, starts_with, - * regex. Existence: exists, is_null. Set membership: in, not_in (comma-separated - * values). Numeric: eq, neq, gt, gte, lt, lte. + * ends_with, regex. Existence: exists, is_null. Set membership: in, not_in + * (comma-separated values). Numeric: eq, neq, gt, gte, lt, lte. */ operation: | 'includes' | 'not_includes' | 'starts_with' + | 'ends_with' | 'regex' | 'exists' | 'is_null' @@ -1671,7 +1710,8 @@ export namespace TelemetryKeysParams { | 'DOES_NOT_EXIST' | 'IN' | 'NOT_IN' - | 'STARTS_WITH'; + | 'STARTS_WITH' + | 'ENDS_WITH'; /** * Data type of the filter field. Must match the actual type of the key being @@ -1908,7 +1948,7 @@ export namespace TelemetryQueryParams { export namespace Parameters { export interface Calculation { /** - * Aggregation operator to apply. Examples: count, avg, sum, min, max, p50, p90, + * Aggregation operator to apply. Examples: count, avg, sum, min, max, median, p90, * p95, p99, uniq, stddev, variance. */ operator: @@ -2001,13 +2041,14 @@ export namespace TelemetryQueryParams { /** * Comparison operator. String operators: includes, not_includes, starts_with, - * regex. Existence: exists, is_null. Set membership: in, not_in (comma-separated - * values). Numeric: eq, neq, gt, gte, lt, lte. + * ends_with, regex. Existence: exists, is_null. Set membership: in, not_in + * (comma-separated values). Numeric: eq, neq, gt, gte, lt, lte. */ operation: | 'includes' | 'not_includes' | 'starts_with' + | 'ends_with' | 'regex' | 'exists' | 'is_null' @@ -2032,7 +2073,8 @@ export namespace TelemetryQueryParams { | 'DOES_NOT_EXIST' | 'IN' | 'NOT_IN' - | 'STARTS_WITH'; + | 'STARTS_WITH' + | 'ENDS_WITH'; /** * Data type of the filter field. Must match the actual type of the key being @@ -2070,13 +2112,14 @@ export namespace TelemetryQueryParams { /** * Comparison operator. String operators: includes, not_includes, starts_with, - * regex. Existence: exists, is_null. Set membership: in, not_in (comma-separated - * values). Numeric: eq, neq, gt, gte, lt, lte. + * ends_with, regex. Existence: exists, is_null. Set membership: in, not_in + * (comma-separated values). Numeric: eq, neq, gt, gte, lt, lte. */ operation: | 'includes' | 'not_includes' | 'starts_with' + | 'ends_with' | 'regex' | 'exists' | 'is_null' @@ -2101,7 +2144,8 @@ export namespace TelemetryQueryParams { | 'DOES_NOT_EXIST' | 'IN' | 'NOT_IN' - | 'STARTS_WITH'; + | 'STARTS_WITH' + | 'ENDS_WITH'; /** * Data type of the filter field. Must match the actual type of the key being @@ -2275,13 +2319,14 @@ export namespace TelemetryValuesParams { /** * Comparison operator. String operators: includes, not_includes, starts_with, - * regex. Existence: exists, is_null. Set membership: in, not_in (comma-separated - * values). Numeric: eq, neq, gt, gte, lt, lte. + * ends_with, regex. Existence: exists, is_null. Set membership: in, not_in + * (comma-separated values). Numeric: eq, neq, gt, gte, lt, lte. */ operation: | 'includes' | 'not_includes' | 'starts_with' + | 'ends_with' | 'regex' | 'exists' | 'is_null' @@ -2306,7 +2351,8 @@ export namespace TelemetryValuesParams { | 'DOES_NOT_EXIST' | 'IN' | 'NOT_IN' - | 'STARTS_WITH'; + | 'STARTS_WITH' + | 'ENDS_WITH'; /** * Data type of the filter field. Must match the actual type of the key being @@ -2344,13 +2390,14 @@ export namespace TelemetryValuesParams { /** * Comparison operator. String operators: includes, not_includes, starts_with, - * regex. Existence: exists, is_null. Set membership: in, not_in (comma-separated - * values). Numeric: eq, neq, gt, gte, lt, lte. + * ends_with, regex. Existence: exists, is_null. Set membership: in, not_in + * (comma-separated values). Numeric: eq, neq, gt, gte, lt, lte. */ operation: | 'includes' | 'not_includes' | 'starts_with' + | 'ends_with' | 'regex' | 'exists' | 'is_null' @@ -2375,7 +2422,8 @@ export namespace TelemetryValuesParams { | 'DOES_NOT_EXIST' | 'IN' | 'NOT_IN' - | 'STARTS_WITH'; + | 'STARTS_WITH' + | 'ENDS_WITH'; /** * Data type of the filter field. Must match the actual type of the key being diff --git a/src/resources/workers/scripts/index.ts b/src/resources/workers/scripts/index.ts index 6fe0155b7b..35e774900a 100644 --- a/src/resources/workers/scripts/index.ts +++ b/src/resources/workers/scripts/index.ts @@ -48,10 +48,12 @@ export { type SecretUpdateResponse, type SecretListResponse, type SecretDeleteResponse, + type SecretBulkUpdateResponse, type SecretGetResponse, type SecretUpdateParams, type SecretListParams, type SecretDeleteParams, + type SecretBulkUpdateParams, type SecretGetParams, } from './secrets'; export { Settings, type SettingEditParams, type SettingGetParams } from './settings'; diff --git a/src/resources/workers/scripts/scripts.ts b/src/resources/workers/scripts/scripts.ts index ec05e43abb..e89ab5bd5d 100644 --- a/src/resources/workers/scripts/scripts.ts +++ b/src/resources/workers/scripts/scripts.ts @@ -34,6 +34,8 @@ import { } from './script-and-version-settings'; import * as SecretsAPI from './secrets'; import { + SecretBulkUpdateParams, + SecretBulkUpdateResponse, SecretDeleteParams, SecretDeleteResponse, SecretGetParams, @@ -3074,11 +3076,13 @@ export declare namespace Scripts { type SecretUpdateResponse as SecretUpdateResponse, type SecretListResponse as SecretListResponse, type SecretDeleteResponse as SecretDeleteResponse, + type SecretBulkUpdateResponse as SecretBulkUpdateResponse, type SecretGetResponse as SecretGetResponse, SecretListResponsesSinglePage as SecretListResponsesSinglePage, type SecretUpdateParams as SecretUpdateParams, type SecretListParams as SecretListParams, type SecretDeleteParams as SecretDeleteParams, + type SecretBulkUpdateParams as SecretBulkUpdateParams, type SecretGetParams as SecretGetParams, }; diff --git a/src/resources/workers/scripts/secrets.ts b/src/resources/workers/scripts/secrets.ts index 9424c75e35..e5d9f25d1d 100644 --- a/src/resources/workers/scripts/secrets.ts +++ b/src/resources/workers/scripts/secrets.ts @@ -89,6 +89,40 @@ export class Secrets extends APIResource { )._thenUnwrap((obj) => obj.result); } + /** + * Create, update, or delete multiple secrets on a script in a single operation + * using JSON Merge Patch (RFC 7396). + * + * Usage: + * + * - To create or update a secret, set its value to a secret object. + * - To delete a secret, set its value to `null`. + * - Secrets not included in the request are left unchanged. + * + * @example + * ```ts + * const response = + * await client.workers.scripts.secrets.bulkUpdate( + * 'this-is_my_script-01', + * { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + * ); + * ``` + */ + bulkUpdate( + scriptName: string, + params: SecretBulkUpdateParams, + options?: Core.RequestOptions, + ): Core.APIPromise { + const { account_id, ...body } = params; + return ( + this._client.patch(`/accounts/${account_id}/workers/scripts/${scriptName}/secrets-bulk`, { + body, + ...options, + headers: { 'Content-Type': 'application/merge-patch+json', ...options?.headers }, + }) as Core.APIPromise<{ result: SecretBulkUpdateResponse }> + )._thenUnwrap((obj) => obj.result); + } + /** * Get a given secret binding (value omitted) on a script. * @@ -227,6 +261,61 @@ export namespace SecretListResponse { export type SecretDeleteResponse = unknown; +/** + * Map of secret names to secret metadata for resulting secrets. + */ +export type SecretBulkUpdateResponse = { + [key: string]: + | SecretBulkUpdateResponse.WorkersBindingKindSecretText + | SecretBulkUpdateResponse.WorkersBindingKindSecretKey; +}; + +export namespace SecretBulkUpdateResponse { + export interface WorkersBindingKindSecretText { + /** + * A JavaScript variable name for the binding. + */ + name: string; + + /** + * The kind of resource that the binding provides. + */ + type: 'secret_text'; + } + + export interface WorkersBindingKindSecretKey { + /** + * Algorithm-specific key parameters. + * [Learn more](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey#algorithm). + */ + algorithm: unknown; + + /** + * Data format of the key. + * [Learn more](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey#format). + */ + format: 'raw' | 'pkcs8' | 'spki' | 'jwk'; + + /** + * A JavaScript variable name for the binding. + */ + name: string; + + /** + * The kind of resource that the binding provides. + */ + type: 'secret_key'; + + /** + * Allowed operations with the key. + * [Learn more](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey#keyUsages). + */ + usages: Array< + 'encrypt' | 'decrypt' | 'sign' | 'verify' | 'deriveKey' | 'deriveBits' | 'wrapKey' | 'unwrapKey' + >; + } +} + /** * A secret value accessible through a binding. */ @@ -377,6 +466,95 @@ export interface SecretDeleteParams { url_encoded?: boolean; } +export interface SecretBulkUpdateParams { + /** + * Path param: Identifier. + */ + account_id: string; + + /** + * Body param: Map of secret names to secret values: + * + * - Set to a secret object to create or update. + * - Set to `null` to delete. + * - Omit to leave unchanged. + */ + secrets?: { + [key: string]: + | SecretBulkUpdateParams.WorkersBindingKindSecretText + | SecretBulkUpdateParams.WorkersBindingKindSecretKey + | null; + }; + + /** + * Body param: Optional version tags to apply to the new script version. + */ + version_tags?: { [key: string]: unknown }; +} + +export namespace SecretBulkUpdateParams { + export interface WorkersBindingKindSecretText { + /** + * A JavaScript variable name for the binding. + */ + name: string; + + /** + * The secret value to use. + */ + text: string; + + /** + * The kind of resource that the binding provides. + */ + type: 'secret_text'; + } + + export interface WorkersBindingKindSecretKey { + /** + * Algorithm-specific key parameters. + * [Learn more](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey#algorithm). + */ + algorithm: unknown; + + /** + * Data format of the key. + * [Learn more](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey#format). + */ + format: 'raw' | 'pkcs8' | 'spki' | 'jwk'; + + /** + * A JavaScript variable name for the binding. + */ + name: string; + + /** + * The kind of resource that the binding provides. + */ + type: 'secret_key'; + + /** + * Allowed operations with the key. + * [Learn more](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey#keyUsages). + */ + usages: Array< + 'encrypt' | 'decrypt' | 'sign' | 'verify' | 'deriveKey' | 'deriveBits' | 'wrapKey' | 'unwrapKey' + >; + + /** + * Base64-encoded key data. Required if `format` is "raw", "pkcs8", or "spki". + */ + key_base64?: string; + + /** + * Key data in + * [JSON Web Key](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey#json_web_key) + * format. Required if `format` is "jwk". + */ + key_jwk?: unknown; + } +} + export interface SecretGetParams { /** * Path param: Identifier. @@ -396,11 +574,13 @@ export declare namespace Secrets { type SecretUpdateResponse as SecretUpdateResponse, type SecretListResponse as SecretListResponse, type SecretDeleteResponse as SecretDeleteResponse, + type SecretBulkUpdateResponse as SecretBulkUpdateResponse, type SecretGetResponse as SecretGetResponse, SecretListResponsesSinglePage as SecretListResponsesSinglePage, type SecretUpdateParams as SecretUpdateParams, type SecretListParams as SecretListParams, type SecretDeleteParams as SecretDeleteParams, + type SecretBulkUpdateParams as SecretBulkUpdateParams, type SecretGetParams as SecretGetParams, }; } diff --git a/tests/api-resources/workers/observability/queries.test.ts b/tests/api-resources/workers/observability/queries.test.ts new file mode 100644 index 0000000000..2ae40beaa6 --- /dev/null +++ b/tests/api-resources/workers/observability/queries.test.ts @@ -0,0 +1,93 @@ +// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. + +import Cloudflare from 'cloudflare'; +import { Response } from 'node-fetch'; + +const client = new Cloudflare({ + apiKey: '144c9defac04969c7bfad8efaa8ea194', + apiEmail: 'user@example.com', + baseURL: process.env['TEST_API_BASE_URL'] ?? 'http://127.0.0.1:4010', +}); + +describe('resource queries', () => { + // HTTP 422 error from prism + test.skip('create: only required params', async () => { + const responsePromise = client.workers.observability.queries.create({ + account_id: 'account_id', + description: 'Query description', + name: 'x', + parameters: {}, + }); + const rawResponse = await responsePromise.asResponse(); + expect(rawResponse).toBeInstanceOf(Response); + const response = await responsePromise; + expect(response).not.toBeInstanceOf(Response); + const dataAndResponse = await responsePromise.withResponse(); + expect(dataAndResponse.data).toBe(response); + expect(dataAndResponse.response).toBe(rawResponse); + }); + + // HTTP 422 error from prism + test.skip('create: required and optional params', async () => { + const response = await client.workers.observability.queries.create({ + account_id: 'account_id', + description: 'Query description', + name: 'x', + parameters: { + calculations: [ + { + operator: 'uniq', + alias: 'alias', + key: 'key', + keyType: 'string', + }, + ], + datasets: ['string'], + filterCombination: 'and', + filters: [ + { + filterCombination: 'and', + filters: [{}], + kind: 'group', + }, + ], + groupBys: [{ type: 'string', value: 'value' }], + havings: [ + { + key: 'key', + operation: 'eq', + value: 0, + }, + ], + limit: 0, + needle: { + value: 'string', + isRegex: true, + matchCase: true, + }, + orderBy: { value: 'value', order: 'asc' }, + }, + }); + }); + + test('list: only required params', async () => { + const responsePromise = client.workers.observability.queries.list({ account_id: 'account_id' }); + const rawResponse = await responsePromise.asResponse(); + expect(rawResponse).toBeInstanceOf(Response); + const response = await responsePromise; + expect(response).not.toBeInstanceOf(Response); + const dataAndResponse = await responsePromise.withResponse(); + expect(dataAndResponse.data).toBe(response); + expect(dataAndResponse.response).toBe(rawResponse); + }); + + test('list: required and optional params', async () => { + const response = await client.workers.observability.queries.list({ + account_id: 'account_id', + order: 'asc', + orderBy: 'created', + page: 1, + perPage: 5, + }); + }); +}); diff --git a/tests/api-resources/workers/scripts/secrets.test.ts b/tests/api-resources/workers/scripts/secrets.test.ts index 7c2fab8946..f3cceadfe1 100644 --- a/tests/api-resources/workers/scripts/secrets.test.ts +++ b/tests/api-resources/workers/scripts/secrets.test.ts @@ -74,6 +74,33 @@ describe('resource secrets', () => { }); }); + test('bulkUpdate: only required params', async () => { + const responsePromise = client.workers.scripts.secrets.bulkUpdate('this-is_my_script-01', { + account_id: '023e105f4ecef8ad9ca31a8372d0c353', + }); + const rawResponse = await responsePromise.asResponse(); + expect(rawResponse).toBeInstanceOf(Response); + const response = await responsePromise; + expect(response).not.toBeInstanceOf(Response); + const dataAndResponse = await responsePromise.withResponse(); + expect(dataAndResponse.data).toBe(response); + expect(dataAndResponse.response).toBe(rawResponse); + }); + + test('bulkUpdate: required and optional params', async () => { + const response = await client.workers.scripts.secrets.bulkUpdate('this-is_my_script-01', { + account_id: '023e105f4ecef8ad9ca31a8372d0c353', + secrets: { + foo: { + name: 'myBinding', + text: 'My secret.', + type: 'secret_text', + }, + }, + version_tags: { foo: 'bar' }, + }); + }); + test('get: only required params', async () => { const responsePromise = client.workers.scripts.secrets.get('this-is_my_script-01', 'mySecret', { account_id: '023e105f4ecef8ad9ca31a8372d0c353', From 840cea9310ae4b9744e98ff13c57061c173e188e Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Tue, 19 May 2026 11:14:56 -0700 Subject: [PATCH 15/19] feat(workers-for-platforms): add scripts.secrets.bulkUpdate --- src/resources/workers-for-platforms/api.md | 2 + .../dispatch/namespaces/scripts/index.ts | 2 + .../dispatch/namespaces/scripts/scripts.ts | 4 + .../dispatch/namespaces/scripts/secrets.ts | 185 ++++++++++++++++++ .../namespaces/scripts/secrets.test.ts | 33 ++++ 5 files changed, 226 insertions(+) diff --git a/src/resources/workers-for-platforms/api.md b/src/resources/workers-for-platforms/api.md index 756db453a4..d769cbb860 100644 --- a/src/resources/workers-for-platforms/api.md +++ b/src/resources/workers-for-platforms/api.md @@ -78,6 +78,7 @@ Types: - SecretUpdateResponse - SecretListResponse - SecretDeleteResponse +- SecretBulkUpdateResponse - SecretGetResponse Methods: @@ -85,6 +86,7 @@ Methods: - client.workersForPlatforms.dispatch.namespaces.scripts.secrets.update(dispatchNamespace, scriptName, { ...params }) -> SecretUpdateResponse - client.workersForPlatforms.dispatch.namespaces.scripts.secrets.list(dispatchNamespace, scriptName, { ...params }) -> SecretListResponsesSinglePage - client.workersForPlatforms.dispatch.namespaces.scripts.secrets.delete(dispatchNamespace, scriptName, secretName, { ...params }) -> SecretDeleteResponse | null +- client.workersForPlatforms.dispatch.namespaces.scripts.secrets.bulkUpdate(dispatchNamespace, scriptName, { ...params }) -> SecretBulkUpdateResponse - client.workersForPlatforms.dispatch.namespaces.scripts.secrets.get(dispatchNamespace, scriptName, secretName, { ...params }) -> SecretGetResponse ##### Tags diff --git a/src/resources/workers-for-platforms/dispatch/namespaces/scripts/index.ts b/src/resources/workers-for-platforms/dispatch/namespaces/scripts/index.ts index 78fc5df264..63d84051e2 100644 --- a/src/resources/workers-for-platforms/dispatch/namespaces/scripts/index.ts +++ b/src/resources/workers-for-platforms/dispatch/namespaces/scripts/index.ts @@ -23,10 +23,12 @@ export { type SecretUpdateResponse, type SecretListResponse, type SecretDeleteResponse, + type SecretBulkUpdateResponse, type SecretGetResponse, type SecretUpdateParams, type SecretListParams, type SecretDeleteParams, + type SecretBulkUpdateParams, type SecretGetParams, } from './secrets'; export { diff --git a/src/resources/workers-for-platforms/dispatch/namespaces/scripts/scripts.ts b/src/resources/workers-for-platforms/dispatch/namespaces/scripts/scripts.ts index 9294723945..90b84a0bc8 100644 --- a/src/resources/workers-for-platforms/dispatch/namespaces/scripts/scripts.ts +++ b/src/resources/workers-for-platforms/dispatch/namespaces/scripts/scripts.ts @@ -13,6 +13,8 @@ import * as ContentAPI from './content'; import { Content, ContentGetParams, ContentUpdateParams } from './content'; import * as SecretsAPI from './secrets'; import { + SecretBulkUpdateParams, + SecretBulkUpdateResponse, SecretDeleteParams, SecretDeleteResponse, SecretGetParams, @@ -1895,11 +1897,13 @@ export declare namespace Scripts { type SecretUpdateResponse as SecretUpdateResponse, type SecretListResponse as SecretListResponse, type SecretDeleteResponse as SecretDeleteResponse, + type SecretBulkUpdateResponse as SecretBulkUpdateResponse, type SecretGetResponse as SecretGetResponse, SecretListResponsesSinglePage as SecretListResponsesSinglePage, type SecretUpdateParams as SecretUpdateParams, type SecretListParams as SecretListParams, type SecretDeleteParams as SecretDeleteParams, + type SecretBulkUpdateParams as SecretBulkUpdateParams, type SecretGetParams as SecretGetParams, }; diff --git a/src/resources/workers-for-platforms/dispatch/namespaces/scripts/secrets.ts b/src/resources/workers-for-platforms/dispatch/namespaces/scripts/secrets.ts index 2dc200282a..00dc55c40a 100644 --- a/src/resources/workers-for-platforms/dispatch/namespaces/scripts/secrets.ts +++ b/src/resources/workers-for-platforms/dispatch/namespaces/scripts/secrets.ts @@ -97,6 +97,45 @@ export class Secrets extends APIResource { )._thenUnwrap((obj) => obj.result); } + /** + * Create, update, or delete multiple secrets on a script in a single operation + * using JSON Merge Patch (RFC 7396). + * + * Usage: + * + * - To create or update a secret, set its value to a secret object. + * - To delete a secret, set its value to `null`. + * - Secrets not included in the request are left unchanged. + * + * @example + * ```ts + * const response = + * await client.workersForPlatforms.dispatch.namespaces.scripts.secrets.bulkUpdate( + * 'my-dispatch-namespace', + * 'this-is_my_script-01', + * { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + * ); + * ``` + */ + bulkUpdate( + dispatchNamespace: string, + scriptName: string, + params: SecretBulkUpdateParams, + options?: Core.RequestOptions, + ): Core.APIPromise { + const { account_id, ...body } = params; + return ( + this._client.patch( + `/accounts/${account_id}/workers/dispatch/namespaces/${dispatchNamespace}/scripts/${scriptName}/secrets-bulk`, + { + body, + ...options, + headers: { 'Content-Type': 'application/merge-patch+json', ...options?.headers }, + }, + ) as Core.APIPromise<{ result: SecretBulkUpdateResponse }> + )._thenUnwrap((obj) => obj.result); + } + /** * Get a given secret binding (value omitted) on a script uploaded to a Workers for * Platforms namespace. @@ -239,6 +278,61 @@ export namespace SecretListResponse { export type SecretDeleteResponse = unknown; +/** + * Map of secret names to secret metadata for resulting secrets. + */ +export type SecretBulkUpdateResponse = { + [key: string]: + | SecretBulkUpdateResponse.WorkersBindingKindSecretText + | SecretBulkUpdateResponse.WorkersBindingKindSecretKey; +}; + +export namespace SecretBulkUpdateResponse { + export interface WorkersBindingKindSecretText { + /** + * A JavaScript variable name for the binding. + */ + name: string; + + /** + * The kind of resource that the binding provides. + */ + type: 'secret_text'; + } + + export interface WorkersBindingKindSecretKey { + /** + * Algorithm-specific key parameters. + * [Learn more](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey#algorithm). + */ + algorithm: unknown; + + /** + * Data format of the key. + * [Learn more](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey#format). + */ + format: 'raw' | 'pkcs8' | 'spki' | 'jwk'; + + /** + * A JavaScript variable name for the binding. + */ + name: string; + + /** + * The kind of resource that the binding provides. + */ + type: 'secret_key'; + + /** + * Allowed operations with the key. + * [Learn more](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey#keyUsages). + */ + usages: Array< + 'encrypt' | 'decrypt' | 'sign' | 'verify' | 'deriveKey' | 'deriveBits' | 'wrapKey' | 'unwrapKey' + >; + } +} + /** * A secret value accessible through a binding. */ @@ -389,6 +483,95 @@ export interface SecretDeleteParams { url_encoded?: boolean; } +export interface SecretBulkUpdateParams { + /** + * Path param: Identifier. + */ + account_id: string; + + /** + * Body param: Map of secret names to secret values: + * + * - Set to a secret object to create or update. + * - Set to `null` to delete. + * - Omit to leave unchanged. + */ + secrets?: { + [key: string]: + | SecretBulkUpdateParams.WorkersBindingKindSecretText + | SecretBulkUpdateParams.WorkersBindingKindSecretKey + | null; + }; + + /** + * Body param: Optional version tags to apply to the new script version. + */ + version_tags?: { [key: string]: unknown }; +} + +export namespace SecretBulkUpdateParams { + export interface WorkersBindingKindSecretText { + /** + * A JavaScript variable name for the binding. + */ + name: string; + + /** + * The secret value to use. + */ + text: string; + + /** + * The kind of resource that the binding provides. + */ + type: 'secret_text'; + } + + export interface WorkersBindingKindSecretKey { + /** + * Algorithm-specific key parameters. + * [Learn more](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey#algorithm). + */ + algorithm: unknown; + + /** + * Data format of the key. + * [Learn more](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey#format). + */ + format: 'raw' | 'pkcs8' | 'spki' | 'jwk'; + + /** + * A JavaScript variable name for the binding. + */ + name: string; + + /** + * The kind of resource that the binding provides. + */ + type: 'secret_key'; + + /** + * Allowed operations with the key. + * [Learn more](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey#keyUsages). + */ + usages: Array< + 'encrypt' | 'decrypt' | 'sign' | 'verify' | 'deriveKey' | 'deriveBits' | 'wrapKey' | 'unwrapKey' + >; + + /** + * Base64-encoded key data. Required if `format` is "raw", "pkcs8", or "spki". + */ + key_base64?: string; + + /** + * Key data in + * [JSON Web Key](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey#json_web_key) + * format. Required if `format` is "jwk". + */ + key_jwk?: unknown; + } +} + export interface SecretGetParams { /** * Path param: Identifier. @@ -408,11 +591,13 @@ export declare namespace Secrets { type SecretUpdateResponse as SecretUpdateResponse, type SecretListResponse as SecretListResponse, type SecretDeleteResponse as SecretDeleteResponse, + type SecretBulkUpdateResponse as SecretBulkUpdateResponse, type SecretGetResponse as SecretGetResponse, SecretListResponsesSinglePage as SecretListResponsesSinglePage, type SecretUpdateParams as SecretUpdateParams, type SecretListParams as SecretListParams, type SecretDeleteParams as SecretDeleteParams, + type SecretBulkUpdateParams as SecretBulkUpdateParams, type SecretGetParams as SecretGetParams, }; } diff --git a/tests/api-resources/workers-for-platforms/dispatch/namespaces/scripts/secrets.test.ts b/tests/api-resources/workers-for-platforms/dispatch/namespaces/scripts/secrets.test.ts index 4010149999..36a3f1ede0 100644 --- a/tests/api-resources/workers-for-platforms/dispatch/namespaces/scripts/secrets.test.ts +++ b/tests/api-resources/workers-for-platforms/dispatch/namespaces/scripts/secrets.test.ts @@ -91,6 +91,39 @@ describe('resource secrets', () => { ); }); + test('bulkUpdate: only required params', async () => { + const responsePromise = client.workersForPlatforms.dispatch.namespaces.scripts.secrets.bulkUpdate( + 'my-dispatch-namespace', + 'this-is_my_script-01', + { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + ); + const rawResponse = await responsePromise.asResponse(); + expect(rawResponse).toBeInstanceOf(Response); + const response = await responsePromise; + expect(response).not.toBeInstanceOf(Response); + const dataAndResponse = await responsePromise.withResponse(); + expect(dataAndResponse.data).toBe(response); + expect(dataAndResponse.response).toBe(rawResponse); + }); + + test('bulkUpdate: required and optional params', async () => { + const response = await client.workersForPlatforms.dispatch.namespaces.scripts.secrets.bulkUpdate( + 'my-dispatch-namespace', + 'this-is_my_script-01', + { + account_id: '023e105f4ecef8ad9ca31a8372d0c353', + secrets: { + foo: { + name: 'myBinding', + text: 'My secret.', + type: 'secret_text', + }, + }, + version_tags: { foo: 'bar' }, + }, + ); + }); + test('get: only required params', async () => { const responsePromise = client.workersForPlatforms.dispatch.namespaces.scripts.secrets.get( 'my-dispatch-namespace', From 4d7578567d8b94c6466bacf75357a2f049b839b0 Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Tue, 19 May 2026 11:14:56 -0700 Subject: [PATCH 16/19] feat(zero-trust): add saml-certificates resource --- src/resources/zero-trust/access/access.ts | 29 + src/resources/zero-trust/access/index.ts | 11 + .../zero-trust/access/saml-certificates.ts | 343 +++ src/resources/zero-trust/api.md | 25 + .../zero-trust/devices/posture/posture.ts | 12 + .../identity-providers/identity-providers.ts | 2474 ++++++++++++++++- .../zero-trust/identity-providers/index.ts | 5 + .../identity-providers/saml-certificate.ts | 119 + .../access/saml-certificates.test.ts | 90 + .../identity-providers.test.ts | 2 + .../saml-certificate.test.ts | 35 + 11 files changed, 3132 insertions(+), 13 deletions(-) create mode 100644 src/resources/zero-trust/access/saml-certificates.ts create mode 100644 src/resources/zero-trust/identity-providers/saml-certificate.ts create mode 100644 tests/api-resources/zero-trust/access/saml-certificates.test.ts create mode 100644 tests/api-resources/zero-trust/identity-providers/saml-certificate.test.ts diff --git a/src/resources/zero-trust/access/access.ts b/src/resources/zero-trust/access/access.ts index f6364bb7b2..a7e9049fe3 100644 --- a/src/resources/zero-trust/access/access.ts +++ b/src/resources/zero-trust/access/access.ts @@ -80,6 +80,18 @@ import { PolicyUpdateParams, PolicyUpdateResponse, } from './policies'; +import * as SAMLCertificatesAPI from './saml-certificates'; +import { + SAMLCertificateGetParams, + SAMLCertificateGetPemParams, + SAMLCertificateGetResponse, + SAMLCertificateListParams, + SAMLCertificateListResponse, + SAMLCertificateListResponsesV4PagePaginationArray, + SAMLCertificateRotateParams, + SAMLCertificateRotateResponse, + SAMLCertificates, +} from './saml-certificates'; import * as ServiceTokensAPI from './service-tokens'; import { ServiceToken, @@ -182,6 +194,9 @@ import { export class Access extends APIResource { aiControls: AIControlsAPI.AIControls = new AIControlsAPI.AIControls(this._client); gatewayCA: GatewayCAAPI.GatewayCA = new GatewayCAAPI.GatewayCA(this._client); + samlCertificates: SAMLCertificatesAPI.SAMLCertificates = new SAMLCertificatesAPI.SAMLCertificates( + this._client, + ); infrastructure: InfrastructureAPI.Infrastructure = new InfrastructureAPI.Infrastructure(this._client); applications: ApplicationsAPI.Applications = new ApplicationsAPI.Applications(this._client); certificates: CertificatesAPI.Certificates = new CertificatesAPI.Certificates(this._client); @@ -199,6 +214,8 @@ export class Access extends APIResource { Access.AIControls = AIControls; Access.GatewayCA = GatewayCA; Access.GatewayCAListResponsesSinglePage = GatewayCAListResponsesSinglePage; +Access.SAMLCertificates = SAMLCertificates; +Access.SAMLCertificateListResponsesV4PagePaginationArray = SAMLCertificateListResponsesV4PagePaginationArray; Access.Infrastructure = Infrastructure; Access.Applications = Applications; Access.ApplicationListResponsesV4PagePaginationArray = ApplicationListResponsesV4PagePaginationArray; @@ -235,6 +252,18 @@ export declare namespace Access { type GatewayCADeleteParams as GatewayCADeleteParams, }; + export { + SAMLCertificates as SAMLCertificates, + type SAMLCertificateListResponse as SAMLCertificateListResponse, + type SAMLCertificateGetResponse as SAMLCertificateGetResponse, + type SAMLCertificateRotateResponse as SAMLCertificateRotateResponse, + SAMLCertificateListResponsesV4PagePaginationArray as SAMLCertificateListResponsesV4PagePaginationArray, + type SAMLCertificateListParams as SAMLCertificateListParams, + type SAMLCertificateGetParams as SAMLCertificateGetParams, + type SAMLCertificateGetPemParams as SAMLCertificateGetPemParams, + type SAMLCertificateRotateParams as SAMLCertificateRotateParams, + }; + export { Infrastructure as Infrastructure }; export { diff --git a/src/resources/zero-trust/access/index.ts b/src/resources/zero-trust/access/index.ts index 13a0ebe9d9..6b7fbd80d5 100644 --- a/src/resources/zero-trust/access/index.ts +++ b/src/resources/zero-trust/access/index.ts @@ -125,6 +125,17 @@ export { type PolicyDeleteParams, type PolicyGetParams, } from './policies'; +export { + SAMLCertificateListResponsesV4PagePaginationArray, + SAMLCertificates, + type SAMLCertificateListResponse, + type SAMLCertificateGetResponse, + type SAMLCertificateRotateResponse, + type SAMLCertificateListParams, + type SAMLCertificateGetParams, + type SAMLCertificateGetPemParams, + type SAMLCertificateRotateParams, +} from './saml-certificates'; export { ServiceTokensV4PagePaginationArray, ServiceTokens, diff --git a/src/resources/zero-trust/access/saml-certificates.ts b/src/resources/zero-trust/access/saml-certificates.ts new file mode 100644 index 0000000000..5b2615f771 --- /dev/null +++ b/src/resources/zero-trust/access/saml-certificates.ts @@ -0,0 +1,343 @@ +// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. + +import { APIResource } from '../../../resource'; +import * as Core from '../../../core'; +import { V4PagePaginationArray, type V4PagePaginationArrayParams } from '../../../pagination'; +import { type Response } from '../../../_shims/index'; + +export class SAMLCertificates extends APIResource { + /** + * Returns a paginated list of the organization's SAML encryption certificate sets. + * Each certificate set includes the current and (if present) previous + * certificates. + * + * @example + * ```ts + * // Automatically fetches more pages as needed. + * for await (const samlCertificateListResponse of client.zeroTrust.access.samlCertificates.list( + * { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + * )) { + * // ... + * } + * ``` + */ + list( + params: SAMLCertificateListParams, + options?: Core.RequestOptions, + ): Core.PagePromise { + const { account_id, ...query } = params; + return this._client.getAPIList( + `/accounts/${account_id}/access/saml_certificates`, + SAMLCertificateListResponsesV4PagePaginationArray, + { query, ...options }, + ); + } + + /** + * Retrieves a specific SAML encryption certificate set by its UID, including both + * current and previous certificates if available. + * + * @example + * ```ts + * const samlCertificate = + * await client.zeroTrust.access.samlCertificates.get( + * 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', + * { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + * ); + * ``` + */ + get( + samlCERTSetId: string, + params: SAMLCertificateGetParams, + options?: Core.RequestOptions, + ): Core.APIPromise { + const { account_id } = params; + return ( + this._client.get( + `/accounts/${account_id}/access/saml_certificates/${samlCERTSetId}`, + options, + ) as Core.APIPromise<{ result: SAMLCertificateGetResponse }> + )._thenUnwrap((obj) => obj.result); + } + + /** + * Downloads the current SAML encryption certificate's public key in PEM format for + * the specified certificate set. This endpoint is useful for providing the + * certificate to Identity Providers for SAML assertion encryption configuration. + * + * @example + * ```ts + * const response = + * await client.zeroTrust.access.samlCertificates.getPem( + * 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', + * { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + * ); + * + * const content = await response.blob(); + * console.log(content); + * ``` + */ + getPem( + samlCERTSetId: string, + params: SAMLCertificateGetPemParams, + options?: Core.RequestOptions, + ): Core.APIPromise { + const { account_id } = params; + return this._client.get(`/accounts/${account_id}/access/saml_certificates/${samlCERTSetId}/pem`, { + ...options, + headers: { Accept: 'application/x-pem-file', ...options?.headers }, + __binaryResponse: true, + }); + } + + /** + * Rotates the SAML encryption certificates within the specified certificate set. + * This generates a new certificate and moves the current certificate to the + * previous slot. If a previous certificate exists, it will be deactivated and + * removed. + * + * This endpoint ensures zero-downtime rotation by maintaining both current and + * previous certificates during the transition period, allowing IdPs time to update + * their configurations. Automated rotation happens 30 days before a current + * certificate's expiration. + * + * @example + * ```ts + * const response = + * await client.zeroTrust.access.samlCertificates.rotate( + * 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', + * { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + * ); + * ``` + */ + rotate( + samlCERTSetId: string, + params: SAMLCertificateRotateParams, + options?: Core.RequestOptions, + ): Core.APIPromise { + const { account_id } = params; + return ( + this._client.post( + `/accounts/${account_id}/access/saml_certificates/${samlCERTSetId}/rotate`, + options, + ) as Core.APIPromise<{ result: SAMLCertificateRotateResponse }> + )._thenUnwrap((obj) => obj.result); + } +} + +export class SAMLCertificateListResponsesV4PagePaginationArray extends V4PagePaginationArray {} + +export interface SAMLCertificateListResponse { + /** + * When the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * When the certificate set was last updated + */ + updated_at: string; + + /** + * The current active certificate + */ + current_certificate?: SAMLCertificateListResponse.CurrentCertificate; + + /** + * The previous certificate (maintained during rotation period). May be null when + * no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; +} + +export namespace SAMLCertificateListResponse { + /** + * The current active certificate + */ + export interface CurrentCertificate { + /** + * Indicates whether the certificate can be used for IdP configuration. + */ + is_current: boolean; + + /** + * Certificate expiration date + */ + not_after: string; + + /** + * The public certificate in PEM format + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } +} + +export interface SAMLCertificateGetResponse { + /** + * When the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * When the certificate set was last updated + */ + updated_at: string; + + /** + * The current active certificate + */ + current_certificate?: SAMLCertificateGetResponse.CurrentCertificate; + + /** + * The previous certificate (maintained during rotation period). May be null when + * no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; +} + +export namespace SAMLCertificateGetResponse { + /** + * The current active certificate + */ + export interface CurrentCertificate { + /** + * Indicates whether the certificate can be used for IdP configuration. + */ + is_current: boolean; + + /** + * Certificate expiration date + */ + not_after: string; + + /** + * The public certificate in PEM format + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } +} + +export interface SAMLCertificateRotateResponse { + /** + * When the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * When the certificate set was last updated + */ + updated_at: string; + + /** + * The current active certificate + */ + current_certificate?: SAMLCertificateRotateResponse.CurrentCertificate; + + /** + * The previous certificate (maintained during rotation period). May be null when + * no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; +} + +export namespace SAMLCertificateRotateResponse { + /** + * The current active certificate + */ + export interface CurrentCertificate { + /** + * Indicates whether the certificate can be used for IdP configuration. + */ + is_current: boolean; + + /** + * Certificate expiration date + */ + not_after: string; + + /** + * The public certificate in PEM format + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } +} + +export interface SAMLCertificateListParams extends V4PagePaginationArrayParams { + /** + * Path param: Identifier. + */ + account_id: string; + + /** + * Query param: Filter by SAML certificate set UID. Accepts a comma-separated list + * of UIDs. + */ + id?: string; +} + +export interface SAMLCertificateGetParams { + /** + * Identifier. + */ + account_id: string; +} + +export interface SAMLCertificateGetPemParams { + /** + * Identifier. + */ + account_id: string; +} + +export interface SAMLCertificateRotateParams { + /** + * Identifier. + */ + account_id: string; +} + +SAMLCertificates.SAMLCertificateListResponsesV4PagePaginationArray = + SAMLCertificateListResponsesV4PagePaginationArray; + +export declare namespace SAMLCertificates { + export { + type SAMLCertificateListResponse as SAMLCertificateListResponse, + type SAMLCertificateGetResponse as SAMLCertificateGetResponse, + type SAMLCertificateRotateResponse as SAMLCertificateRotateResponse, + SAMLCertificateListResponsesV4PagePaginationArray as SAMLCertificateListResponsesV4PagePaginationArray, + type SAMLCertificateListParams as SAMLCertificateListParams, + type SAMLCertificateGetParams as SAMLCertificateGetParams, + type SAMLCertificateGetPemParams as SAMLCertificateGetPemParams, + type SAMLCertificateRotateParams as SAMLCertificateRotateParams, + }; +} diff --git a/src/resources/zero-trust/api.md b/src/resources/zero-trust/api.md index 495a10ec2a..51b142f951 100644 --- a/src/resources/zero-trust/api.md +++ b/src/resources/zero-trust/api.md @@ -344,6 +344,16 @@ Methods: - client.zeroTrust.identityProviders.scim.users.list(identityProviderId, { ...params }) -> AccessUsersV4PagePaginationArray +### SAMLCertificate + +Types: + +- SAMLCertificateCreateResponse + +Methods: + +- client.zeroTrust.identityProviders.samlCertificate.create(identityProviderId, { ...params }) -> SAMLCertificateCreateResponse + ## Organizations Types: @@ -439,6 +449,21 @@ Methods: - client.zeroTrust.access.gatewayCA.list({ ...params }) -> GatewayCAListResponsesSinglePage - client.zeroTrust.access.gatewayCA.delete(certificateId, { ...params }) -> GatewayCADeleteResponse +### SAMLCertificates + +Types: + +- SAMLCertificateListResponse +- SAMLCertificateGetResponse +- SAMLCertificateRotateResponse + +Methods: + +- client.zeroTrust.access.samlCertificates.list({ ...params }) -> SAMLCertificateListResponsesV4PagePaginationArray +- client.zeroTrust.access.samlCertificates.get(samlCERTSetId, { ...params }) -> SAMLCertificateGetResponse +- client.zeroTrust.access.samlCertificates.getPem(samlCERTSetId, { ...params }) -> Response +- client.zeroTrust.access.samlCertificates.rotate(samlCERTSetId, { ...params }) -> SAMLCertificateRotateResponse + ### Infrastructure #### Targets diff --git a/src/resources/zero-trust/devices/posture/posture.ts b/src/resources/zero-trust/devices/posture/posture.ts index 62f840d8b0..851b9c35e4 100644 --- a/src/resources/zero-trust/devices/posture/posture.ts +++ b/src/resources/zero-trust/devices/posture/posture.ts @@ -811,6 +811,12 @@ export interface KolideInput { */ connection_id: string; + /** + * The set of Kolide device authentication states that pass the posture check. + * Device must match one of the specified states. + */ + auth_state?: Array<'Good' | 'Notified' | 'Will Block' | 'Blocked'>; + /** * Count Operator. */ @@ -828,6 +834,12 @@ export interface KolideInputParam { */ connection_id: string; + /** + * The set of Kolide device authentication states that pass the posture check. + * Device must match one of the specified states. + */ + auth_state?: Array<'Good' | 'Notified' | 'Will Block' | 'Blocked'>; + /** * Count Operator. */ diff --git a/src/resources/zero-trust/identity-providers/identity-providers.ts b/src/resources/zero-trust/identity-providers/identity-providers.ts index b2ee02a43d..33253718a6 100644 --- a/src/resources/zero-trust/identity-providers/identity-providers.ts +++ b/src/resources/zero-trust/identity-providers/identity-providers.ts @@ -4,6 +4,12 @@ import { APIResource } from '../../../resource'; import { isRequestOptions } from '../../../core'; import * as Core from '../../../core'; import * as IdentityProvidersAPI from './identity-providers'; +import * as SAMLCertificateAPI from './saml-certificate'; +import { + SAMLCertificate, + SAMLCertificateCreateParams, + SAMLCertificateCreateResponse, +} from './saml-certificate'; import * as SCIMAPI from './scim/scim'; import { SCIM } from './scim/scim'; import { CloudflareError } from '../../../error'; @@ -11,6 +17,7 @@ import { V4PagePaginationArray, type V4PagePaginationArrayParams } from '../../. export class IdentityProviders extends APIResource { scim: SCIMAPI.SCIM = new SCIMAPI.SCIM(this._client); + samlCertificate: SAMLCertificateAPI.SAMLCertificate = new SAMLCertificateAPI.SAMLCertificate(this._client); /** * Adds a new identity provider to Access. @@ -286,6 +293,21 @@ export interface AzureAD { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AzureAD.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -347,6 +369,68 @@ export namespace AzureAD { */ support_groups?: boolean; } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } } export interface AzureADParam { @@ -369,6 +453,14 @@ export interface AzureADParam { */ type: IdentityProviderTypeParam; + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -498,6 +590,21 @@ export namespace IdentityProvider { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessCentrify.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -542,6 +649,68 @@ export namespace IdentityProvider { */ email_claim_name?: string; } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } } export interface AccessFacebook { @@ -569,6 +738,21 @@ export namespace IdentityProvider { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessFacebook.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -576,6 +760,70 @@ export namespace IdentityProvider { scim_config?: IdentityProvidersAPI.IdentityProviderSCIMConfig; } + export namespace AccessFacebook { + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } + } + export interface AccessGitHub { /** * The configuration parameters for the identity provider. To view the required @@ -601,6 +849,21 @@ export namespace IdentityProvider { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessGitHub.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -608,6 +871,70 @@ export namespace IdentityProvider { scim_config?: IdentityProvidersAPI.IdentityProviderSCIMConfig; } + export namespace AccessGitHub { + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } + } + export interface AccessGoogle { /** * The configuration parameters for the identity provider. To view the required @@ -633,6 +960,21 @@ export namespace IdentityProvider { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessGoogle.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -667,6 +1009,68 @@ export namespace IdentityProvider { */ email_claim_name?: string; } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } } export interface AccessGoogleApps { @@ -694,6 +1098,21 @@ export namespace IdentityProvider { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessGoogleApps.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -733,6 +1152,68 @@ export namespace IdentityProvider { */ email_claim_name?: string; } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } } export interface AccessLinkedin { @@ -760,6 +1241,21 @@ export namespace IdentityProvider { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessLinkedin.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -767,13 +1263,77 @@ export namespace IdentityProvider { scim_config?: IdentityProvidersAPI.IdentityProviderSCIMConfig; } - export interface AccessOIDC { + export namespace AccessLinkedin { /** - * The configuration parameters for the identity provider. To view the required - * parameters for a specific provider, refer to our - * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. */ - config: AccessOIDC.Config; + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } + } + + export interface AccessOIDC { + /** + * The configuration parameters for the identity provider. To view the required + * parameters for a specific provider, refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + config: AccessOIDC.Config; /** * The name of the identity provider, shown to users on the login page. @@ -792,6 +1352,21 @@ export namespace IdentityProvider { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessOIDC.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -851,6 +1426,68 @@ export namespace IdentityProvider { */ token_url?: string; } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } } export interface AccessOkta { @@ -878,6 +1515,21 @@ export namespace IdentityProvider { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessOkta.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -922,6 +1574,68 @@ export namespace IdentityProvider { */ okta_account?: string; } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } } export interface AccessOnelogin { @@ -949,6 +1663,21 @@ export namespace IdentityProvider { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessOnelogin.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -988,6 +1717,68 @@ export namespace IdentityProvider { */ onelogin_account?: string; } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } } export interface AccessPingone { @@ -1015,6 +1806,21 @@ export namespace IdentityProvider { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessPingone.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -1054,6 +1860,68 @@ export namespace IdentityProvider { */ ping_env_id?: string; } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } } export interface AccessSAML { @@ -1081,6 +1949,21 @@ export namespace IdentityProvider { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessSAML.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -1106,6 +1989,22 @@ export namespace IdentityProvider { */ email_attribute_name?: string; + /** + * Enable SAML assertion encryption. When enabled, the Identity Provider will + * encrypt SAML assertions using the certificate from the assigned certificate set. + * + * To enable encryption: + * + * 1. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate` + * 2. Set this field to `true` and include `saml_certificate_set_id` in the PUT + * request + * 3. Configure the public certificate in your external Identity Provider + * + * Note: Requires `saml_certificate_set_id` to be set when `true`. + */ + enable_encryption?: boolean; + /** * Add a list of attribute names that will be returned in the response header from * the Access callback. @@ -1147,6 +2046,68 @@ export namespace IdentityProvider { header_name?: string; } } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } } export interface AccessYandex { @@ -1174,6 +2135,21 @@ export namespace IdentityProvider { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessYandex.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -1181,13 +2157,77 @@ export namespace IdentityProvider { scim_config?: IdentityProvidersAPI.IdentityProviderSCIMConfig; } - export interface AccessOnetimepin { + export namespace AccessYandex { /** - * The configuration parameters for the identity provider. To view the required - * parameters for a specific provider, refer to our - * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. */ - config: AccessOnetimepin.Config; + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } + } + + export interface AccessOnetimepin { + /** + * The configuration parameters for the identity provider. To view the required + * parameters for a specific provider, refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + config: AccessOnetimepin.Config; /** * The name of the identity provider, shown to users on the login page. @@ -1206,6 +2246,21 @@ export namespace IdentityProvider { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessOnetimepin.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -1222,6 +2277,68 @@ export namespace IdentityProvider { export interface Config { redirect_url?: string; } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } } } @@ -1262,6 +2379,14 @@ export namespace IdentityProviderParam { */ type: IdentityProvidersAPI.IdentityProviderTypeParam; + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -1328,6 +2453,14 @@ export namespace IdentityProviderParam { */ type: IdentityProvidersAPI.IdentityProviderTypeParam; + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -1355,6 +2488,14 @@ export namespace IdentityProviderParam { */ type: IdentityProvidersAPI.IdentityProviderTypeParam; + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -1382,6 +2523,14 @@ export namespace IdentityProviderParam { */ type: IdentityProvidersAPI.IdentityProviderTypeParam; + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -1438,6 +2587,14 @@ export namespace IdentityProviderParam { */ type: IdentityProvidersAPI.IdentityProviderTypeParam; + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -1499,6 +2656,14 @@ export namespace IdentityProviderParam { */ type: IdentityProvidersAPI.IdentityProviderTypeParam; + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -1526,6 +2691,14 @@ export namespace IdentityProviderParam { */ type: IdentityProvidersAPI.IdentityProviderTypeParam; + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -1607,6 +2780,14 @@ export namespace IdentityProviderParam { */ type: IdentityProvidersAPI.IdentityProviderTypeParam; + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -1673,6 +2854,14 @@ export namespace IdentityProviderParam { */ type: IdentityProvidersAPI.IdentityProviderTypeParam; + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -1734,6 +2923,14 @@ export namespace IdentityProviderParam { */ type: IdentityProvidersAPI.IdentityProviderTypeParam; + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -1795,6 +2992,14 @@ export namespace IdentityProviderParam { */ type: IdentityProvidersAPI.IdentityProviderTypeParam; + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -1820,6 +3025,22 @@ export namespace IdentityProviderParam { */ email_attribute_name?: string; + /** + * Enable SAML assertion encryption. When enabled, the Identity Provider will + * encrypt SAML assertions using the certificate from the assigned certificate set. + * + * To enable encryption: + * + * 1. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate` + * 2. Set this field to `true` and include `saml_certificate_set_id` in the PUT + * request + * 3. Configure the public certificate in your external Identity Provider + * + * Note: Requires `saml_certificate_set_id` to be set when `true`. + */ + enable_encryption?: boolean; + /** * Add a list of attribute names that will be returned in the response header from * the Access callback. @@ -1883,6 +3104,14 @@ export namespace IdentityProviderParam { */ type: IdentityProvidersAPI.IdentityProviderTypeParam; + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -1910,6 +3139,14 @@ export namespace IdentityProviderParam { */ type: IdentityProvidersAPI.IdentityProviderTypeParam; + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -2092,6 +3329,21 @@ export namespace IdentityProviderListResponse { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessCentrify.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -2136,6 +3388,68 @@ export namespace IdentityProviderListResponse { */ email_claim_name?: string; } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } } export interface AccessFacebook { @@ -2163,6 +3477,21 @@ export namespace IdentityProviderListResponse { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessFacebook.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -2170,6 +3499,70 @@ export namespace IdentityProviderListResponse { scim_config?: IdentityProvidersAPI.IdentityProviderSCIMConfig; } + export namespace AccessFacebook { + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } + } + export interface AccessGitHub { /** * The configuration parameters for the identity provider. To view the required @@ -2195,6 +3588,21 @@ export namespace IdentityProviderListResponse { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessGitHub.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -2202,6 +3610,70 @@ export namespace IdentityProviderListResponse { scim_config?: IdentityProvidersAPI.IdentityProviderSCIMConfig; } + export namespace AccessGitHub { + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } + } + export interface AccessGoogle { /** * The configuration parameters for the identity provider. To view the required @@ -2227,6 +3699,21 @@ export namespace IdentityProviderListResponse { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessGoogle.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -2261,6 +3748,68 @@ export namespace IdentityProviderListResponse { */ email_claim_name?: string; } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } } export interface AccessGoogleApps { @@ -2288,6 +3837,21 @@ export namespace IdentityProviderListResponse { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessGoogleApps.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -2327,6 +3891,68 @@ export namespace IdentityProviderListResponse { */ email_claim_name?: string; } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } } export interface AccessLinkedin { @@ -2354,6 +3980,21 @@ export namespace IdentityProviderListResponse { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessLinkedin.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -2361,6 +4002,70 @@ export namespace IdentityProviderListResponse { scim_config?: IdentityProvidersAPI.IdentityProviderSCIMConfig; } + export namespace AccessLinkedin { + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } + } + export interface AccessOIDC { /** * The configuration parameters for the identity provider. To view the required @@ -2386,6 +4091,21 @@ export namespace IdentityProviderListResponse { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessOIDC.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -2445,6 +4165,68 @@ export namespace IdentityProviderListResponse { */ token_url?: string; } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } } export interface AccessOkta { @@ -2472,6 +4254,21 @@ export namespace IdentityProviderListResponse { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessOkta.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -2516,6 +4313,68 @@ export namespace IdentityProviderListResponse { */ okta_account?: string; } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } } export interface AccessOnelogin { @@ -2536,12 +4395,27 @@ export namespace IdentityProviderListResponse { * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ - type: IdentityProvidersAPI.IdentityProviderType; + type: IdentityProvidersAPI.IdentityProviderType; + + /** + * UUID. + */ + id?: string; + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessOnelogin.SAMLCertificateSet; /** - * UUID. + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. */ - id?: string; + saml_certificate_set_id?: string; /** * The configuration settings for enabling a System for Cross-Domain Identity @@ -2582,6 +4456,68 @@ export namespace IdentityProviderListResponse { */ onelogin_account?: string; } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } } export interface AccessPingone { @@ -2609,6 +4545,21 @@ export namespace IdentityProviderListResponse { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessPingone.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -2648,6 +4599,68 @@ export namespace IdentityProviderListResponse { */ ping_env_id?: string; } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } } export interface AccessSAML { @@ -2675,6 +4688,21 @@ export namespace IdentityProviderListResponse { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessSAML.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. @@ -2700,6 +4728,22 @@ export namespace IdentityProviderListResponse { */ email_attribute_name?: string; + /** + * Enable SAML assertion encryption. When enabled, the Identity Provider will + * encrypt SAML assertions using the certificate from the assigned certificate set. + * + * To enable encryption: + * + * 1. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate` + * 2. Set this field to `true` and include `saml_certificate_set_id` in the PUT + * request + * 3. Configure the public certificate in your external Identity Provider + * + * Note: Requires `saml_certificate_set_id` to be set when `true`. + */ + enable_encryption?: boolean; + /** * Add a list of attribute names that will be returned in the response header from * the Access callback. @@ -2741,6 +4785,68 @@ export namespace IdentityProviderListResponse { header_name?: string; } } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } } export interface AccessYandex { @@ -2768,12 +4874,91 @@ export namespace IdentityProviderListResponse { */ id?: string; + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessYandex.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * The configuration settings for enabling a System for Cross-Domain Identity * Management (SCIM) with the identity provider. */ scim_config?: IdentityProvidersAPI.IdentityProviderSCIMConfig; } + + export namespace AccessYandex { + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } + } } export interface IdentityProviderDeleteResponse { @@ -2832,6 +5017,14 @@ export declare namespace IdentityProviderCreateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -2927,6 +5120,14 @@ export declare namespace IdentityProviderCreateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -3005,6 +5206,14 @@ export declare namespace IdentityProviderCreateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -3044,6 +5253,14 @@ export declare namespace IdentityProviderCreateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -3083,6 +5300,14 @@ export declare namespace IdentityProviderCreateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -3151,6 +5376,14 @@ export declare namespace IdentityProviderCreateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -3224,6 +5457,14 @@ export declare namespace IdentityProviderCreateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -3263,6 +5504,14 @@ export declare namespace IdentityProviderCreateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -3356,6 +5605,14 @@ export declare namespace IdentityProviderCreateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -3434,6 +5691,14 @@ export declare namespace IdentityProviderCreateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -3507,6 +5772,14 @@ export declare namespace IdentityProviderCreateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -3580,6 +5853,14 @@ export declare namespace IdentityProviderCreateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -3605,6 +5886,22 @@ export declare namespace IdentityProviderCreateParams { */ email_attribute_name?: string; + /** + * Enable SAML assertion encryption. When enabled, the Identity Provider will + * encrypt SAML assertions using the certificate from the assigned certificate set. + * + * To enable encryption: + * + * 1. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate` + * 2. Set this field to `true` and include `saml_certificate_set_id` in the PUT + * request + * 3. Configure the public certificate in your external Identity Provider + * + * Note: Requires `saml_certificate_set_id` to be set when `true`. + */ + enable_encryption?: boolean; + /** * Add a list of attribute names that will be returned in the response header from * the Access callback. @@ -3680,6 +5977,14 @@ export declare namespace IdentityProviderCreateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -3719,6 +6024,14 @@ export declare namespace IdentityProviderCreateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -3785,6 +6098,14 @@ export declare namespace IdentityProviderUpdateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -3880,6 +6201,14 @@ export declare namespace IdentityProviderUpdateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -3958,6 +6287,14 @@ export declare namespace IdentityProviderUpdateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -3997,6 +6334,14 @@ export declare namespace IdentityProviderUpdateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -4036,6 +6381,14 @@ export declare namespace IdentityProviderUpdateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -4104,6 +6457,14 @@ export declare namespace IdentityProviderUpdateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -4177,6 +6538,14 @@ export declare namespace IdentityProviderUpdateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -4216,6 +6585,14 @@ export declare namespace IdentityProviderUpdateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -4309,6 +6686,14 @@ export declare namespace IdentityProviderUpdateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -4387,6 +6772,14 @@ export declare namespace IdentityProviderUpdateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -4460,6 +6853,14 @@ export declare namespace IdentityProviderUpdateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -4533,6 +6934,14 @@ export declare namespace IdentityProviderUpdateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -4558,6 +6967,22 @@ export declare namespace IdentityProviderUpdateParams { */ email_attribute_name?: string; + /** + * Enable SAML assertion encryption. When enabled, the Identity Provider will + * encrypt SAML assertions using the certificate from the assigned certificate set. + * + * To enable encryption: + * + * 1. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate` + * 2. Set this field to `true` and include `saml_certificate_set_id` in the PUT + * request + * 3. Configure the public certificate in your external Identity Provider + * + * Note: Requires `saml_certificate_set_id` to be set when `true`. + */ + enable_encryption?: boolean; + /** * Add a list of attribute names that will be returned in the response header from * the Access callback. @@ -4633,6 +7058,14 @@ export declare namespace IdentityProviderUpdateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -4672,6 +7105,14 @@ export declare namespace IdentityProviderUpdateParams { */ zone_id?: string; + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + /** * Body param: The configuration settings for enabling a System for Cross-Domain * Identity Management (SCIM) with the identity provider. @@ -4736,6 +7177,7 @@ export interface IdentityProviderGetParams { IdentityProviders.IdentityProviderListResponsesV4PagePaginationArray = IdentityProviderListResponsesV4PagePaginationArray; IdentityProviders.SCIM = SCIM; +IdentityProviders.SAMLCertificate = SAMLCertificate; export declare namespace IdentityProviders { export { @@ -4755,4 +7197,10 @@ export declare namespace IdentityProviders { }; export { SCIM as SCIM }; + + export { + SAMLCertificate as SAMLCertificate, + type SAMLCertificateCreateResponse as SAMLCertificateCreateResponse, + type SAMLCertificateCreateParams as SAMLCertificateCreateParams, + }; } diff --git a/src/resources/zero-trust/identity-providers/index.ts b/src/resources/zero-trust/identity-providers/index.ts index a254a5fb78..20d2e99f41 100644 --- a/src/resources/zero-trust/identity-providers/index.ts +++ b/src/resources/zero-trust/identity-providers/index.ts @@ -16,4 +16,9 @@ export { type IdentityProviderDeleteParams, type IdentityProviderGetParams, } from './identity-providers'; +export { + SAMLCertificate, + type SAMLCertificateCreateResponse, + type SAMLCertificateCreateParams, +} from './saml-certificate'; export { SCIM } from './scim/index'; diff --git a/src/resources/zero-trust/identity-providers/saml-certificate.ts b/src/resources/zero-trust/identity-providers/saml-certificate.ts new file mode 100644 index 0000000000..7b98e6b3cb --- /dev/null +++ b/src/resources/zero-trust/identity-providers/saml-certificate.ts @@ -0,0 +1,119 @@ +// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. + +import { APIResource } from '../../../resource'; +import * as Core from '../../../core'; + +export class SAMLCertificate extends APIResource { + /** + * Creates a new SAML encryption certificate set and assigns it to the specified + * SAML Identity Provider. This endpoint is idempotent - if the IdP already has a + * certificate set assigned, the existing certificate set is returned with a 200 + * status. + * + * **Workflow for enabling SAML encryption:** + * + * 1. Call this endpoint to create and assign a certificate set to the IdP + * 2. Update the IdP configuration (PUT `/identity_providers/{id}`) with: + * - `config.enable_encryption: true` + * - `saml_certificate_set_id: ` + * 3. Configure the certificate's public key in your external SAML Identity + * Provider + * + * @example + * ```ts + * const samlCertificate = + * await client.zeroTrust.identityProviders.samlCertificate.create( + * 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', + * { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + * ); + * ``` + */ + create( + identityProviderId: string, + params: SAMLCertificateCreateParams, + options?: Core.RequestOptions, + ): Core.APIPromise { + const { account_id } = params; + return ( + this._client.post( + `/accounts/${account_id}/access/identity_providers/${identityProviderId}/saml_certificate`, + options, + ) as Core.APIPromise<{ result: SAMLCertificateCreateResponse }> + )._thenUnwrap((obj) => obj.result); + } +} + +/** + * A SAML encryption certificate set containing current and optionally previous + * certificates for encryption key rotation. + */ +export interface SAMLCertificateCreateResponse { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateCreateResponse.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; +} + +export namespace SAMLCertificateCreateResponse { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } +} + +export interface SAMLCertificateCreateParams { + /** + * Identifier. + */ + account_id: string; +} + +export declare namespace SAMLCertificate { + export { + type SAMLCertificateCreateResponse as SAMLCertificateCreateResponse, + type SAMLCertificateCreateParams as SAMLCertificateCreateParams, + }; +} diff --git a/tests/api-resources/zero-trust/access/saml-certificates.test.ts b/tests/api-resources/zero-trust/access/saml-certificates.test.ts new file mode 100644 index 0000000000..7cb48a1260 --- /dev/null +++ b/tests/api-resources/zero-trust/access/saml-certificates.test.ts @@ -0,0 +1,90 @@ +// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. + +import Cloudflare from 'cloudflare'; +import { Response } from 'node-fetch'; + +const client = new Cloudflare({ + apiKey: '144c9defac04969c7bfad8efaa8ea194', + apiEmail: 'user@example.com', + baseURL: process.env['TEST_API_BASE_URL'] ?? 'http://127.0.0.1:4010', +}); + +describe('resource samlCertificates', () => { + // HTTP 404 error from prism + test.skip('list: only required params', async () => { + const responsePromise = client.zeroTrust.access.samlCertificates.list({ + account_id: '023e105f4ecef8ad9ca31a8372d0c353', + }); + const rawResponse = await responsePromise.asResponse(); + expect(rawResponse).toBeInstanceOf(Response); + const response = await responsePromise; + expect(response).not.toBeInstanceOf(Response); + const dataAndResponse = await responsePromise.withResponse(); + expect(dataAndResponse.data).toBe(response); + expect(dataAndResponse.response).toBe(rawResponse); + }); + + // HTTP 404 error from prism + test.skip('list: required and optional params', async () => { + const response = await client.zeroTrust.access.samlCertificates.list({ + account_id: '023e105f4ecef8ad9ca31a8372d0c353', + id: 'a5bb4b3f-c2d1-4e6a-8f9b-1d3e4f5a6b7c,f174e90a-fafe-4643-bbbc-4a0ed4fc8415', + page: 1, + per_page: 1, + }); + }); + + // HTTP 404 error from prism + test.skip('get: only required params', async () => { + const responsePromise = client.zeroTrust.access.samlCertificates.get( + 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', + { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + ); + const rawResponse = await responsePromise.asResponse(); + expect(rawResponse).toBeInstanceOf(Response); + const response = await responsePromise; + expect(response).not.toBeInstanceOf(Response); + const dataAndResponse = await responsePromise.withResponse(); + expect(dataAndResponse.data).toBe(response); + expect(dataAndResponse.response).toBe(rawResponse); + }); + + // HTTP 404 error from prism + test.skip('get: required and optional params', async () => { + const response = await client.zeroTrust.access.samlCertificates.get( + 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', + { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + ); + }); + + // HTTP 404 error from prism + test.skip('getPem: required and optional params', async () => { + const response = await client.zeroTrust.access.samlCertificates.getPem( + 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', + { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + ); + }); + + // HTTP 404 error from prism + test.skip('rotate: only required params', async () => { + const responsePromise = client.zeroTrust.access.samlCertificates.rotate( + 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', + { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + ); + const rawResponse = await responsePromise.asResponse(); + expect(rawResponse).toBeInstanceOf(Response); + const response = await responsePromise; + expect(response).not.toBeInstanceOf(Response); + const dataAndResponse = await responsePromise.withResponse(); + expect(dataAndResponse.data).toBe(response); + expect(dataAndResponse.response).toBe(rawResponse); + }); + + // HTTP 404 error from prism + test.skip('rotate: required and optional params', async () => { + const response = await client.zeroTrust.access.samlCertificates.rotate( + 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', + { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + ); + }); +}); diff --git a/tests/api-resources/zero-trust/identity-providers/identity-providers.test.ts b/tests/api-resources/zero-trust/identity-providers/identity-providers.test.ts index 64e3727786..fdf996992d 100644 --- a/tests/api-resources/zero-trust/identity-providers/identity-providers.test.ts +++ b/tests/api-resources/zero-trust/identity-providers/identity-providers.test.ts @@ -43,6 +43,7 @@ describe('resource identityProviders', () => { name: 'Widget Corps IDP', type: 'onetimepin', account_id: 'account_id', + saml_certificate_set_id: 'c409ef44-e72c-41c8-8c0b-278c8a6f4fd8', scim_config: { enabled: true, identity_update_behavior: 'automatic', @@ -88,6 +89,7 @@ describe('resource identityProviders', () => { name: 'Widget Corps IDP', type: 'onetimepin', account_id: 'account_id', + saml_certificate_set_id: 'c409ef44-e72c-41c8-8c0b-278c8a6f4fd8', scim_config: { enabled: true, identity_update_behavior: 'automatic', diff --git a/tests/api-resources/zero-trust/identity-providers/saml-certificate.test.ts b/tests/api-resources/zero-trust/identity-providers/saml-certificate.test.ts new file mode 100644 index 0000000000..4d5c01dd74 --- /dev/null +++ b/tests/api-resources/zero-trust/identity-providers/saml-certificate.test.ts @@ -0,0 +1,35 @@ +// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. + +import Cloudflare from 'cloudflare'; +import { Response } from 'node-fetch'; + +const client = new Cloudflare({ + apiKey: '144c9defac04969c7bfad8efaa8ea194', + apiEmail: 'user@example.com', + baseURL: process.env['TEST_API_BASE_URL'] ?? 'http://127.0.0.1:4010', +}); + +describe('resource samlCertificate', () => { + // HTTP 404 error from prism + test.skip('create: only required params', async () => { + const responsePromise = client.zeroTrust.identityProviders.samlCertificate.create( + 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', + { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + ); + const rawResponse = await responsePromise.asResponse(); + expect(rawResponse).toBeInstanceOf(Response); + const response = await responsePromise; + expect(response).not.toBeInstanceOf(Response); + const dataAndResponse = await responsePromise.withResponse(); + expect(dataAndResponse.data).toBe(response); + expect(dataAndResponse.response).toBe(rawResponse); + }); + + // HTTP 404 error from prism + test.skip('create: required and optional params', async () => { + const response = await client.zeroTrust.identityProviders.samlCertificate.create( + 'f174e90a-fafe-4643-bbbc-4a0ed4fc8415', + { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, + ); + }); +}); From 22e2a094dabbe5ac001eb32545c553edc271c497 Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Tue, 19 May 2026 14:15:46 -0700 Subject: [PATCH 17/19] chore: sync codegen metadata from staging-next --- .stats.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.stats.yml b/.stats.yml index 57c3771824..3a6ad498e2 100644 --- a/.stats.yml +++ b/.stats.yml @@ -1,4 +1,4 @@ configured_endpoints: 2269 openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-a6c352830d1270d0abb5bb983058ea21815e1bb7d2e163965335dcb0e706f057.yml -openapi_spec_hash: 8540f176024efef3ee799015ad4a2dd9 +openapi_spec_hash: d440b6377c255296d9fdc0b89e59b511 config_hash: 86a9b8037b215f0a9c5c69239f9c6cfd From 54b7f0744b3616df974954382692af0d8d45f284 Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Tue, 19 May 2026 14:16:54 -0700 Subject: [PATCH 18/19] chore(organizations): update codegen output --- src/resources/organizations/organization-profile.ts | 4 ++-- src/resources/organizations/organizations.ts | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/resources/organizations/organization-profile.ts b/src/resources/organizations/organization-profile.ts index 30e8d3acd1..b4fec7ec80 100644 --- a/src/resources/organizations/organization-profile.ts +++ b/src/resources/organizations/organization-profile.ts @@ -5,7 +5,7 @@ import * as Core from '../../core'; export class OrganizationProfileResource extends APIResource { /** - * Modify organization profile. (Currently in Closed Beta - see + * Modify organization profile. (Currently in Public Beta - see * https://developers.cloudflare.com/fundamentals/organizations/) */ update( @@ -21,7 +21,7 @@ export class OrganizationProfileResource extends APIResource { } /** - * Get an organizations profile if it exists. (Currently in Closed Beta - see + * Get an organizations profile if it exists. (Currently in Public Beta - see * https://developers.cloudflare.com/fundamentals/organizations/) */ get(organizationId: string, options?: Core.RequestOptions): Core.APIPromise { diff --git a/src/resources/organizations/organizations.ts b/src/resources/organizations/organizations.ts index cb4c6b8d56..24029702e7 100644 --- a/src/resources/organizations/organizations.ts +++ b/src/resources/organizations/organizations.ts @@ -19,7 +19,7 @@ export class Organizations extends APIResource { logs: LogsAPI.Logs = new LogsAPI.Logs(this._client); /** - * Create a new organization for a user. (Currently in Closed Beta - see + * Create a new organization for a user. (Currently in Public Beta - see * https://developers.cloudflare.com/fundamentals/organizations/) */ create(body: OrganizationCreateParams, options?: Core.RequestOptions): Core.APIPromise { @@ -29,7 +29,7 @@ export class Organizations extends APIResource { } /** - * Modify organization. (Currently in Closed Beta - see + * Modify organization. (Currently in Public Beta - see * https://developers.cloudflare.com/fundamentals/organizations/) */ update( @@ -46,7 +46,7 @@ export class Organizations extends APIResource { /** * Retrieve a list of organizations a particular user has access to. (Currently in - * Closed Beta - see https://developers.cloudflare.com/fundamentals/organizations/) + * Public Beta - see https://developers.cloudflare.com/fundamentals/organizations/) */ list( query?: OrganizationListParams, @@ -66,7 +66,7 @@ export class Organizations extends APIResource { /** * Delete an organization. The organization MUST be empty before deleting. It must * not contain any sub-organizations, accounts, members or users. (Currently in - * Closed Beta - see https://developers.cloudflare.com/fundamentals/organizations/) + * Public Beta - see https://developers.cloudflare.com/fundamentals/organizations/) */ delete(organizationId: string, options?: Core.RequestOptions): Core.APIPromise { return ( @@ -77,7 +77,7 @@ export class Organizations extends APIResource { } /** - * Retrieve the details of a certain organization. (Currently in Closed Beta - see + * Retrieve the details of a certain organization. (Currently in Public Beta - see * https://developers.cloudflare.com/fundamentals/organizations/) */ get(organizationId: string, options?: Core.RequestOptions): Core.APIPromise { From ec2f5b88f8f7f1df412480c018206d708d79f176 Mon Sep 17 00:00:00 2001 From: "stainless-app[bot]" <142633134+stainless-app[bot]@users.noreply.github.com> Date: Wed, 20 May 2026 00:01:52 +0000 Subject: [PATCH 19/19] release: 6.3.0 --- .release-please-manifest.json | 2 +- CHANGELOG.md | 27 +++++++++++++++++++++++++++ package.json | 2 +- src/version.ts | 2 +- 4 files changed, 30 insertions(+), 3 deletions(-) diff --git a/.release-please-manifest.json b/.release-please-manifest.json index e1e352c16b..5c753b4415 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "6.2.0" + ".": "6.3.0" } diff --git a/CHANGELOG.md b/CHANGELOG.md index 591c8330f2..1e95caa313 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,32 @@ # Changelog +## 6.3.0 (2026-05-20) + +Full Changelog: [v6.2.0...v6.3.0](https://github.com/cloudflare/cloudflare-typescript/compare/v6.2.0...v6.3.0) + +### Features + +* **r2:** add objects sub-resource ([94a26fc](https://github.com/cloudflare/cloudflare-typescript/commit/94a26fcd9d316f31557530799f449f202f372661)) +* **secrets-store:** add stores.get method ([542f312](https://github.com/cloudflare/cloudflare-typescript/commit/542f312097c920c73cb0a6934033483cb4052c64)) +* **workers-for-platforms:** add scripts.secrets.bulkUpdate ([840cea9](https://github.com/cloudflare/cloudflare-typescript/commit/840cea9310ae4b9744e98ff13c57061c173e188e)) +* **workers:** add observability.queries sub-resource ([d1f8d27](https://github.com/cloudflare/cloudflare-typescript/commit/d1f8d27e71125cce1c27287603c8c11845edf574)) +* **zero-trust:** add saml-certificates resource ([4d75785](https://github.com/cloudflare/cloudflare-typescript/commit/4d7578567d8b94c6466bacf75357a2f049b839b0)) + + +### Chores + +* **aisearch:** update codegen output ([49c2987](https://github.com/cloudflare/cloudflare-typescript/commit/49c2987241552917a780fabc05953b1c6358353c)) +* **ai:** update codegen output ([a3ba7fc](https://github.com/cloudflare/cloudflare-typescript/commit/a3ba7fc0bd0f2913169fc4de1b2278aa9052f6f6)) +* **cloudforce-one:** update codegen output ([0aa9ae0](https://github.com/cloudflare/cloudflare-typescript/commit/0aa9ae06af4a4e09eea8f0a51f37fb22c94ed003)) +* **custom-certificates:** update codegen output ([6e90245](https://github.com/cloudflare/cloudflare-typescript/commit/6e9024567fe8fb85d9e243845efd2377d0c91de7)) +* **intel:** update codegen output ([b471160](https://github.com/cloudflare/cloudflare-typescript/commit/b471160c54197be75971f3467165c244cd998d57)) +* **logpush:** update codegen output ([5bc2413](https://github.com/cloudflare/cloudflare-typescript/commit/5bc24136687dcfa7deea0a35c2eb7e9a3371040c)) +* **organizations:** update codegen output ([54b7f07](https://github.com/cloudflare/cloudflare-typescript/commit/54b7f0744b3616df974954382692af0d8d45f284)) +* **radar:** update codegen output ([d5bc24a](https://github.com/cloudflare/cloudflare-typescript/commit/d5bc24acb9898fcb40e66690d87808186a03788e)) +* **spectrum:** update codegen output ([1afad1f](https://github.com/cloudflare/cloudflare-typescript/commit/1afad1fcad0f6d6804e8f1bb91aa02346d14967f)) +* sync codegen metadata from staging-next ([22e2a09](https://github.com/cloudflare/cloudflare-typescript/commit/22e2a094dabbe5ac001eb32545c553edc271c497)) +* sync codegen metadata from staging-next ([7e4b075](https://github.com/cloudflare/cloudflare-typescript/commit/7e4b0750d9ffcd43896856f0079d76cfcae02d5f)) + ## 6.2.0 (2026-05-14) Full Changelog: [v6.1.0...v6.2.0](https://github.com/cloudflare/cloudflare-typescript/compare/v6.1.0...v6.2.0) diff --git a/package.json b/package.json index e8033c9eda..412ebc02fb 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "cloudflare", - "version": "6.2.0", + "version": "6.3.0", "description": "The official TypeScript library for the Cloudflare API", "author": "Cloudflare ", "types": "dist/index.d.ts", diff --git a/src/version.ts b/src/version.ts index 04d2e64376..e33d7ab0fd 100644 --- a/src/version.ts +++ b/src/version.ts @@ -1 +1 @@ -export const VERSION = '6.2.0'; // x-release-please-version +export const VERSION = '6.3.0'; // x-release-please-version