From fdef4124ac49e07c1406de920ce98b56f9daf764 Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Wed, 20 May 2026 09:18:25 -0700 Subject: [PATCH 1/4] chore: sync codegen metadata from staging-next --- .stats.yml | 6 +++--- scripts/detect-breaking-changes | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.stats.yml b/.stats.yml index 3a6ad498e2..dc3340493b 100644 --- a/.stats.yml +++ b/.stats.yml @@ -1,4 +1,4 @@ -configured_endpoints: 2269 +configured_endpoints: 2272 openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-a6c352830d1270d0abb5bb983058ea21815e1bb7d2e163965335dcb0e706f057.yml -openapi_spec_hash: d440b6377c255296d9fdc0b89e59b511 -config_hash: 86a9b8037b215f0a9c5c69239f9c6cfd +openapi_spec_hash: f60cc2af36bbe305cda4bc0ad0617ff6 +config_hash: 0148d517bb02129e9e259f11db3933eb diff --git a/scripts/detect-breaking-changes b/scripts/detect-breaking-changes index 7920d4f14c..79d033667d 100755 --- a/scripts/detect-breaking-changes +++ b/scripts/detect-breaking-changes @@ -20,6 +20,8 @@ TEST_PATHS=( tests/api-resources/organizations/organization-profile.test.ts tests/api-resources/organizations/logs/logs.test.ts tests/api-resources/organizations/logs/audit.test.ts + tests/api-resources/organizations/billing/billing.test.ts + tests/api-resources/organizations/billing/usage.test.ts tests/api-resources/origin-ca-certificates.test.ts tests/api-resources/ips.test.ts tests/api-resources/memberships.test.ts @@ -279,6 +281,7 @@ TEST_PATHS=( tests/api-resources/audit-logs.test.ts tests/api-resources/billing/billing.test.ts tests/api-resources/billing/profiles.test.ts + tests/api-resources/billing/usage.test.ts tests/api-resources/brand-protection/brand-protection.test.ts tests/api-resources/brand-protection/queries.test.ts tests/api-resources/brand-protection/matches.test.ts From 2c93faf7528942340b7baaa322903a68b0274b2d Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Wed, 20 May 2026 09:22:34 -0700 Subject: [PATCH 2/4] feat(organizations): add billing sub-resource --- src/resources/organizations/api.md | 12 + src/resources/organizations/billing.ts | 3 + .../organizations/billing/billing.ts | 15 + src/resources/organizations/billing/index.ts | 4 + src/resources/organizations/billing/usage.ts | 270 ++++++++++++++++++ src/resources/organizations/index.ts | 1 + src/resources/organizations/organizations.ts | 6 + .../organizations/billing/usage.test.ts | 47 +++ .../organizations/logs/audit.test.ts | 4 +- 9 files changed, 360 insertions(+), 2 deletions(-) create mode 100644 src/resources/organizations/billing.ts create mode 100644 src/resources/organizations/billing/billing.ts create mode 100644 src/resources/organizations/billing/index.ts create mode 100644 src/resources/organizations/billing/usage.ts create mode 100644 tests/api-resources/organizations/billing/usage.test.ts diff --git a/src/resources/organizations/api.md b/src/resources/organizations/api.md index cde589d54b..fa03e39571 100644 --- a/src/resources/organizations/api.md +++ b/src/resources/organizations/api.md @@ -35,3 +35,15 @@ Types: Methods: - client.organizations.logs.audit.list(organizationId, { ...params }) -> AuditListResponsesCursorPaginationAfter + +## Billing + +### Usage + +Types: + +- UsageGetResponse + +Methods: + +- client.organizations.billing.usage.get(organizationId, { ...params }) -> UsageGetResponse diff --git a/src/resources/organizations/billing.ts b/src/resources/organizations/billing.ts new file mode 100644 index 0000000000..565ff303e6 --- /dev/null +++ b/src/resources/organizations/billing.ts @@ -0,0 +1,3 @@ +// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. + +export * from './billing/index'; diff --git a/src/resources/organizations/billing/billing.ts b/src/resources/organizations/billing/billing.ts new file mode 100644 index 0000000000..98cc8ca70e --- /dev/null +++ b/src/resources/organizations/billing/billing.ts @@ -0,0 +1,15 @@ +// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. + +import { APIResource } from '../../../resource'; +import * as UsageAPI from './usage'; +import { Usage, UsageGetParams, UsageGetResponse } from './usage'; + +export class Billing extends APIResource { + usage: UsageAPI.Usage = new UsageAPI.Usage(this._client); +} + +Billing.Usage = Usage; + +export declare namespace Billing { + export { Usage as Usage, type UsageGetResponse as UsageGetResponse, type UsageGetParams as UsageGetParams }; +} diff --git a/src/resources/organizations/billing/index.ts b/src/resources/organizations/billing/index.ts new file mode 100644 index 0000000000..625598c954 --- /dev/null +++ b/src/resources/organizations/billing/index.ts @@ -0,0 +1,4 @@ +// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. + +export { Billing } from './billing'; +export { Usage, type UsageGetResponse, type UsageGetParams } from './usage'; diff --git a/src/resources/organizations/billing/usage.ts b/src/resources/organizations/billing/usage.ts new file mode 100644 index 0000000000..211cd0892d --- /dev/null +++ b/src/resources/organizations/billing/usage.ts @@ -0,0 +1,270 @@ +// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. + +import { APIResource } from '../../../resource'; +import { isRequestOptions } from '../../../core'; +import * as Core from '../../../core'; + +export class Usage extends APIResource { + /** + * Returns cost and usage data for all accounts within an organization, aligned + * with the [FinOps FOCUS v1.3](https://focus.finops.org/focus-specification/v1-3/) + * Cost and Usage dataset specification. + * + * Each record represents one billable metric for one account on one day. This + * includes all metered usage, including usage that falls within free-tier + * allowances and may result in zero cost. The response includes usage for every + * account belonging to the specified organization. + * + * **Note:** Cost and pricing fields are not yet populated and will be absent from + * responses until billing integration is complete. + * + * When `from` and `to` are omitted, defaults to the start of the current month + * through today. The maximum date range is 31 days. + */ + get( + organizationId: string, + query?: UsageGetParams, + options?: Core.RequestOptions, + ): Core.APIPromise; + get(organizationId: string, options?: Core.RequestOptions): Core.APIPromise; + get( + organizationId: string, + query: UsageGetParams | Core.RequestOptions = {}, + options?: Core.RequestOptions, + ): Core.APIPromise { + if (isRequestOptions(query)) { + return this.get(organizationId, {}, query); + } + return ( + this._client.get(`/organizations/${organizationId}/billable/usage`, { + query, + ...options, + }) as Core.APIPromise<{ result: UsageGetResponse }> + )._thenUnwrap((obj) => obj.result); + } +} + +/** + * Contains the array of cost and usage records. + */ +export type UsageGetResponse = Array; + +export namespace UsageGetResponse { + /** + * A single cost and usage record for a metered product within a specific charge + * period, aligned with the FinOps FOCUS v1.3 specification. + */ + export interface UsageGetResponseItem { + /** + * Public identifier of the Cloudflare account (account tag). + */ + BillingAccountId: string; + + /** + * Display name of the Cloudflare account. + */ + BillingAccountName: string; + + /** + * Highest-level classification of a charge based on the nature of how it gets + * billed. Currently only "Usage" is supported. + */ + ChargeCategory: 'Usage'; + + /** + * Self-contained summary of the charge's purpose and price. + */ + ChargeDescription: string; + + /** + * Indicates how often a charge occurs. Currently only "Usage-Based" is supported. + */ + ChargeFrequency: 'Usage-Based'; + + /** + * Exclusive end of the time interval during which the usage was consumed. + */ + ChargePeriodEnd: string; + + /** + * Inclusive start of the time interval during which the usage was consumed. + */ + ChargePeriodStart: string; + + /** + * Measured usage amount within the charge period. Reflects raw metered consumption + * before pricing transformations. + */ + ConsumedQuantity: number; + + /** + * Unit of measure for the consumed quantity (e.g., "GB", "Requests", + * "vCPU-Hours"). + */ + ConsumedUnit: string; + + /** + * Name of the entity providing the underlying infrastructure or platform. + */ + HostProviderName: string; + + /** + * Name of the entity responsible for invoicing for the services consumed. + */ + InvoiceIssuerName: string; + + /** + * Name of the entity that made the services available for purchase. + */ + ServiceProviderName: string; + + /** + * The display name of the billable metric. Cloudflare extension; replaces FOCUS + * SkuMeter. + */ + x_BillableMetricName: string; + + /** + * A charge serving as the basis for invoicing, inclusive of all reduced rates and + * discounts while excluding the amortization of upfront charges (one-time or + * recurring). + */ + BilledCost?: number | null; + + /** + * Currency that a charge was billed in (ISO 4217). + */ + BillingCurrency?: string | null; + + /** + * Exclusive end of the billing cycle that contains this usage record. + */ + BillingPeriodEnd?: string | null; + + /** + * Inclusive start of the billing cycle that contains this usage record. + */ + BillingPeriodStart?: string | null; + + /** + * Indicates whether the row represents a correction to one or more charges + * invoiced in a previous billing period. + */ + ChargeClass?: 'Correction' | null; + + /** + * Cost calculated by multiplying ContractedUnitPrice and the corresponding + * PricingQuantity. + */ + ContractedCost?: number | null; + + /** + * The agreed-upon unit price for a single PricingUnit of the associated billable + * metric, inclusive of negotiated discounts, if present, while excluding any other + * discounts. + */ + ContractedUnitPrice?: number | null; + + /** + * The amortized cost of the charge after applying all reduced rates, discounts, + * and the applicable portion of relevant, prepaid purchases (one-time or + * recurring) that covered the charge. + */ + EffectiveCost?: number | null; + + /** + * Cost calculated by multiplying ListUnitPrice and the corresponding + * PricingQuantity. + */ + ListCost?: number | null; + + /** + * Suggested provider-published unit price for a single PricingUnit of the + * associated billable metric, exclusive of any discounts. + */ + ListUnitPrice?: number | null; + + /** + * Volume of a given service used or purchased, based on the PricingUnit. + */ + PricingQuantity?: number | null; + + /** + * Provider-specified measurement unit for determining unit prices, indicating how + * the provider rates measured usage after applying pricing rules like block + * pricing. + */ + PricingUnit?: string | null; + + /** + * Provider-assigned identifier for an isolated geographic area where a service is + * provided. + */ + RegionId?: string | null; + + /** + * Name of an isolated geographic area where a service is provided. + */ + RegionName?: string | null; + + /** + * Unique identifier assigned to a grouping of services. For Cloudflare, this is + * the subscription or contract ID. + */ + SubAccountId?: string; + + /** + * Name assigned to a grouping of services. For Cloudflare, this is the + * subscription or contract display name. + */ + SubAccountName?: string; + + /** + * The unique identifier for the billable metric in the Cloudflare catalog. + * Cloudflare extension; replaces FOCUS SkuId. + */ + x_BillableMetricId?: string; + + /** + * The product family the charge belongs to (e.g., "R2", "Workers"). Cloudflare + * extension; replaces FOCUS ServiceName. + */ + x_ProductFamilyName?: string; + + /** + * The identifier for the Cloudflare zone (zone tag). Cloudflare extension. + */ + x_ZoneId?: string | null; + + /** + * The display name of the Cloudflare zone. Cloudflare extension. + */ + x_ZoneName?: string | null; + } +} + +export interface UsageGetParams { + /** + * Start date for the usage query (ISO 8601). Required if `to` is set. When omitted + * along with `to`, defaults to the start of the current month. Filters by charge + * period (when consumption happened), not billing period. The maximum date range + * is 31 days. + */ + from?: string; + + /** + * Filter results by billable metric id (e.g., workers_standard_requests). + */ + metric?: string; + + /** + * End date for the usage query (ISO 8601). Required if `from` is set. When omitted + * along with `from`, defaults to today. Filters by charge period (when consumption + * happened), not billing period. The maximum date range is 31 days. + */ + to?: string; +} + +export declare namespace Usage { + export { type UsageGetResponse as UsageGetResponse, type UsageGetParams as UsageGetParams }; +} diff --git a/src/resources/organizations/index.ts b/src/resources/organizations/index.ts index 1f684f2e80..dd4b054979 100644 --- a/src/resources/organizations/index.ts +++ b/src/resources/organizations/index.ts @@ -1,5 +1,6 @@ // File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. +export { Billing } from './billing/index'; export { Logs } from './logs/index'; export { OrganizationProfileResource, diff --git a/src/resources/organizations/organizations.ts b/src/resources/organizations/organizations.ts index 24029702e7..05631945fe 100644 --- a/src/resources/organizations/organizations.ts +++ b/src/resources/organizations/organizations.ts @@ -9,6 +9,8 @@ import { OrganizationProfileResource, OrganizationProfileUpdateParams, } from './organization-profile'; +import * as BillingAPI from './billing/billing'; +import { Billing } from './billing/billing'; import * as LogsAPI from './logs/logs'; import { Logs } from './logs/logs'; import { SinglePage } from '../../pagination'; @@ -17,6 +19,7 @@ export class Organizations extends APIResource { organizationProfile: OrganizationProfileAPI.OrganizationProfileResource = new OrganizationProfileAPI.OrganizationProfileResource(this._client); logs: LogsAPI.Logs = new LogsAPI.Logs(this._client); + billing: BillingAPI.Billing = new BillingAPI.Billing(this._client); /** * Create a new organization for a user. (Currently in Public Beta - see @@ -300,6 +303,7 @@ export namespace OrganizationListParams { Organizations.OrganizationsSinglePage = OrganizationsSinglePage; Organizations.OrganizationProfileResource = OrganizationProfileResource; Organizations.Logs = Logs; +Organizations.Billing = Billing; export declare namespace Organizations { export { @@ -318,4 +322,6 @@ export declare namespace Organizations { }; export { Logs as Logs }; + + export { Billing as Billing }; } diff --git a/tests/api-resources/organizations/billing/usage.test.ts b/tests/api-resources/organizations/billing/usage.test.ts new file mode 100644 index 0000000000..3c959876b9 --- /dev/null +++ b/tests/api-resources/organizations/billing/usage.test.ts @@ -0,0 +1,47 @@ +// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. + +import Cloudflare from 'cloudflare'; +import { Response } from 'node-fetch'; + +const client = new Cloudflare({ + apiKey: '144c9defac04969c7bfad8efaa8ea194', + apiEmail: 'user@example.com', + baseURL: process.env['TEST_API_BASE_URL'] ?? 'http://127.0.0.1:4010', +}); + +describe('resource usage', () => { + test('get', async () => { + const responsePromise = client.organizations.billing.usage.get('023e105f4ecef8ad9ca31a8372d0c353'); + const rawResponse = await responsePromise.asResponse(); + expect(rawResponse).toBeInstanceOf(Response); + const response = await responsePromise; + expect(response).not.toBeInstanceOf(Response); + const dataAndResponse = await responsePromise.withResponse(); + expect(dataAndResponse.data).toBe(response); + expect(dataAndResponse.response).toBe(rawResponse); + }); + + test('get: request options instead of params are passed correctly', async () => { + // ensure the request options are being passed correctly by passing an invalid HTTP method in order to cause an error + await expect( + client.organizations.billing.usage.get('023e105f4ecef8ad9ca31a8372d0c353', { + path: '/_stainless_unknown_path', + }), + ).rejects.toThrow(Cloudflare.NotFoundError); + }); + + test('get: request options and params are passed correctly', async () => { + // ensure the request options are being passed correctly by passing an invalid HTTP method in order to cause an error + await expect( + client.organizations.billing.usage.get( + '023e105f4ecef8ad9ca31a8372d0c353', + { + from: '2025-05-01', + metric: 'workers_standard_requests', + to: '2025-05-31', + }, + { path: '/_stainless_unknown_path' }, + ), + ).rejects.toThrow(Cloudflare.NotFoundError); + }); +}); diff --git a/tests/api-resources/organizations/logs/audit.test.ts b/tests/api-resources/organizations/logs/audit.test.ts index 23ff07799e..d56134d36b 100644 --- a/tests/api-resources/organizations/logs/audit.test.ts +++ b/tests/api-resources/organizations/logs/audit.test.ts @@ -10,7 +10,7 @@ const client = new Cloudflare({ }); describe('resource audit', () => { - // TODO: required params 'since' and 'before' not populated by Prism mock + // TODO DS-16345: required params 'since' and 'before' not populated by Prism mock test.skip('list: only required params', async () => { const responsePromise = client.organizations.logs.audit.list('a67e14daa5f8dceeb91fe5449ba496ef', { before: '2024-10-31', @@ -25,7 +25,7 @@ describe('resource audit', () => { expect(dataAndResponse.response).toBe(rawResponse); }); - // TODO: required params 'since' and 'before' not populated by Prism mock + // TODO DS-16345: required params 'since' and 'before' not populated by Prism mock test.skip('list: required and optional params', async () => { const response = await client.organizations.logs.audit.list('a67e14daa5f8dceeb91fe5449ba496ef', { before: '2024-10-31', From 6446c29f7935d76025ef67e8922d06a92ce96d4c Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Wed, 20 May 2026 09:22:34 -0700 Subject: [PATCH 3/4] chore(radar): update codegen output --- src/resources/radar/http/http.ts | 22 +++++++++++++++++++++ tests/api-resources/radar/http/http.test.ts | 1 + 2 files changed, 23 insertions(+) diff --git a/src/resources/radar/http/http.ts b/src/resources/radar/http/http.ts index ab2fc7f5de..6345b7b59b 100644 --- a/src/resources/radar/http/http.ts +++ b/src/resources/radar/http/http.ts @@ -830,6 +830,28 @@ export interface HTTPTimeseriesParams { */ browserFamily?: Array<'CHROME' | 'EDGE' | 'FIREFOX' | 'SAFARI'>; + /** + * Filters results by content type category. + */ + contentType?: Array< + | 'HTML' + | 'IMAGES' + | 'JSON' + | 'JAVASCRIPT' + | 'CSS' + | 'PLAIN_TEXT' + | 'FONTS' + | 'XML' + | 'YAML' + | 'VIDEO' + | 'AUDIO' + | 'MARKDOWN' + | 'DOCUMENTS' + | 'BINARY' + | 'SERIALIZATION' + | 'OTHER' + >; + /** * Filters results by continent. Specify a comma-separated list of alpha-2 codes. * Prefix with `-` to exclude continents from results. For example, `-EU,NA` diff --git a/tests/api-resources/radar/http/http.test.ts b/tests/api-resources/radar/http/http.test.ts index 75ee7e9102..de9bb0ea15 100644 --- a/tests/api-resources/radar/http/http.test.ts +++ b/tests/api-resources/radar/http/http.test.ts @@ -87,6 +87,7 @@ describe('resource http', () => { asn: ['string'], botClass: ['LIKELY_AUTOMATED'], browserFamily: ['CHROME'], + contentType: ['HTML'], continent: ['string'], dateEnd: ['2019-12-27T18:11:19.117Z'], dateRange: ['7d'], From 40ea4d5d065fb4e0bd9c2b335f5df24f8b8a5617 Mon Sep 17 00:00:00 2001 From: Vaishak Dinesh Date: Wed, 20 May 2026 09:22:34 -0700 Subject: [PATCH 4/4] chore(zero-trust): update codegen output --- .../access/applications/policies.ts | 40 +- .../identity-providers/identity-providers.ts | 683 ++++++++++++++++-- 2 files changed, 659 insertions(+), 64 deletions(-) diff --git a/src/resources/zero-trust/access/applications/policies.ts b/src/resources/zero-trust/access/applications/policies.ts index acfd72c6c8..9c771cdf4f 100644 --- a/src/resources/zero-trust/access/applications/policies.ts +++ b/src/resources/zero-trust/access/applications/policies.ts @@ -332,7 +332,8 @@ export type AccessRule = | AccessRule.AccessOIDCClaimRule | ServiceTokenRule | AccessRule.AccessLinkedAppTokenRule - | AccessRule.AccessUserRiskScoreRule; + | AccessRule.AccessUserRiskScoreRule + | AccessRule.AccessCloudflareAccountMemberRule; export namespace AccessRule { /** @@ -452,6 +453,23 @@ export namespace AccessRule { user_risk_score: Array<'low' | 'medium' | 'high' | 'unscored'>; } } + + /** + * Matches users who are members of a specific Cloudflare account. Requires a + * Cloudflare identity provider. + */ + export interface AccessCloudflareAccountMemberRule { + cloudflare_account_member: AccessCloudflareAccountMemberRule.CloudflareAccountMember; + } + + export namespace AccessCloudflareAccountMemberRule { + export interface CloudflareAccountMember { + /** + * Identifier. + */ + account_id?: string; + } + } } /** @@ -482,7 +500,8 @@ export type AccessRuleParam = | AccessRuleParam.AccessOIDCClaimRule | ServiceTokenRuleParam | AccessRuleParam.AccessLinkedAppTokenRule - | AccessRuleParam.AccessUserRiskScoreRule; + | AccessRuleParam.AccessUserRiskScoreRule + | AccessRuleParam.AccessCloudflareAccountMemberRule; export namespace AccessRuleParam { /** @@ -602,6 +621,23 @@ export namespace AccessRuleParam { user_risk_score: Array<'low' | 'medium' | 'high' | 'unscored'>; } } + + /** + * Matches users who are members of a specific Cloudflare account. Requires a + * Cloudflare identity provider. + */ + export interface AccessCloudflareAccountMemberRule { + cloudflare_account_member: AccessCloudflareAccountMemberRule.CloudflareAccountMember; + } + + export namespace AccessCloudflareAccountMemberRule { + export interface CloudflareAccountMember { + /** + * Identifier. + */ + account_id?: string; + } + } } /** diff --git a/src/resources/zero-trust/identity-providers/identity-providers.ts b/src/resources/zero-trust/identity-providers/identity-providers.ts index 33253718a6..247b347509 100644 --- a/src/resources/zero-trust/identity-providers/identity-providers.ts +++ b/src/resources/zero-trust/identity-providers/identity-providers.ts @@ -562,7 +562,8 @@ export type IdentityProvider = | IdentityProvider.AccessPingone | IdentityProvider.AccessSAML | IdentityProvider.AccessYandex - | IdentityProvider.AccessOnetimepin; + | IdentityProvider.AccessOnetimepin + | IdentityProvider.AccessCloudflare; export namespace IdentityProvider { export interface AccessCentrify { @@ -2340,6 +2341,133 @@ export namespace IdentityProvider { } } } + + export interface AccessCloudflare { + /** + * The configuration parameters for the identity provider. To view the required + * parameters for a specific provider, refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + config: AccessCloudflare.Config; + + /** + * The name of the identity provider, shown to users on the login page. + */ + name: string; + + /** + * The type of identity provider. To determine the value for a specific provider, + * refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + type: IdentityProvidersAPI.IdentityProviderType; + + /** + * UUID. + */ + id?: string; + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessCloudflare.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + + /** + * The configuration settings for enabling a System for Cross-Domain Identity + * Management (SCIM) with the identity provider. + */ + scim_config?: IdentityProvidersAPI.IdentityProviderSCIMConfig; + } + + export namespace AccessCloudflare { + /** + * The configuration parameters for the identity provider. To view the required + * parameters for a specific provider, refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + export interface Config { + redirect_url?: string; + + /** + * When enabled, only users who are members of your Cloudflare account can + * authenticate through this identity provider. When disabled, any user with a + * Cloudflare account can authenticate, subject to your Access policies. + */ + restrict_to_account_members?: boolean; + } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } + } } export type IdentityProviderParam = @@ -2356,7 +2484,8 @@ export type IdentityProviderParam = | IdentityProviderParam.AccessPingone | IdentityProviderParam.AccessSAML | IdentityProviderParam.AccessYandex - | IdentityProviderParam.AccessOnetimepin; + | IdentityProviderParam.AccessOnetimepin + | IdentityProviderParam.AccessCloudflare; export namespace IdentityProviderParam { export interface AccessCentrify { @@ -3162,6 +3291,57 @@ export namespace IdentityProviderParam { */ export interface Config {} } + + export interface AccessCloudflare { + /** + * The configuration parameters for the identity provider. To view the required + * parameters for a specific provider, refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + config: AccessCloudflare.Config; + + /** + * The name of the identity provider, shown to users on the login page. + */ + name: string; + + /** + * The type of identity provider. To determine the value for a specific provider, + * refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + type: IdentityProvidersAPI.IdentityProviderTypeParam; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + + /** + * The configuration settings for enabling a System for Cross-Domain Identity + * Management (SCIM) with the identity provider. + */ + scim_config?: IdentityProvidersAPI.IdentityProviderSCIMConfigParam; + } + + export namespace AccessCloudflare { + /** + * The configuration parameters for the identity provider. To view the required + * parameters for a specific provider, refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + export interface Config { + /** + * When enabled, only users who are members of your Cloudflare account can + * authenticate through this identity provider. When disabled, any user with a + * Cloudflare account can authenticate, subject to your Access policies. + */ + restrict_to_account_members?: boolean; + } + } } /** @@ -3265,7 +3445,8 @@ export type IdentityProviderType = | 'okta' | 'onelogin' | 'pingone' - | 'yandex'; + | 'yandex' + | 'cloudflare'; /** * The type of identity provider. To determine the value for a specific provider, @@ -3286,7 +3467,8 @@ export type IdentityProviderTypeParam = | 'okta' | 'onelogin' | 'pingone' - | 'yandex'; + | 'yandex' + | 'cloudflare'; export type IdentityProviderListResponse = | AzureAD @@ -3301,7 +3483,9 @@ export type IdentityProviderListResponse = | IdentityProviderListResponse.AccessOnelogin | IdentityProviderListResponse.AccessPingone | IdentityProviderListResponse.AccessSAML - | IdentityProviderListResponse.AccessYandex; + | IdentityProviderListResponse.AccessYandex + | IdentityProviderListResponse.AccessOnetimepin + | IdentityProviderListResponse.AccessCloudflare; export namespace IdentityProviderListResponse { export interface AccessCentrify { @@ -4959,109 +5143,357 @@ export namespace IdentityProviderListResponse { } } } -} - -export interface IdentityProviderDeleteResponse { - /** - * UUID. - */ - id?: string; -} - -export type IdentityProviderCreateParams = - | IdentityProviderCreateParams.AzureAD - | IdentityProviderCreateParams.AccessCentrify - | IdentityProviderCreateParams.AccessFacebook - | IdentityProviderCreateParams.AccessGitHub - | IdentityProviderCreateParams.AccessGoogle - | IdentityProviderCreateParams.AccessGoogleApps - | IdentityProviderCreateParams.AccessLinkedin - | IdentityProviderCreateParams.AccessOIDC - | IdentityProviderCreateParams.AccessOkta - | IdentityProviderCreateParams.AccessOnelogin - | IdentityProviderCreateParams.AccessPingone - | IdentityProviderCreateParams.AccessSAML - | IdentityProviderCreateParams.AccessYandex - | IdentityProviderCreateParams.AccessOnetimepin; -export declare namespace IdentityProviderCreateParams { - export interface AzureAD { + export interface AccessOnetimepin { /** - * Body param: The configuration parameters for the identity provider. To view the - * required parameters for a specific provider, refer to our + * The configuration parameters for the identity provider. To view the required + * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ - config: AzureAD.Config; + config: AccessOnetimepin.Config; /** - * Body param: The name of the identity provider, shown to users on the login page. + * The name of the identity provider, shown to users on the login page. */ name: string; /** - * Body param: The type of identity provider. To determine the value for a specific - * provider, refer to our + * The type of identity provider. To determine the value for a specific provider, + * refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ - type: IdentityProviderTypeParam; + type: IdentityProvidersAPI.IdentityProviderType; /** - * Path param: The Account ID to use for this endpoint. Mutually exclusive with the - * Zone ID. + * UUID. */ - account_id?: string; + id?: string; /** - * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the - * Account ID. + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. */ - zone_id?: string; + saml_certificate_set?: AccessOnetimepin.SAMLCertificateSet; /** - * Body param: The UID of the SAML encryption certificate set assigned to this - * Identity Provider. Only present for SAML identity providers with encryption - * configured. Create a certificate set via POST to + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to * `/identity_providers/{id}/saml_certificate`. */ saml_certificate_set_id?: string; /** - * Body param: The configuration settings for enabling a System for Cross-Domain - * Identity Management (SCIM) with the identity provider. + * The configuration settings for enabling a System for Cross-Domain Identity + * Management (SCIM) with the identity provider. */ - scim_config?: IdentityProviderSCIMConfigParam; + scim_config?: IdentityProvidersAPI.IdentityProviderSCIMConfig; } - export namespace AzureAD { + export namespace AccessOnetimepin { /** * The configuration parameters for the identity provider. To view the required * parameters for a specific provider, refer to our * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). */ export interface Config { + redirect_url?: string; + } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { /** - * Custom claims + * Timestamp when the certificate set was created */ - claims?: Array; + created_at: string; /** - * Your OAuth Client ID + * Unique identifier for the certificate set */ - client_id?: string; + uid: string; /** - * Your OAuth Client Secret + * Timestamp when the certificate set was last updated (e.g., during rotation) */ - client_secret?: string; + updated_at: string; /** - * Should Cloudflare try to load authentication contexts from your account + * The currently active certificate used for encrypting SAML assertions */ - conditional_access_enabled?: boolean; + current_certificate?: SAMLCertificateSet.CurrentCertificate; /** - * Your Azure directory uuid - */ + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } + } + + export interface AccessCloudflare { + /** + * The configuration parameters for the identity provider. To view the required + * parameters for a specific provider, refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + config: AccessCloudflare.Config; + + /** + * The name of the identity provider, shown to users on the login page. + */ + name: string; + + /** + * The type of identity provider. To determine the value for a specific provider, + * refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + type: IdentityProvidersAPI.IdentityProviderType; + + /** + * UUID. + */ + id?: string; + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + saml_certificate_set?: AccessCloudflare.SAMLCertificateSet; + + /** + * The UID of the SAML encryption certificate set assigned to this Identity + * Provider. Only present for SAML identity providers with encryption configured. + * Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + + /** + * The configuration settings for enabling a System for Cross-Domain Identity + * Management (SCIM) with the identity provider. + */ + scim_config?: IdentityProvidersAPI.IdentityProviderSCIMConfig; + } + + export namespace AccessCloudflare { + /** + * The configuration parameters for the identity provider. To view the required + * parameters for a specific provider, refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + export interface Config { + redirect_url?: string; + + /** + * When enabled, only users who are members of your Cloudflare account can + * authenticate through this identity provider. When disabled, any user with a + * Cloudflare account can authenticate, subject to your Access policies. + */ + restrict_to_account_members?: boolean; + } + + /** + * The SAML encryption certificate set details, including current and previous + * certificates. Only present for SAML identity providers with a certificate set + * assigned. + */ + export interface SAMLCertificateSet { + /** + * Timestamp when the certificate set was created + */ + created_at: string; + + /** + * Unique identifier for the certificate set + */ + uid: string; + + /** + * Timestamp when the certificate set was last updated (e.g., during rotation) + */ + updated_at: string; + + /** + * The currently active certificate used for encrypting SAML assertions + */ + current_certificate?: SAMLCertificateSet.CurrentCertificate; + + /** + * The previous certificate, maintained during rotation to ensure continuity. Null + * if no rotation has occurred. Mirrors the structure of `saml_certificate`. + */ + previous_certificate?: unknown | null; + } + + export namespace SAMLCertificateSet { + /** + * The currently active certificate used for encrypting SAML assertions + */ + export interface CurrentCertificate { + /** + * Indicates whether this is the currently active certificate + */ + is_current: boolean; + + /** + * Certificate expiration date. Certificates are automatically rotated 30 days + * before expiration. + */ + not_after: string; + + /** + * PEM-encoded X.509 certificate containing the public key. Configure this + * certificate in your external SAML Identity Provider to enable encryption. + */ + public_certificate: string; + + /** + * Unique identifier for the certificate + */ + uid: string; + } + } + } +} + +export interface IdentityProviderDeleteResponse { + /** + * UUID. + */ + id?: string; +} + +export type IdentityProviderCreateParams = + | IdentityProviderCreateParams.AzureAD + | IdentityProviderCreateParams.AccessCentrify + | IdentityProviderCreateParams.AccessFacebook + | IdentityProviderCreateParams.AccessGitHub + | IdentityProviderCreateParams.AccessGoogle + | IdentityProviderCreateParams.AccessGoogleApps + | IdentityProviderCreateParams.AccessLinkedin + | IdentityProviderCreateParams.AccessOIDC + | IdentityProviderCreateParams.AccessOkta + | IdentityProviderCreateParams.AccessOnelogin + | IdentityProviderCreateParams.AccessPingone + | IdentityProviderCreateParams.AccessSAML + | IdentityProviderCreateParams.AccessYandex + | IdentityProviderCreateParams.AccessOnetimepin + | IdentityProviderCreateParams.AccessCloudflare; + +export declare namespace IdentityProviderCreateParams { + export interface AzureAD { + /** + * Body param: The configuration parameters for the identity provider. To view the + * required parameters for a specific provider, refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + config: AzureAD.Config; + + /** + * Body param: The name of the identity provider, shown to users on the login page. + */ + name: string; + + /** + * Body param: The type of identity provider. To determine the value for a specific + * provider, refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + type: IdentityProviderTypeParam; + + /** + * Path param: The Account ID to use for this endpoint. Mutually exclusive with the + * Zone ID. + */ + account_id?: string; + + /** + * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the + * Account ID. + */ + zone_id?: string; + + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + + /** + * Body param: The configuration settings for enabling a System for Cross-Domain + * Identity Management (SCIM) with the identity provider. + */ + scim_config?: IdentityProviderSCIMConfigParam; + } + + export namespace AzureAD { + /** + * The configuration parameters for the identity provider. To view the required + * parameters for a specific provider, refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + export interface Config { + /** + * Custom claims + */ + claims?: Array; + + /** + * Your OAuth Client ID + */ + client_id?: string; + + /** + * Your OAuth Client Secret + */ + client_secret?: string; + + /** + * Should Cloudflare try to load authentication contexts from your account + */ + conditional_access_enabled?: boolean; + + /** + * Your Azure directory uuid + */ directory_id?: string; /** @@ -6047,6 +6479,69 @@ export declare namespace IdentityProviderCreateParams { */ export interface Config {} } + + export interface AccessCloudflare { + /** + * Body param: The configuration parameters for the identity provider. To view the + * required parameters for a specific provider, refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + config: AccessCloudflare.Config; + + /** + * Body param: The name of the identity provider, shown to users on the login page. + */ + name: string; + + /** + * Body param: The type of identity provider. To determine the value for a specific + * provider, refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + type: IdentityProviderTypeParam; + + /** + * Path param: The Account ID to use for this endpoint. Mutually exclusive with the + * Zone ID. + */ + account_id?: string; + + /** + * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the + * Account ID. + */ + zone_id?: string; + + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + + /** + * Body param: The configuration settings for enabling a System for Cross-Domain + * Identity Management (SCIM) with the identity provider. + */ + scim_config?: IdentityProviderSCIMConfigParam; + } + + export namespace AccessCloudflare { + /** + * The configuration parameters for the identity provider. To view the required + * parameters for a specific provider, refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + export interface Config { + /** + * When enabled, only users who are members of your Cloudflare account can + * authenticate through this identity provider. When disabled, any user with a + * Cloudflare account can authenticate, subject to your Access policies. + */ + restrict_to_account_members?: boolean; + } + } } export type IdentityProviderUpdateParams = @@ -6063,7 +6558,8 @@ export type IdentityProviderUpdateParams = | IdentityProviderUpdateParams.AccessPingone | IdentityProviderUpdateParams.AccessSAML | IdentityProviderUpdateParams.AccessYandex - | IdentityProviderUpdateParams.AccessOnetimepin; + | IdentityProviderUpdateParams.AccessOnetimepin + | IdentityProviderUpdateParams.AccessCloudflare; export declare namespace IdentityProviderUpdateParams { export interface AzureAD { @@ -7128,6 +7624,69 @@ export declare namespace IdentityProviderUpdateParams { */ export interface Config {} } + + export interface AccessCloudflare { + /** + * Body param: The configuration parameters for the identity provider. To view the + * required parameters for a specific provider, refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + config: AccessCloudflare.Config; + + /** + * Body param: The name of the identity provider, shown to users on the login page. + */ + name: string; + + /** + * Body param: The type of identity provider. To determine the value for a specific + * provider, refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + type: IdentityProviderTypeParam; + + /** + * Path param: The Account ID to use for this endpoint. Mutually exclusive with the + * Zone ID. + */ + account_id?: string; + + /** + * Path param: The Zone ID to use for this endpoint. Mutually exclusive with the + * Account ID. + */ + zone_id?: string; + + /** + * Body param: The UID of the SAML encryption certificate set assigned to this + * Identity Provider. Only present for SAML identity providers with encryption + * configured. Create a certificate set via POST to + * `/identity_providers/{id}/saml_certificate`. + */ + saml_certificate_set_id?: string; + + /** + * Body param: The configuration settings for enabling a System for Cross-Domain + * Identity Management (SCIM) with the identity provider. + */ + scim_config?: IdentityProviderSCIMConfigParam; + } + + export namespace AccessCloudflare { + /** + * The configuration parameters for the identity provider. To view the required + * parameters for a specific provider, refer to our + * [developer documentation](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration/). + */ + export interface Config { + /** + * When enabled, only users who are members of your Cloudflare account can + * authenticate through this identity provider. When disabled, any user with a + * Cloudflare account can authenticate, subject to your Access policies. + */ + restrict_to_account_members?: boolean; + } + } } export interface IdentityProviderListParams extends V4PagePaginationArrayParams {