diff --git a/.pulumi-java-gen.version b/.pulumi-java-gen.version index 47d04a52..3f46c4d1 100644 --- a/.pulumi-java-gen.version +++ b/.pulumi-java-gen.version @@ -1 +1 @@ -0.18.0 \ No newline at end of file +0.19.0 \ No newline at end of file diff --git a/provider/cmd/pulumi-resource-cloudflare/bridge-metadata.json b/provider/cmd/pulumi-resource-cloudflare/bridge-metadata.json index 358f0a14..d4170e1f 100644 --- a/provider/cmd/pulumi-resource-cloudflare/bridge-metadata.json +++ b/provider/cmd/pulumi-resource-cloudflare/bridge-metadata.json @@ -27,6 +27,9 @@ "custom_pages": { "maxItemsOne": false }, + "destinations": { + "maxItemsOne": false + }, "footer_links": { "maxItemsOne": false }, @@ -1216,6 +1219,14 @@ "current": "cloudflare:index/keylessCertificate:KeylessCertificate", "majorVersion": 5 }, + "cloudflare_leaked_credential_check": { + "current": "cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck", + "majorVersion": 5 + }, + "cloudflare_leaked_credential_check_rule": { + "current": "cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule", + "majorVersion": 5 + }, "cloudflare_list": { "current": "cloudflare:index/list:List", "majorVersion": 5, @@ -2090,6 +2101,24 @@ } } }, + "cloudflare_snippet": { + "current": "cloudflare:index/snippet:Snippet", + "majorVersion": 5, + "fields": { + "files": { + "maxItemsOne": false + } + } + }, + "cloudflare_snippet_rules": { + "current": "cloudflare:index/snippetRules:SnippetRules", + "majorVersion": 5, + "fields": { + "rules": { + "maxItemsOne": false + } + } + }, "cloudflare_spectrum_application": { "current": "cloudflare:index/spectrumApplication:SpectrumApplication", "majorVersion": 5, @@ -2633,6 +2662,9 @@ "custom_pages": { "maxItemsOne": false }, + "destinations": { + "maxItemsOne": false + }, "footer_links": { "maxItemsOne": false }, @@ -4458,6 +4490,8 @@ "cloudflare:index/infrastructureAccessTarget:InfrastructureAccessTarget": 1, "cloudflare:index/ipsecTunnel:IpsecTunnel": 0, "cloudflare:index/keylessCertificate:KeylessCertificate": 0, + "cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck": 1, + "cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule": 1, "cloudflare:index/list:List": 1, "cloudflare:index/listItem:ListItem": 1, "cloudflare:index/loadBalancer:LoadBalancer": 0, @@ -4487,6 +4521,8 @@ "cloudflare:index/regionalTieredCache:RegionalTieredCache": 0, "cloudflare:index/riskBehavior:RiskBehavior": 1, "cloudflare:index/ruleset:Ruleset": 1, + "cloudflare:index/snippet:Snippet": 1, + "cloudflare:index/snippetRules:SnippetRules": 1, "cloudflare:index/spectrumApplication:SpectrumApplication": 0, "cloudflare:index/splitTunnel:SplitTunnel": 0, "cloudflare:index/staticRoute:StaticRoute": 0, diff --git a/provider/cmd/pulumi-resource-cloudflare/schema.json b/provider/cmd/pulumi-resource-cloudflare/schema.json index bf7f1999..0a526b19 100644 --- a/provider/cmd/pulumi-resource-cloudflare/schema.json +++ b/provider/cmd/pulumi-resource-cloudflare/schema.json @@ -177,6 +177,22 @@ }, "type": "object" }, + "cloudflare:index/AccessApplicationDestination:AccessApplicationDestination": { + "properties": { + "type": { + "type": "string", + "description": "The destination type. Available values: `public`, `private`. Defaults to `public`.\n" + }, + "uri": { + "type": "string", + "description": "The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.\n" + } + }, + "type": "object", + "required": [ + "uri" + ] + }, "cloudflare:index/AccessApplicationFooterLink:AccessApplicationFooterLink": { "properties": { "name": { @@ -1553,23 +1569,29 @@ "cloudflare:index/AccessIdentityProviderScimConfig:AccessIdentityProviderScimConfig": { "properties": { "enabled": { - "type": "boolean" + "type": "boolean", + "description": "A flag to enable or disable SCIM for the identity provider.\n" }, "groupMemberDeprovision": { - "type": "boolean" + "type": "boolean", + "description": "Deprecated. Use `identity_update_behavior`.\n" }, "identityUpdateBehavior": { - "type": "string" + "type": "string", + "description": "Indicates how a SCIM event updates a user identity used for policy evaluation. Use \"automatic\" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use \"reauth\" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With \"reauth\" identities will not contain fields from the SCIM user resource. With \"no_action\" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.\n" }, "seatDeprovision": { - "type": "boolean" + "type": "boolean", + "description": "A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.\n" }, "secret": { "type": "string", + "description": "A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.\n", "secret": true }, "userDeprovision": { - "type": "boolean" + "type": "boolean", + "description": "A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.\n" } }, "type": "object", @@ -1676,6 +1698,10 @@ }, "cloudflare:index/AccessPolicyConnectionRulesSsh:AccessPolicyConnectionRulesSsh": { "properties": { + "allowEmailAlias": { + "type": "boolean", + "description": "Allows connecting to Unix username that matches the authenticating email prefix.\n" + }, "usernames": { "type": "array", "items": { @@ -4282,7 +4308,7 @@ "items": { "type": "string" }, - "description": "Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.\n" + "description": "Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.\n" }, "airportCodes": { "type": "array", @@ -5601,10 +5627,6 @@ "type": "string", "description": "Unique rule identifier.\n" }, - "lastUpdated": { - "type": "string", - "description": "The most recent update to this rule.\n" - }, "logging": { "$ref": "#/types/cloudflare:index/RulesetRuleLogging:RulesetRuleLogging", "description": "List parameters to configure how the rule generates logs. Only valid for skip action.\n" @@ -5616,10 +5638,6 @@ "ref": { "type": "string", "description": "Rule reference.\n" - }, - "version": { - "type": "string", - "description": "Version of the ruleset to deploy.\n" } }, "type": "object", @@ -5633,9 +5651,7 @@ "enabled", "expression", "id", - "lastUpdated", - "ref", - "version" + "ref" ] } } @@ -5888,20 +5904,9 @@ "uri": { "$ref": "#/types/cloudflare:index/RulesetRuleActionParametersUri:RulesetRuleActionParametersUri", "description": "List of URI properties to configure for the ruleset rule when performing URL rewrite transformations.\n" - }, - "version": { - "type": "string", - "description": "Version of the ruleset to deploy.\n" } }, - "type": "object", - "language": { - "nodejs": { - "requiredOutputs": [ - "version" - ] - } - } + "type": "object" }, "cloudflare:index/RulesetRuleActionParametersAlgorithm:RulesetRuleActionParametersAlgorithm": { "properties": { @@ -6475,6 +6480,47 @@ } } }, + "cloudflare:index/SnippetFile:SnippetFile": { + "properties": { + "content": { + "type": "string", + "description": "Content of the snippet file.\n" + }, + "name": { + "type": "string", + "description": "Name of the snippet file.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "cloudflare:index/SnippetRulesRule:SnippetRulesRule": { + "properties": { + "description": { + "type": "string", + "description": "Brief summary of the snippet rule and its intended use.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the headers rule is active.\n" + }, + "expression": { + "type": "string", + "description": "Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters.\n" + }, + "snippetName": { + "type": "string", + "description": "Name of the snippet invoked by this rule.\n" + } + }, + "type": "object", + "required": [ + "expression", + "snippetName" + ] + }, "cloudflare:index/SpectrumApplicationDns:SpectrumApplicationDns": { "properties": { "name": { @@ -7978,6 +8024,22 @@ }, "type": "object" }, + "cloudflare:index/ZeroTrustAccessApplicationDestination:ZeroTrustAccessApplicationDestination": { + "properties": { + "type": { + "type": "string", + "description": "The destination type. Available values: `public`, `private`. Defaults to `public`.\n" + }, + "uri": { + "type": "string", + "description": "The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.\n" + } + }, + "type": "object", + "required": [ + "uri" + ] + }, "cloudflare:index/ZeroTrustAccessApplicationFooterLink:ZeroTrustAccessApplicationFooterLink": { "properties": { "name": { @@ -9363,23 +9425,29 @@ "cloudflare:index/ZeroTrustAccessIdentityProviderScimConfig:ZeroTrustAccessIdentityProviderScimConfig": { "properties": { "enabled": { - "type": "boolean" + "type": "boolean", + "description": "A flag to enable or disable SCIM for the identity provider.\n" }, "groupMemberDeprovision": { - "type": "boolean" + "type": "boolean", + "description": "Deprecated. Use `identity_update_behavior`.\n" }, "identityUpdateBehavior": { - "type": "string" + "type": "string", + "description": "Indicates how a SCIM event updates a user identity used for policy evaluation. Use \"automatic\" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use \"reauth\" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With \"reauth\" identities will not contain fields from the SCIM user resource. With \"no_action\" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.\n" }, "seatDeprovision": { - "type": "boolean" + "type": "boolean", + "description": "A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled.\n" }, "secret": { "type": "string", + "description": "A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.\n", "secret": true }, "userDeprovision": { - "type": "boolean" + "type": "boolean", + "description": "A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.\n" } }, "type": "object", @@ -9486,6 +9554,10 @@ }, "cloudflare:index/ZeroTrustAccessPolicyConnectionRulesSsh:ZeroTrustAccessPolicyConnectionRulesSsh": { "properties": { + "allowEmailAlias": { + "type": "boolean", + "description": "Allows connecting to Unix username that matches the authenticating email prefix.\n" + }, "usernames": { "type": "array", "items": { @@ -14331,10 +14403,21 @@ }, "description": "The custom pages selected for the application.\n" }, + "destinations": { + "type": "array", + "items": { + "$ref": "#/types/cloudflare:index/AccessApplicationDestination:AccessApplicationDestination" + }, + "description": "A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.\n" + }, "domain": { "type": "string", "description": "The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.\n" }, + "domainType": { + "type": "string", + "description": "The type of the primary domain. Available values: `public`, `private`.\n" + }, "enableBindingCookie": { "type": "boolean", "description": "Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional \"binding\" cookie on requests. Defaults to `false`.\n" @@ -14394,7 +14477,8 @@ "items": { "type": "string" }, - "description": "List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.\n" + "description": "List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.\n", + "deprecationMessage": "Use `destinations` instead" }, "serviceAuth401Redirect": { "type": "boolean", @@ -14439,6 +14523,7 @@ "accountId", "aud", "domain", + "domainType", "name", "zoneId" ], @@ -14500,10 +14585,21 @@ }, "description": "The custom pages selected for the application.\n" }, + "destinations": { + "type": "array", + "items": { + "$ref": "#/types/cloudflare:index/AccessApplicationDestination:AccessApplicationDestination" + }, + "description": "A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.\n" + }, "domain": { "type": "string", "description": "The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.\n" }, + "domainType": { + "type": "string", + "description": "The type of the primary domain. Available values: `public`, `private`.\n" + }, "enableBindingCookie": { "type": "boolean", "description": "Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional \"binding\" cookie on requests. Defaults to `false`.\n" @@ -14563,7 +14659,8 @@ "items": { "type": "string" }, - "description": "List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.\n" + "description": "List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.\n", + "deprecationMessage": "Use `destinations` instead" }, "serviceAuth401Redirect": { "type": "boolean", @@ -14668,10 +14765,21 @@ }, "description": "The custom pages selected for the application.\n" }, + "destinations": { + "type": "array", + "items": { + "$ref": "#/types/cloudflare:index/AccessApplicationDestination:AccessApplicationDestination" + }, + "description": "A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.\n" + }, "domain": { "type": "string", "description": "The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.\n" }, + "domainType": { + "type": "string", + "description": "The type of the primary domain. Available values: `public`, `private`.\n" + }, "enableBindingCookie": { "type": "boolean", "description": "Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional \"binding\" cookie on requests. Defaults to `false`.\n" @@ -14731,7 +14839,8 @@ "items": { "type": "string" }, - "description": "List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.\n" + "description": "List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.\n", + "deprecationMessage": "Use `destinations` instead" }, "serviceAuth401Redirect": { "type": "boolean", @@ -20811,6 +20920,110 @@ "type": "object" } }, + "cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck": { + "description": "Provides a Cloudflare Leaked Credential Check resource to be used for managing the status of the Cloudflare Leaked Credential detection within a specific zone.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cloudflare from \"@pulumi/cloudflare\";\n\n// Enable the Leaked Credentials Check detection\nconst example = new cloudflare.LeakedCredentialCheck(\"example\", {\n zoneId: \"399c6f4950c01a5a141b99ff7fbcbd8b\",\n enabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_cloudflare as cloudflare\n\n# Enable the Leaked Credentials Check detection\nexample = cloudflare.LeakedCredentialCheck(\"example\",\n zone_id=\"399c6f4950c01a5a141b99ff7fbcbd8b\",\n enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cloudflare = Pulumi.Cloudflare;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Enable the Leaked Credentials Check detection\n var example = new Cloudflare.LeakedCredentialCheck(\"example\", new()\n {\n ZoneId = \"399c6f4950c01a5a141b99ff7fbcbd8b\",\n Enabled = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Enable the Leaked Credentials Check detection\n\t\t_, err := cloudflare.NewLeakedCredentialCheck(ctx, \"example\", \u0026cloudflare.LeakedCredentialCheckArgs{\n\t\t\tZoneId: pulumi.String(\"399c6f4950c01a5a141b99ff7fbcbd8b\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cloudflare.LeakedCredentialCheck;\nimport com.pulumi.cloudflare.LeakedCredentialCheckArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Enable the Leaked Credentials Check detection\n var example = new LeakedCredentialCheck(\"example\", LeakedCredentialCheckArgs.builder()\n .zoneId(\"399c6f4950c01a5a141b99ff7fbcbd8b\")\n .enabled(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Enable the Leaked Credentials Check detection\n example:\n type: cloudflare:LeakedCredentialCheck\n properties:\n zoneId: 399c6f4950c01a5a141b99ff7fbcbd8b\n enabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n```sh\n$ pulumi import cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck example \u003czone_id\u003e\n```\n\n", + "properties": { + "enabled": { + "type": "boolean", + "description": "State of the Leaked Credential Check detection\n" + }, + "zoneId": { + "type": "string", + "description": "The zone identifier to target for the resource.\n" + } + }, + "required": [ + "enabled", + "zoneId" + ], + "inputProperties": { + "enabled": { + "type": "boolean", + "description": "State of the Leaked Credential Check detection\n" + }, + "zoneId": { + "type": "string", + "description": "The zone identifier to target for the resource.\n" + } + }, + "requiredInputs": [ + "enabled", + "zoneId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LeakedCredentialCheck resources.\n", + "properties": { + "enabled": { + "type": "boolean", + "description": "State of the Leaked Credential Check detection\n" + }, + "zoneId": { + "type": "string", + "description": "The zone identifier to target for the resource.\n" + } + }, + "type": "object" + } + }, + "cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule": { + "description": "Provides a Cloudflare Leaked Credential Check Rule resource for managing user-defined Leaked Credential detection patterns within a specific zone.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cloudflare from \"@pulumi/cloudflare\";\n\n// Enable the Leaked Credentials Check detection before trying\n// to add detections.\nconst example = new cloudflare.LeakedCredentialCheck(\"example\", {\n zoneId: \"399c6f4950c01a5a141b99ff7fbcbd8b\",\n enabled: true,\n});\nconst exampleLeakedCredentialCheckRule = new cloudflare.LeakedCredentialCheckRule(\"example\", {\n zoneId: example.zoneId,\n username: \"lookup_json_string(http.request.body.raw, \\\"user\\\")\",\n password: \"lookup_json_string(http.request.body.raw, \\\"pass\\\")\",\n});\n```\n```python\nimport pulumi\nimport pulumi_cloudflare as cloudflare\n\n# Enable the Leaked Credentials Check detection before trying\n# to add detections.\nexample = cloudflare.LeakedCredentialCheck(\"example\",\n zone_id=\"399c6f4950c01a5a141b99ff7fbcbd8b\",\n enabled=True)\nexample_leaked_credential_check_rule = cloudflare.LeakedCredentialCheckRule(\"example\",\n zone_id=example.zone_id,\n username=\"lookup_json_string(http.request.body.raw, \\\"user\\\")\",\n password=\"lookup_json_string(http.request.body.raw, \\\"pass\\\")\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cloudflare = Pulumi.Cloudflare;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Enable the Leaked Credentials Check detection before trying\n // to add detections.\n var example = new Cloudflare.LeakedCredentialCheck(\"example\", new()\n {\n ZoneId = \"399c6f4950c01a5a141b99ff7fbcbd8b\",\n Enabled = true,\n });\n\n var exampleLeakedCredentialCheckRule = new Cloudflare.LeakedCredentialCheckRule(\"example\", new()\n {\n ZoneId = example.ZoneId,\n Username = \"lookup_json_string(http.request.body.raw, \\\"user\\\")\",\n Password = \"lookup_json_string(http.request.body.raw, \\\"pass\\\")\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Enable the Leaked Credentials Check detection before trying\n\t\t// to add detections.\n\t\texample, err := cloudflare.NewLeakedCredentialCheck(ctx, \"example\", \u0026cloudflare.LeakedCredentialCheckArgs{\n\t\t\tZoneId: pulumi.String(\"399c6f4950c01a5a141b99ff7fbcbd8b\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudflare.NewLeakedCredentialCheckRule(ctx, \"example\", \u0026cloudflare.LeakedCredentialCheckRuleArgs{\n\t\t\tZoneId: example.ZoneId,\n\t\t\tUsername: pulumi.String(\"lookup_json_string(http.request.body.raw, \\\"user\\\")\"),\n\t\t\tPassword: pulumi.String(\"lookup_json_string(http.request.body.raw, \\\"pass\\\")\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cloudflare.LeakedCredentialCheck;\nimport com.pulumi.cloudflare.LeakedCredentialCheckArgs;\nimport com.pulumi.cloudflare.LeakedCredentialCheckRule;\nimport com.pulumi.cloudflare.LeakedCredentialCheckRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Enable the Leaked Credentials Check detection before trying\n // to add detections.\n var example = new LeakedCredentialCheck(\"example\", LeakedCredentialCheckArgs.builder()\n .zoneId(\"399c6f4950c01a5a141b99ff7fbcbd8b\")\n .enabled(true)\n .build());\n\n var exampleLeakedCredentialCheckRule = new LeakedCredentialCheckRule(\"exampleLeakedCredentialCheckRule\", LeakedCredentialCheckRuleArgs.builder()\n .zoneId(example.zoneId())\n .username(\"lookup_json_string(http.request.body.raw, \\\"user\\\")\")\n .password(\"lookup_json_string(http.request.body.raw, \\\"pass\\\")\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Enable the Leaked Credentials Check detection before trying\n # to add detections.\n example:\n type: cloudflare:LeakedCredentialCheck\n properties:\n zoneId: 399c6f4950c01a5a141b99ff7fbcbd8b\n enabled: true\n exampleLeakedCredentialCheckRule:\n type: cloudflare:LeakedCredentialCheckRule\n name: example\n properties:\n zoneId: ${example.zoneId}\n username: lookup_json_string(http.request.body.raw, \"user\")\n password: lookup_json_string(http.request.body.raw, \"pass\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n```sh\n$ pulumi import cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule example \u003czone_id\u003e/\u003cresource_id\u003e\n```\n\n", + "properties": { + "password": { + "type": "string", + "description": "The ruleset expression to use in matching the password in a request\n" + }, + "username": { + "type": "string", + "description": "The ruleset expression to use in matching the username in a request.\n" + }, + "zoneId": { + "type": "string", + "description": "The zone identifier to target for the resource.\n" + } + }, + "required": [ + "password", + "username", + "zoneId" + ], + "inputProperties": { + "password": { + "type": "string", + "description": "The ruleset expression to use in matching the password in a request\n" + }, + "username": { + "type": "string", + "description": "The ruleset expression to use in matching the username in a request.\n" + }, + "zoneId": { + "type": "string", + "description": "The zone identifier to target for the resource.\n" + } + }, + "requiredInputs": [ + "password", + "username", + "zoneId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LeakedCredentialCheckRule resources.\n", + "properties": { + "password": { + "type": "string", + "description": "The ruleset expression to use in matching the password in a request\n" + }, + "username": { + "type": "string", + "description": "The ruleset expression to use in matching the username in a request.\n" + }, + "zoneId": { + "type": "string", + "description": "The zone identifier to target for the resource.\n" + } + }, + "type": "object" + } + }, "cloudflare:index/list:List": { "description": "## Example Usage\n\n## Import\n\n```sh\n$ pulumi import cloudflare:index/list:List example \u003caccount_id\u003e/\u003clist_id\u003e\n```\n\n", "properties": { @@ -24561,6 +24774,136 @@ "type": "object" } }, + "cloudflare:index/snippet:Snippet": { + "properties": { + "files": { + "type": "array", + "items": { + "$ref": "#/types/cloudflare:index/SnippetFile:SnippetFile" + }, + "description": "List of Snippet Files\n" + }, + "mainModule": { + "type": "string", + "description": "Main module file name of the snippet.\n" + }, + "name": { + "type": "string", + "description": "Name of the snippet.\n" + }, + "zoneId": { + "type": "string", + "description": "The zone identifier to target for the resource.\n" + } + }, + "required": [ + "mainModule", + "name", + "zoneId" + ], + "inputProperties": { + "files": { + "type": "array", + "items": { + "$ref": "#/types/cloudflare:index/SnippetFile:SnippetFile" + }, + "description": "List of Snippet Files\n" + }, + "mainModule": { + "type": "string", + "description": "Main module file name of the snippet.\n" + }, + "name": { + "type": "string", + "description": "Name of the snippet.\n" + }, + "zoneId": { + "type": "string", + "description": "The zone identifier to target for the resource.\n" + } + }, + "requiredInputs": [ + "mainModule", + "name", + "zoneId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Snippet resources.\n", + "properties": { + "files": { + "type": "array", + "items": { + "$ref": "#/types/cloudflare:index/SnippetFile:SnippetFile" + }, + "description": "List of Snippet Files\n" + }, + "mainModule": { + "type": "string", + "description": "Main module file name of the snippet.\n" + }, + "name": { + "type": "string", + "description": "Name of the snippet.\n" + }, + "zoneId": { + "type": "string", + "description": "The zone identifier to target for the resource.\n" + } + }, + "type": "object" + } + }, + "cloudflare:index/snippetRules:SnippetRules": { + "properties": { + "rules": { + "type": "array", + "items": { + "$ref": "#/types/cloudflare:index/SnippetRulesRule:SnippetRulesRule" + }, + "description": "List of Snippet Rules\n" + }, + "zoneId": { + "type": "string", + "description": "The zone identifier to target for the resource.\n" + } + }, + "required": [ + "zoneId" + ], + "inputProperties": { + "rules": { + "type": "array", + "items": { + "$ref": "#/types/cloudflare:index/SnippetRulesRule:SnippetRulesRule" + }, + "description": "List of Snippet Rules\n" + }, + "zoneId": { + "type": "string", + "description": "The zone identifier to target for the resource.\n" + } + }, + "requiredInputs": [ + "zoneId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SnippetRules resources.\n", + "properties": { + "rules": { + "type": "array", + "items": { + "$ref": "#/types/cloudflare:index/SnippetRulesRule:SnippetRulesRule" + }, + "description": "List of Snippet Rules\n" + }, + "zoneId": { + "type": "string", + "description": "The zone identifier to target for the resource.\n" + } + }, + "type": "object" + } + }, "cloudflare:index/spectrumApplication:SpectrumApplication": { "description": "Provides a Cloudflare Spectrum Application. You can extend the power\nof Cloudflare's DDoS, TLS, and IP Firewall to your other TCP-based\nservices.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as cloudflare from \"@pulumi/cloudflare\";\n\nconst example = new cloudflare.SpectrumApplication(\"example\", {\n zoneId: \"0da42c8d2132a9ddaf714f9e7c920711\",\n protocol: \"tcp/22\",\n trafficType: \"direct\",\n dns: {\n type: \"CNAME\",\n name: \"ssh.example.com\",\n },\n originDirects: [\"tcp://192.0.2.1:22\"],\n edgeIps: {\n type: \"static\",\n ips: [\n \"203.0.113.1\",\n \"203.0.113.2\",\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_cloudflare as cloudflare\n\nexample = cloudflare.SpectrumApplication(\"example\",\n zone_id=\"0da42c8d2132a9ddaf714f9e7c920711\",\n protocol=\"tcp/22\",\n traffic_type=\"direct\",\n dns={\n \"type\": \"CNAME\",\n \"name\": \"ssh.example.com\",\n },\n origin_directs=[\"tcp://192.0.2.1:22\"],\n edge_ips={\n \"type\": \"static\",\n \"ips\": [\n \"203.0.113.1\",\n \"203.0.113.2\",\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Cloudflare = Pulumi.Cloudflare;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Cloudflare.SpectrumApplication(\"example\", new()\n {\n ZoneId = \"0da42c8d2132a9ddaf714f9e7c920711\",\n Protocol = \"tcp/22\",\n TrafficType = \"direct\",\n Dns = new Cloudflare.Inputs.SpectrumApplicationDnsArgs\n {\n Type = \"CNAME\",\n Name = \"ssh.example.com\",\n },\n OriginDirects = new[]\n {\n \"tcp://192.0.2.1:22\",\n },\n EdgeIps = new Cloudflare.Inputs.SpectrumApplicationEdgeIpsArgs\n {\n Type = \"static\",\n Ips = new[]\n {\n \"203.0.113.1\",\n \"203.0.113.2\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudflare.NewSpectrumApplication(ctx, \"example\", \u0026cloudflare.SpectrumApplicationArgs{\n\t\t\tZoneId: pulumi.String(\"0da42c8d2132a9ddaf714f9e7c920711\"),\n\t\t\tProtocol: pulumi.String(\"tcp/22\"),\n\t\t\tTrafficType: pulumi.String(\"direct\"),\n\t\t\tDns: \u0026cloudflare.SpectrumApplicationDnsArgs{\n\t\t\t\tType: pulumi.String(\"CNAME\"),\n\t\t\t\tName: pulumi.String(\"ssh.example.com\"),\n\t\t\t},\n\t\t\tOriginDirects: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"tcp://192.0.2.1:22\"),\n\t\t\t},\n\t\t\tEdgeIps: \u0026cloudflare.SpectrumApplicationEdgeIpsArgs{\n\t\t\t\tType: pulumi.String(\"static\"),\n\t\t\t\tIps: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"203.0.113.1\"),\n\t\t\t\t\tpulumi.String(\"203.0.113.2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.cloudflare.SpectrumApplication;\nimport com.pulumi.cloudflare.SpectrumApplicationArgs;\nimport com.pulumi.cloudflare.inputs.SpectrumApplicationDnsArgs;\nimport com.pulumi.cloudflare.inputs.SpectrumApplicationEdgeIpsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SpectrumApplication(\"example\", SpectrumApplicationArgs.builder()\n .zoneId(\"0da42c8d2132a9ddaf714f9e7c920711\")\n .protocol(\"tcp/22\")\n .trafficType(\"direct\")\n .dns(SpectrumApplicationDnsArgs.builder()\n .type(\"CNAME\")\n .name(\"ssh.example.com\")\n .build())\n .originDirects(\"tcp://192.0.2.1:22\")\n .edgeIps(SpectrumApplicationEdgeIpsArgs.builder()\n .type(\"static\")\n .ips( \n \"203.0.113.1\",\n \"203.0.113.2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: cloudflare:SpectrumApplication\n properties:\n zoneId: 0da42c8d2132a9ddaf714f9e7c920711\n protocol: tcp/22\n trafficType: direct\n dns:\n type: CNAME\n name: ssh.example.com\n originDirects:\n - tcp://192.0.2.1:22\n edgeIps:\n type: static\n ips:\n - 203.0.113.1\n - 203.0.113.2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n```sh\n$ pulumi import cloudflare:index/spectrumApplication:SpectrumApplication example \u003czone_id\u003e/\u003cspectrum_application_id\u003e\n```\n\n", "properties": { @@ -28951,10 +29294,21 @@ }, "description": "The custom pages selected for the application.\n" }, + "destinations": { + "type": "array", + "items": { + "$ref": "#/types/cloudflare:index/ZeroTrustAccessApplicationDestination:ZeroTrustAccessApplicationDestination" + }, + "description": "A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.\n" + }, "domain": { "type": "string", "description": "The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.\n" }, + "domainType": { + "type": "string", + "description": "The type of the primary domain. Available values: `public`, `private`.\n" + }, "enableBindingCookie": { "type": "boolean", "description": "Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional \"binding\" cookie on requests. Defaults to `false`.\n" @@ -29014,7 +29368,8 @@ "items": { "type": "string" }, - "description": "List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.\n" + "description": "List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.\n", + "deprecationMessage": "Use `destinations` instead" }, "serviceAuth401Redirect": { "type": "boolean", @@ -29059,6 +29414,7 @@ "accountId", "aud", "domain", + "domainType", "name", "zoneId" ], @@ -29120,10 +29476,21 @@ }, "description": "The custom pages selected for the application.\n" }, + "destinations": { + "type": "array", + "items": { + "$ref": "#/types/cloudflare:index/ZeroTrustAccessApplicationDestination:ZeroTrustAccessApplicationDestination" + }, + "description": "A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.\n" + }, "domain": { "type": "string", "description": "The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.\n" }, + "domainType": { + "type": "string", + "description": "The type of the primary domain. Available values: `public`, `private`.\n" + }, "enableBindingCookie": { "type": "boolean", "description": "Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional \"binding\" cookie on requests. Defaults to `false`.\n" @@ -29183,7 +29550,8 @@ "items": { "type": "string" }, - "description": "List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.\n" + "description": "List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.\n", + "deprecationMessage": "Use `destinations` instead" }, "serviceAuth401Redirect": { "type": "boolean", @@ -29288,10 +29656,21 @@ }, "description": "The custom pages selected for the application.\n" }, + "destinations": { + "type": "array", + "items": { + "$ref": "#/types/cloudflare:index/ZeroTrustAccessApplicationDestination:ZeroTrustAccessApplicationDestination" + }, + "description": "A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.\n" + }, "domain": { "type": "string", "description": "The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.\n" }, + "domainType": { + "type": "string", + "description": "The type of the primary domain. Available values: `public`, `private`.\n" + }, "enableBindingCookie": { "type": "boolean", "description": "Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional \"binding\" cookie on requests. Defaults to `false`.\n" @@ -29351,7 +29730,8 @@ "items": { "type": "string" }, - "description": "List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.\n" + "description": "List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.\n", + "deprecationMessage": "Use `destinations` instead" }, "serviceAuth401Redirect": { "type": "boolean", diff --git a/provider/go.mod b/provider/go.mod index 13f903ce..5c168b79 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -66,7 +66,7 @@ require ( github.com/charmbracelet/lipgloss v0.7.1 // indirect github.com/cheggaaa/pb v1.0.29 // indirect github.com/cloudflare/circl v1.3.7 // indirect - github.com/cloudflare/cloudflare-go v0.110.0 // indirect + github.com/cloudflare/cloudflare-go v0.111.0 // indirect github.com/cloudflare/cloudflare-go/v2 v2.4.0 // indirect github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect @@ -138,6 +138,7 @@ require ( github.com/imdario/mergo v0.3.15 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect + github.com/jinzhu/copier v0.4.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect @@ -227,15 +228,15 @@ require ( go.uber.org/atomic v1.9.0 // indirect gocloud.dev v0.37.0 // indirect gocloud.dev/secrets/hashivault v0.37.0 // indirect - golang.org/x/crypto v0.29.0 // indirect + golang.org/x/crypto v0.30.0 // indirect golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 // indirect golang.org/x/mod v0.21.0 // indirect - golang.org/x/net v0.31.0 // indirect + golang.org/x/net v0.32.0 // indirect golang.org/x/oauth2 v0.22.0 // indirect - golang.org/x/sync v0.9.0 // indirect - golang.org/x/sys v0.27.0 // indirect - golang.org/x/term v0.26.0 // indirect - golang.org/x/text v0.20.0 // indirect + golang.org/x/sync v0.10.0 // indirect + golang.org/x/sys v0.28.0 // indirect + golang.org/x/term v0.27.0 // indirect + golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.8.0 // indirect golang.org/x/tools v0.22.0 // indirect golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect diff --git a/provider/go.sum b/provider/go.sum index 9a4fc411..84821ea5 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -1318,8 +1318,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= -github.com/cloudflare/cloudflare-go v0.110.0 h1:aBKKUXwRWqErd4rITsnCLESOacxxset/BcpdXn23900= -github.com/cloudflare/cloudflare-go v0.110.0/go.mod h1:2ZZ+EkmThmd6pkZ56UKGXWpz2wsjeqoTg93P4+VSmMg= +github.com/cloudflare/cloudflare-go v0.111.0 h1:bFgl5OyR7iaV9DkTaoI2jU8X4rXDzEaFDaPfMTp+Ewo= +github.com/cloudflare/cloudflare-go v0.111.0/go.mod h1:w5c4Vm00JjZM+W0mPi6QOC+eWLncGQPURtgDck3z5xU= github.com/cloudflare/cloudflare-go/v2 v2.4.0 h1:gys/26GoVDklgfq8NYV39WgvOEwzK/XAqYObmnI6iFg= github.com/cloudflare/cloudflare-go/v2 v2.4.0/go.mod h1:AoIzb05z/rvdJLztPct4tSa+3IqXJJ6c+pbUFMOlTr8= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= @@ -1758,6 +1758,8 @@ github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyX github.com/jhump/protoreflect v1.11.0/go.mod h1:U7aMIjN0NWq9swDP7xDdoMfRHb35uiuTd3Z9nFXJf5E= github.com/jhump/protoreflect v1.15.1 h1:HUMERORf3I3ZdX05WaQ6MIpd/NJ434hTp5YiKgfCL6c= github.com/jhump/protoreflect v1.15.1/go.mod h1:jD/2GMKKE6OqX8qTjhADU1e6DShO+gavG9e0Q693nKo= +github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8= +github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= @@ -2206,8 +2208,8 @@ golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= -golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= +golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= +golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2355,8 +2357,8 @@ golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= -golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= -golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= +golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= +golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2415,8 +2417,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= -golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2530,8 +2532,8 @@ golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= -golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -2552,8 +2554,8 @@ golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= -golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= +golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2575,8 +2577,8 @@ golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= -golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/provider/resources.go b/provider/resources.go index 7303af4a..bb888ec8 100644 --- a/provider/resources.go +++ b/provider/resources.go @@ -176,6 +176,24 @@ func Provider() info.Provider { "cloudflare_zero_trust_risk_score_integration": { Docs: &info.Doc{AllowMissing: true}, }, + + "cloudflare_leaked_credential_check": { + ComputeID: func(_ context.Context, state resource.PropertyMap) (resource.ID, error) { + return resource.ID(state["enabled"].String() + "_" + state["zoneId"].String()), nil + }, + }, + "cloudflare_snippet": { + Docs: &info.Doc{AllowMissing: true}, + ComputeID: func(context.Context, resource.PropertyMap) (resource.ID, error) { + return resource.ID("missing ID"), nil + }, + }, + "cloudflare_snippet_rules": { + Docs: &info.Doc{AllowMissing: true}, + ComputeID: func(context.Context, resource.PropertyMap) (resource.ID, error) { + return resource.ID("missing ID"), nil + }, + }, }, JavaScript: &tfbridge.JavaScriptInfo{ DevDependencies: map[string]string{ diff --git a/sdk/dotnet/AccessApplication.cs b/sdk/dotnet/AccessApplication.cs index dd7d7d33..01409a6e 100644 --- a/sdk/dotnet/AccessApplication.cs +++ b/sdk/dotnet/AccessApplication.cs @@ -107,12 +107,24 @@ public partial class AccessApplication : global::Pulumi.CustomResource [Output("customPages")] public Output> CustomPages { get; private set; } = null!; + /// + /// A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`. + /// + [Output("destinations")] + public Output> Destinations { get; private set; } = null!; + /// /// The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. /// [Output("domain")] public Output Domain { get; private set; } = null!; + /// + /// The type of the primary domain. Available values: `public`, `private`. + /// + [Output("domainType")] + public Output DomainType { get; private set; } = null!; + /// /// Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. /// @@ -186,7 +198,7 @@ public partial class AccessApplication : global::Pulumi.CustomResource public Output ScimConfig { get; private set; } = null!; /// - /// List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + /// List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. /// [Output("selfHostedDomains")] public Output> SelfHostedDomains { get; private set; } = null!; @@ -375,12 +387,30 @@ public InputList CustomPages set => _customPages = value; } + [Input("destinations")] + private InputList? _destinations; + + /// + /// A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`. + /// + public InputList Destinations + { + get => _destinations ?? (_destinations = new InputList()); + set => _destinations = value; + } + /// /// The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. /// [Input("domain")] public Input? Domain { get; set; } + /// + /// The type of the primary domain. Available values: `public`, `private`. + /// + [Input("domainType")] + public Input? DomainType { get; set; } + /// /// Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. /// @@ -469,8 +499,9 @@ public InputList Policies private InputList? _selfHostedDomains; /// - /// List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + /// List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. /// + [Obsolete(@"Use `destinations` instead")] public InputList SelfHostedDomains { get => _selfHostedDomains ?? (_selfHostedDomains = new InputList()); @@ -641,12 +672,30 @@ public InputList CustomPages set => _customPages = value; } + [Input("destinations")] + private InputList? _destinations; + + /// + /// A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`. + /// + public InputList Destinations + { + get => _destinations ?? (_destinations = new InputList()); + set => _destinations = value; + } + /// /// The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. /// [Input("domain")] public Input? Domain { get; set; } + /// + /// The type of the primary domain. Available values: `public`, `private`. + /// + [Input("domainType")] + public Input? DomainType { get; set; } + /// /// Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. /// @@ -735,8 +784,9 @@ public InputList Policies private InputList? _selfHostedDomains; /// - /// List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + /// List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. /// + [Obsolete(@"Use `destinations` instead")] public InputList SelfHostedDomains { get => _selfHostedDomains ?? (_selfHostedDomains = new InputList()); diff --git a/sdk/dotnet/Inputs/AccessApplicationDestinationArgs.cs b/sdk/dotnet/Inputs/AccessApplicationDestinationArgs.cs new file mode 100644 index 00000000..244a269d --- /dev/null +++ b/sdk/dotnet/Inputs/AccessApplicationDestinationArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Cloudflare.Inputs +{ + + public sealed class AccessApplicationDestinationArgs : global::Pulumi.ResourceArgs + { + /// + /// The destination type. Available values: `public`, `private`. Defaults to `public`. + /// + [Input("type")] + public Input? Type { get; set; } + + /// + /// The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges. + /// + [Input("uri", required: true)] + public Input Uri { get; set; } = null!; + + public AccessApplicationDestinationArgs() + { + } + public static new AccessApplicationDestinationArgs Empty => new AccessApplicationDestinationArgs(); + } +} diff --git a/sdk/dotnet/Inputs/AccessApplicationDestinationGetArgs.cs b/sdk/dotnet/Inputs/AccessApplicationDestinationGetArgs.cs new file mode 100644 index 00000000..171b9f96 --- /dev/null +++ b/sdk/dotnet/Inputs/AccessApplicationDestinationGetArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Cloudflare.Inputs +{ + + public sealed class AccessApplicationDestinationGetArgs : global::Pulumi.ResourceArgs + { + /// + /// The destination type. Available values: `public`, `private`. Defaults to `public`. + /// + [Input("type")] + public Input? Type { get; set; } + + /// + /// The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges. + /// + [Input("uri", required: true)] + public Input Uri { get; set; } = null!; + + public AccessApplicationDestinationGetArgs() + { + } + public static new AccessApplicationDestinationGetArgs Empty => new AccessApplicationDestinationGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/AccessIdentityProviderScimConfigArgs.cs b/sdk/dotnet/Inputs/AccessIdentityProviderScimConfigArgs.cs index 9c1c6d3b..7964f146 100644 --- a/sdk/dotnet/Inputs/AccessIdentityProviderScimConfigArgs.cs +++ b/sdk/dotnet/Inputs/AccessIdentityProviderScimConfigArgs.cs @@ -12,20 +12,36 @@ namespace Pulumi.Cloudflare.Inputs public sealed class AccessIdentityProviderScimConfigArgs : global::Pulumi.ResourceArgs { + /// + /// A flag to enable or disable SCIM for the identity provider. + /// [Input("enabled")] public Input? Enabled { get; set; } + /// + /// Deprecated. Use `identity_update_behavior`. + /// [Input("groupMemberDeprovision")] public Input? GroupMemberDeprovision { get; set; } + /// + /// Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. + /// [Input("identityUpdateBehavior")] public Input? IdentityUpdateBehavior { get; set; } + /// + /// A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. + /// [Input("seatDeprovision")] public Input? SeatDeprovision { get; set; } [Input("secret")] private Input? _secret; + + /// + /// A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret. + /// public Input? Secret { get => _secret; @@ -36,6 +52,9 @@ public Input? Secret } } + /// + /// A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. + /// [Input("userDeprovision")] public Input? UserDeprovision { get; set; } diff --git a/sdk/dotnet/Inputs/AccessIdentityProviderScimConfigGetArgs.cs b/sdk/dotnet/Inputs/AccessIdentityProviderScimConfigGetArgs.cs index 74e603aa..cb81225d 100644 --- a/sdk/dotnet/Inputs/AccessIdentityProviderScimConfigGetArgs.cs +++ b/sdk/dotnet/Inputs/AccessIdentityProviderScimConfigGetArgs.cs @@ -12,20 +12,36 @@ namespace Pulumi.Cloudflare.Inputs public sealed class AccessIdentityProviderScimConfigGetArgs : global::Pulumi.ResourceArgs { + /// + /// A flag to enable or disable SCIM for the identity provider. + /// [Input("enabled")] public Input? Enabled { get; set; } + /// + /// Deprecated. Use `identity_update_behavior`. + /// [Input("groupMemberDeprovision")] public Input? GroupMemberDeprovision { get; set; } + /// + /// Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. + /// [Input("identityUpdateBehavior")] public Input? IdentityUpdateBehavior { get; set; } + /// + /// A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. + /// [Input("seatDeprovision")] public Input? SeatDeprovision { get; set; } [Input("secret")] private Input? _secret; + + /// + /// A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret. + /// public Input? Secret { get => _secret; @@ -36,6 +52,9 @@ public Input? Secret } } + /// + /// A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. + /// [Input("userDeprovision")] public Input? UserDeprovision { get; set; } diff --git a/sdk/dotnet/Inputs/AccessPolicyConnectionRulesSshArgs.cs b/sdk/dotnet/Inputs/AccessPolicyConnectionRulesSshArgs.cs index bf696a2d..424f4ef4 100644 --- a/sdk/dotnet/Inputs/AccessPolicyConnectionRulesSshArgs.cs +++ b/sdk/dotnet/Inputs/AccessPolicyConnectionRulesSshArgs.cs @@ -12,6 +12,12 @@ namespace Pulumi.Cloudflare.Inputs public sealed class AccessPolicyConnectionRulesSshArgs : global::Pulumi.ResourceArgs { + /// + /// Allows connecting to Unix username that matches the authenticating email prefix. + /// + [Input("allowEmailAlias")] + public Input? AllowEmailAlias { get; set; } + [Input("usernames", required: true)] private InputList? _usernames; diff --git a/sdk/dotnet/Inputs/AccessPolicyConnectionRulesSshGetArgs.cs b/sdk/dotnet/Inputs/AccessPolicyConnectionRulesSshGetArgs.cs index 8e4b7535..bad593b5 100644 --- a/sdk/dotnet/Inputs/AccessPolicyConnectionRulesSshGetArgs.cs +++ b/sdk/dotnet/Inputs/AccessPolicyConnectionRulesSshGetArgs.cs @@ -12,6 +12,12 @@ namespace Pulumi.Cloudflare.Inputs public sealed class AccessPolicyConnectionRulesSshGetArgs : global::Pulumi.ResourceArgs { + /// + /// Allows connecting to Unix username that matches the authenticating email prefix. + /// + [Input("allowEmailAlias")] + public Input? AllowEmailAlias { get; set; } + [Input("usernames", required: true)] private InputList? _usernames; diff --git a/sdk/dotnet/Inputs/NotificationPolicyFiltersArgs.cs b/sdk/dotnet/Inputs/NotificationPolicyFiltersArgs.cs index 33318a78..11d93e73 100644 --- a/sdk/dotnet/Inputs/NotificationPolicyFiltersArgs.cs +++ b/sdk/dotnet/Inputs/NotificationPolicyFiltersArgs.cs @@ -28,7 +28,7 @@ public InputList Actions private InputList? _affectedComponents; /// - /// Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`. + /// Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`. /// public InputList AffectedComponents { diff --git a/sdk/dotnet/Inputs/NotificationPolicyFiltersGetArgs.cs b/sdk/dotnet/Inputs/NotificationPolicyFiltersGetArgs.cs index 265f76b3..eb8ded38 100644 --- a/sdk/dotnet/Inputs/NotificationPolicyFiltersGetArgs.cs +++ b/sdk/dotnet/Inputs/NotificationPolicyFiltersGetArgs.cs @@ -28,7 +28,7 @@ public InputList Actions private InputList? _affectedComponents; /// - /// Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`. + /// Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`. /// public InputList AffectedComponents { diff --git a/sdk/dotnet/Inputs/RulesetRuleActionParametersArgs.cs b/sdk/dotnet/Inputs/RulesetRuleActionParametersArgs.cs index 66fc3c12..50139f07 100644 --- a/sdk/dotnet/Inputs/RulesetRuleActionParametersArgs.cs +++ b/sdk/dotnet/Inputs/RulesetRuleActionParametersArgs.cs @@ -399,12 +399,6 @@ public InputList Rulesets [Input("uri")] public Input? Uri { get; set; } - /// - /// Version of the ruleset to deploy. - /// - [Input("version")] - public Input? Version { get; set; } - public RulesetRuleActionParametersArgs() { } diff --git a/sdk/dotnet/Inputs/RulesetRuleActionParametersGetArgs.cs b/sdk/dotnet/Inputs/RulesetRuleActionParametersGetArgs.cs index c326e217..87721f2d 100644 --- a/sdk/dotnet/Inputs/RulesetRuleActionParametersGetArgs.cs +++ b/sdk/dotnet/Inputs/RulesetRuleActionParametersGetArgs.cs @@ -399,12 +399,6 @@ public InputList Rulesets [Input("uri")] public Input? Uri { get; set; } - /// - /// Version of the ruleset to deploy. - /// - [Input("version")] - public Input? Version { get; set; } - public RulesetRuleActionParametersGetArgs() { } diff --git a/sdk/dotnet/Inputs/RulesetRuleArgs.cs b/sdk/dotnet/Inputs/RulesetRuleArgs.cs index 940d1f1e..f3df17cd 100644 --- a/sdk/dotnet/Inputs/RulesetRuleArgs.cs +++ b/sdk/dotnet/Inputs/RulesetRuleArgs.cs @@ -54,12 +54,6 @@ public sealed class RulesetRuleArgs : global::Pulumi.ResourceArgs [Input("id")] public Input? Id { get; set; } - /// - /// The most recent update to this rule. - /// - [Input("lastUpdated")] - public Input? LastUpdated { get; set; } - /// /// List parameters to configure how the rule generates logs. Only valid for skip action. /// @@ -78,12 +72,6 @@ public sealed class RulesetRuleArgs : global::Pulumi.ResourceArgs [Input("ref")] public Input? Ref { get; set; } - /// - /// Version of the ruleset to deploy. - /// - [Input("version")] - public Input? Version { get; set; } - public RulesetRuleArgs() { } diff --git a/sdk/dotnet/Inputs/RulesetRuleGetArgs.cs b/sdk/dotnet/Inputs/RulesetRuleGetArgs.cs index edfd5b8f..d6945b39 100644 --- a/sdk/dotnet/Inputs/RulesetRuleGetArgs.cs +++ b/sdk/dotnet/Inputs/RulesetRuleGetArgs.cs @@ -54,12 +54,6 @@ public sealed class RulesetRuleGetArgs : global::Pulumi.ResourceArgs [Input("id")] public Input? Id { get; set; } - /// - /// The most recent update to this rule. - /// - [Input("lastUpdated")] - public Input? LastUpdated { get; set; } - /// /// List parameters to configure how the rule generates logs. Only valid for skip action. /// @@ -78,12 +72,6 @@ public sealed class RulesetRuleGetArgs : global::Pulumi.ResourceArgs [Input("ref")] public Input? Ref { get; set; } - /// - /// Version of the ruleset to deploy. - /// - [Input("version")] - public Input? Version { get; set; } - public RulesetRuleGetArgs() { } diff --git a/sdk/dotnet/Inputs/SnippetFileArgs.cs b/sdk/dotnet/Inputs/SnippetFileArgs.cs new file mode 100644 index 00000000..6992c502 --- /dev/null +++ b/sdk/dotnet/Inputs/SnippetFileArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Cloudflare.Inputs +{ + + public sealed class SnippetFileArgs : global::Pulumi.ResourceArgs + { + /// + /// Content of the snippet file. + /// + [Input("content")] + public Input? Content { get; set; } + + /// + /// Name of the snippet file. + /// + [Input("name", required: true)] + public Input Name { get; set; } = null!; + + public SnippetFileArgs() + { + } + public static new SnippetFileArgs Empty => new SnippetFileArgs(); + } +} diff --git a/sdk/dotnet/Inputs/SnippetFileGetArgs.cs b/sdk/dotnet/Inputs/SnippetFileGetArgs.cs new file mode 100644 index 00000000..46b7d0d5 --- /dev/null +++ b/sdk/dotnet/Inputs/SnippetFileGetArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Cloudflare.Inputs +{ + + public sealed class SnippetFileGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Content of the snippet file. + /// + [Input("content")] + public Input? Content { get; set; } + + /// + /// Name of the snippet file. + /// + [Input("name", required: true)] + public Input Name { get; set; } = null!; + + public SnippetFileGetArgs() + { + } + public static new SnippetFileGetArgs Empty => new SnippetFileGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/SnippetRulesRuleArgs.cs b/sdk/dotnet/Inputs/SnippetRulesRuleArgs.cs new file mode 100644 index 00000000..63235ade --- /dev/null +++ b/sdk/dotnet/Inputs/SnippetRulesRuleArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Cloudflare.Inputs +{ + + public sealed class SnippetRulesRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// Brief summary of the snippet rule and its intended use. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// Whether the headers rule is active. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters. + /// + [Input("expression", required: true)] + public Input Expression { get; set; } = null!; + + /// + /// Name of the snippet invoked by this rule. + /// + [Input("snippetName", required: true)] + public Input SnippetName { get; set; } = null!; + + public SnippetRulesRuleArgs() + { + } + public static new SnippetRulesRuleArgs Empty => new SnippetRulesRuleArgs(); + } +} diff --git a/sdk/dotnet/Inputs/SnippetRulesRuleGetArgs.cs b/sdk/dotnet/Inputs/SnippetRulesRuleGetArgs.cs new file mode 100644 index 00000000..c7c5b71a --- /dev/null +++ b/sdk/dotnet/Inputs/SnippetRulesRuleGetArgs.cs @@ -0,0 +1,44 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Cloudflare.Inputs +{ + + public sealed class SnippetRulesRuleGetArgs : global::Pulumi.ResourceArgs + { + /// + /// Brief summary of the snippet rule and its intended use. + /// + [Input("description")] + public Input? Description { get; set; } + + /// + /// Whether the headers rule is active. + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters. + /// + [Input("expression", required: true)] + public Input Expression { get; set; } = null!; + + /// + /// Name of the snippet invoked by this rule. + /// + [Input("snippetName", required: true)] + public Input SnippetName { get; set; } = null!; + + public SnippetRulesRuleGetArgs() + { + } + public static new SnippetRulesRuleGetArgs Empty => new SnippetRulesRuleGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ZeroTrustAccessApplicationDestinationArgs.cs b/sdk/dotnet/Inputs/ZeroTrustAccessApplicationDestinationArgs.cs new file mode 100644 index 00000000..62972ca7 --- /dev/null +++ b/sdk/dotnet/Inputs/ZeroTrustAccessApplicationDestinationArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Cloudflare.Inputs +{ + + public sealed class ZeroTrustAccessApplicationDestinationArgs : global::Pulumi.ResourceArgs + { + /// + /// The destination type. Available values: `public`, `private`. Defaults to `public`. + /// + [Input("type")] + public Input? Type { get; set; } + + /// + /// The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges. + /// + [Input("uri", required: true)] + public Input Uri { get; set; } = null!; + + public ZeroTrustAccessApplicationDestinationArgs() + { + } + public static new ZeroTrustAccessApplicationDestinationArgs Empty => new ZeroTrustAccessApplicationDestinationArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ZeroTrustAccessApplicationDestinationGetArgs.cs b/sdk/dotnet/Inputs/ZeroTrustAccessApplicationDestinationGetArgs.cs new file mode 100644 index 00000000..626080b9 --- /dev/null +++ b/sdk/dotnet/Inputs/ZeroTrustAccessApplicationDestinationGetArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Cloudflare.Inputs +{ + + public sealed class ZeroTrustAccessApplicationDestinationGetArgs : global::Pulumi.ResourceArgs + { + /// + /// The destination type. Available values: `public`, `private`. Defaults to `public`. + /// + [Input("type")] + public Input? Type { get; set; } + + /// + /// The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges. + /// + [Input("uri", required: true)] + public Input Uri { get; set; } = null!; + + public ZeroTrustAccessApplicationDestinationGetArgs() + { + } + public static new ZeroTrustAccessApplicationDestinationGetArgs Empty => new ZeroTrustAccessApplicationDestinationGetArgs(); + } +} diff --git a/sdk/dotnet/Inputs/ZeroTrustAccessIdentityProviderScimConfigArgs.cs b/sdk/dotnet/Inputs/ZeroTrustAccessIdentityProviderScimConfigArgs.cs index fcf490be..db6285b6 100644 --- a/sdk/dotnet/Inputs/ZeroTrustAccessIdentityProviderScimConfigArgs.cs +++ b/sdk/dotnet/Inputs/ZeroTrustAccessIdentityProviderScimConfigArgs.cs @@ -12,20 +12,36 @@ namespace Pulumi.Cloudflare.Inputs public sealed class ZeroTrustAccessIdentityProviderScimConfigArgs : global::Pulumi.ResourceArgs { + /// + /// A flag to enable or disable SCIM for the identity provider. + /// [Input("enabled")] public Input? Enabled { get; set; } + /// + /// Deprecated. Use `identity_update_behavior`. + /// [Input("groupMemberDeprovision")] public Input? GroupMemberDeprovision { get; set; } + /// + /// Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. + /// [Input("identityUpdateBehavior")] public Input? IdentityUpdateBehavior { get; set; } + /// + /// A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. + /// [Input("seatDeprovision")] public Input? SeatDeprovision { get; set; } [Input("secret")] private Input? _secret; + + /// + /// A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret. + /// public Input? Secret { get => _secret; @@ -36,6 +52,9 @@ public Input? Secret } } + /// + /// A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. + /// [Input("userDeprovision")] public Input? UserDeprovision { get; set; } diff --git a/sdk/dotnet/Inputs/ZeroTrustAccessIdentityProviderScimConfigGetArgs.cs b/sdk/dotnet/Inputs/ZeroTrustAccessIdentityProviderScimConfigGetArgs.cs index ce58bc34..dd94474d 100644 --- a/sdk/dotnet/Inputs/ZeroTrustAccessIdentityProviderScimConfigGetArgs.cs +++ b/sdk/dotnet/Inputs/ZeroTrustAccessIdentityProviderScimConfigGetArgs.cs @@ -12,20 +12,36 @@ namespace Pulumi.Cloudflare.Inputs public sealed class ZeroTrustAccessIdentityProviderScimConfigGetArgs : global::Pulumi.ResourceArgs { + /// + /// A flag to enable or disable SCIM for the identity provider. + /// [Input("enabled")] public Input? Enabled { get; set; } + /// + /// Deprecated. Use `identity_update_behavior`. + /// [Input("groupMemberDeprovision")] public Input? GroupMemberDeprovision { get; set; } + /// + /// Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. + /// [Input("identityUpdateBehavior")] public Input? IdentityUpdateBehavior { get; set; } + /// + /// A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. + /// [Input("seatDeprovision")] public Input? SeatDeprovision { get; set; } [Input("secret")] private Input? _secret; + + /// + /// A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret. + /// public Input? Secret { get => _secret; @@ -36,6 +52,9 @@ public Input? Secret } } + /// + /// A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. + /// [Input("userDeprovision")] public Input? UserDeprovision { get; set; } diff --git a/sdk/dotnet/Inputs/ZeroTrustAccessPolicyConnectionRulesSshArgs.cs b/sdk/dotnet/Inputs/ZeroTrustAccessPolicyConnectionRulesSshArgs.cs index 27d18e52..3a931d9f 100644 --- a/sdk/dotnet/Inputs/ZeroTrustAccessPolicyConnectionRulesSshArgs.cs +++ b/sdk/dotnet/Inputs/ZeroTrustAccessPolicyConnectionRulesSshArgs.cs @@ -12,6 +12,12 @@ namespace Pulumi.Cloudflare.Inputs public sealed class ZeroTrustAccessPolicyConnectionRulesSshArgs : global::Pulumi.ResourceArgs { + /// + /// Allows connecting to Unix username that matches the authenticating email prefix. + /// + [Input("allowEmailAlias")] + public Input? AllowEmailAlias { get; set; } + [Input("usernames", required: true)] private InputList? _usernames; diff --git a/sdk/dotnet/Inputs/ZeroTrustAccessPolicyConnectionRulesSshGetArgs.cs b/sdk/dotnet/Inputs/ZeroTrustAccessPolicyConnectionRulesSshGetArgs.cs index 47cae973..26f7e72f 100644 --- a/sdk/dotnet/Inputs/ZeroTrustAccessPolicyConnectionRulesSshGetArgs.cs +++ b/sdk/dotnet/Inputs/ZeroTrustAccessPolicyConnectionRulesSshGetArgs.cs @@ -12,6 +12,12 @@ namespace Pulumi.Cloudflare.Inputs public sealed class ZeroTrustAccessPolicyConnectionRulesSshGetArgs : global::Pulumi.ResourceArgs { + /// + /// Allows connecting to Unix username that matches the authenticating email prefix. + /// + [Input("allowEmailAlias")] + public Input? AllowEmailAlias { get; set; } + [Input("usernames", required: true)] private InputList? _usernames; diff --git a/sdk/dotnet/LeakedCredentialCheck.cs b/sdk/dotnet/LeakedCredentialCheck.cs new file mode 100644 index 00000000..978d8030 --- /dev/null +++ b/sdk/dotnet/LeakedCredentialCheck.cs @@ -0,0 +1,139 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Cloudflare +{ + /// + /// Provides a Cloudflare Leaked Credential Check resource to be used for managing the status of the Cloudflare Leaked Credential detection within a specific zone. + /// + /// ## Example Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Cloudflare = Pulumi.Cloudflare; + /// + /// return await Deployment.RunAsync(() => + /// { + /// // Enable the Leaked Credentials Check detection + /// var example = new Cloudflare.LeakedCredentialCheck("example", new() + /// { + /// ZoneId = "399c6f4950c01a5a141b99ff7fbcbd8b", + /// Enabled = true, + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// ```sh + /// $ pulumi import cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck example <zone_id> + /// ``` + /// + [CloudflareResourceType("cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck")] + public partial class LeakedCredentialCheck : global::Pulumi.CustomResource + { + /// + /// State of the Leaked Credential Check detection + /// + [Output("enabled")] + public Output Enabled { get; private set; } = null!; + + /// + /// The zone identifier to target for the resource. + /// + [Output("zoneId")] + public Output ZoneId { get; private set; } = null!; + + + /// + /// Create a LeakedCredentialCheck resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public LeakedCredentialCheck(string name, LeakedCredentialCheckArgs args, CustomResourceOptions? options = null) + : base("cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck", name, args ?? new LeakedCredentialCheckArgs(), MakeResourceOptions(options, "")) + { + } + + private LeakedCredentialCheck(string name, Input id, LeakedCredentialCheckState? state = null, CustomResourceOptions? options = null) + : base("cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing LeakedCredentialCheck resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static LeakedCredentialCheck Get(string name, Input id, LeakedCredentialCheckState? state = null, CustomResourceOptions? options = null) + { + return new LeakedCredentialCheck(name, id, state, options); + } + } + + public sealed class LeakedCredentialCheckArgs : global::Pulumi.ResourceArgs + { + /// + /// State of the Leaked Credential Check detection + /// + [Input("enabled", required: true)] + public Input Enabled { get; set; } = null!; + + /// + /// The zone identifier to target for the resource. + /// + [Input("zoneId", required: true)] + public Input ZoneId { get; set; } = null!; + + public LeakedCredentialCheckArgs() + { + } + public static new LeakedCredentialCheckArgs Empty => new LeakedCredentialCheckArgs(); + } + + public sealed class LeakedCredentialCheckState : global::Pulumi.ResourceArgs + { + /// + /// State of the Leaked Credential Check detection + /// + [Input("enabled")] + public Input? Enabled { get; set; } + + /// + /// The zone identifier to target for the resource. + /// + [Input("zoneId")] + public Input? ZoneId { get; set; } + + public LeakedCredentialCheckState() + { + } + public static new LeakedCredentialCheckState Empty => new LeakedCredentialCheckState(); + } +} diff --git a/sdk/dotnet/LeakedCredentialCheckRule.cs b/sdk/dotnet/LeakedCredentialCheckRule.cs new file mode 100644 index 00000000..4837a1d6 --- /dev/null +++ b/sdk/dotnet/LeakedCredentialCheckRule.cs @@ -0,0 +1,165 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Cloudflare +{ + /// + /// Provides a Cloudflare Leaked Credential Check Rule resource for managing user-defined Leaked Credential detection patterns within a specific zone. + /// + /// ## Example Usage + /// + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Cloudflare = Pulumi.Cloudflare; + /// + /// return await Deployment.RunAsync(() => + /// { + /// // Enable the Leaked Credentials Check detection before trying + /// // to add detections. + /// var example = new Cloudflare.LeakedCredentialCheck("example", new() + /// { + /// ZoneId = "399c6f4950c01a5a141b99ff7fbcbd8b", + /// Enabled = true, + /// }); + /// + /// var exampleLeakedCredentialCheckRule = new Cloudflare.LeakedCredentialCheckRule("example", new() + /// { + /// ZoneId = example.ZoneId, + /// Username = "lookup_json_string(http.request.body.raw, \"user\")", + /// Password = "lookup_json_string(http.request.body.raw, \"pass\")", + /// }); + /// + /// }); + /// ``` + /// + /// ## Import + /// + /// ```sh + /// $ pulumi import cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule example <zone_id>/<resource_id> + /// ``` + /// + [CloudflareResourceType("cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule")] + public partial class LeakedCredentialCheckRule : global::Pulumi.CustomResource + { + /// + /// The ruleset expression to use in matching the password in a request + /// + [Output("password")] + public Output Password { get; private set; } = null!; + + /// + /// The ruleset expression to use in matching the username in a request. + /// + [Output("username")] + public Output Username { get; private set; } = null!; + + /// + /// The zone identifier to target for the resource. + /// + [Output("zoneId")] + public Output ZoneId { get; private set; } = null!; + + + /// + /// Create a LeakedCredentialCheckRule resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public LeakedCredentialCheckRule(string name, LeakedCredentialCheckRuleArgs args, CustomResourceOptions? options = null) + : base("cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule", name, args ?? new LeakedCredentialCheckRuleArgs(), MakeResourceOptions(options, "")) + { + } + + private LeakedCredentialCheckRule(string name, Input id, LeakedCredentialCheckRuleState? state = null, CustomResourceOptions? options = null) + : base("cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing LeakedCredentialCheckRule resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static LeakedCredentialCheckRule Get(string name, Input id, LeakedCredentialCheckRuleState? state = null, CustomResourceOptions? options = null) + { + return new LeakedCredentialCheckRule(name, id, state, options); + } + } + + public sealed class LeakedCredentialCheckRuleArgs : global::Pulumi.ResourceArgs + { + /// + /// The ruleset expression to use in matching the password in a request + /// + [Input("password", required: true)] + public Input Password { get; set; } = null!; + + /// + /// The ruleset expression to use in matching the username in a request. + /// + [Input("username", required: true)] + public Input Username { get; set; } = null!; + + /// + /// The zone identifier to target for the resource. + /// + [Input("zoneId", required: true)] + public Input ZoneId { get; set; } = null!; + + public LeakedCredentialCheckRuleArgs() + { + } + public static new LeakedCredentialCheckRuleArgs Empty => new LeakedCredentialCheckRuleArgs(); + } + + public sealed class LeakedCredentialCheckRuleState : global::Pulumi.ResourceArgs + { + /// + /// The ruleset expression to use in matching the password in a request + /// + [Input("password")] + public Input? Password { get; set; } + + /// + /// The ruleset expression to use in matching the username in a request. + /// + [Input("username")] + public Input? Username { get; set; } + + /// + /// The zone identifier to target for the resource. + /// + [Input("zoneId")] + public Input? ZoneId { get; set; } + + public LeakedCredentialCheckRuleState() + { + } + public static new LeakedCredentialCheckRuleState Empty => new LeakedCredentialCheckRuleState(); + } +} diff --git a/sdk/dotnet/Outputs/AccessApplicationDestination.cs b/sdk/dotnet/Outputs/AccessApplicationDestination.cs new file mode 100644 index 00000000..115be580 --- /dev/null +++ b/sdk/dotnet/Outputs/AccessApplicationDestination.cs @@ -0,0 +1,35 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Cloudflare.Outputs +{ + + [OutputType] + public sealed class AccessApplicationDestination + { + /// + /// The destination type. Available values: `public`, `private`. Defaults to `public`. + /// + public readonly string? Type; + /// + /// The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges. + /// + public readonly string Uri; + + [OutputConstructor] + private AccessApplicationDestination( + string? type, + + string uri) + { + Type = type; + Uri = uri; + } + } +} diff --git a/sdk/dotnet/Outputs/AccessIdentityProviderScimConfig.cs b/sdk/dotnet/Outputs/AccessIdentityProviderScimConfig.cs index 69203435..596dd4bd 100644 --- a/sdk/dotnet/Outputs/AccessIdentityProviderScimConfig.cs +++ b/sdk/dotnet/Outputs/AccessIdentityProviderScimConfig.cs @@ -13,11 +13,29 @@ namespace Pulumi.Cloudflare.Outputs [OutputType] public sealed class AccessIdentityProviderScimConfig { + /// + /// A flag to enable or disable SCIM for the identity provider. + /// public readonly bool? Enabled; + /// + /// Deprecated. Use `identity_update_behavior`. + /// public readonly bool? GroupMemberDeprovision; + /// + /// Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. + /// public readonly string? IdentityUpdateBehavior; + /// + /// A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. + /// public readonly bool? SeatDeprovision; + /// + /// A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret. + /// public readonly string? Secret; + /// + /// A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. + /// public readonly bool? UserDeprovision; [OutputConstructor] diff --git a/sdk/dotnet/Outputs/AccessPolicyConnectionRulesSsh.cs b/sdk/dotnet/Outputs/AccessPolicyConnectionRulesSsh.cs index e857f329..8300bcd8 100644 --- a/sdk/dotnet/Outputs/AccessPolicyConnectionRulesSsh.cs +++ b/sdk/dotnet/Outputs/AccessPolicyConnectionRulesSsh.cs @@ -13,14 +13,22 @@ namespace Pulumi.Cloudflare.Outputs [OutputType] public sealed class AccessPolicyConnectionRulesSsh { + /// + /// Allows connecting to Unix username that matches the authenticating email prefix. + /// + public readonly bool? AllowEmailAlias; /// /// Contains the Unix usernames that may be used when connecting over SSH. /// public readonly ImmutableArray Usernames; [OutputConstructor] - private AccessPolicyConnectionRulesSsh(ImmutableArray usernames) + private AccessPolicyConnectionRulesSsh( + bool? allowEmailAlias, + + ImmutableArray usernames) { + AllowEmailAlias = allowEmailAlias; Usernames = usernames; } } diff --git a/sdk/dotnet/Outputs/NotificationPolicyFilters.cs b/sdk/dotnet/Outputs/NotificationPolicyFilters.cs index ed4fc8d7..3d46fa6b 100644 --- a/sdk/dotnet/Outputs/NotificationPolicyFilters.cs +++ b/sdk/dotnet/Outputs/NotificationPolicyFilters.cs @@ -18,7 +18,7 @@ public sealed class NotificationPolicyFilters /// public readonly ImmutableArray Actions; /// - /// Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`. + /// Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`. /// public readonly ImmutableArray AffectedComponents; /// diff --git a/sdk/dotnet/Outputs/RulesetRule.cs b/sdk/dotnet/Outputs/RulesetRule.cs index 7b4aec1d..121c3d47 100644 --- a/sdk/dotnet/Outputs/RulesetRule.cs +++ b/sdk/dotnet/Outputs/RulesetRule.cs @@ -42,10 +42,6 @@ public sealed class RulesetRule /// public readonly string? Id; /// - /// The most recent update to this rule. - /// - public readonly string? LastUpdated; - /// /// List parameters to configure how the rule generates logs. Only valid for skip action. /// public readonly Outputs.RulesetRuleLogging? Logging; @@ -57,10 +53,6 @@ public sealed class RulesetRule /// Rule reference. /// public readonly string? Ref; - /// - /// Version of the ruleset to deploy. - /// - public readonly string? Version; [OutputConstructor] private RulesetRule( @@ -78,15 +70,11 @@ private RulesetRule( string? id, - string? lastUpdated, - Outputs.RulesetRuleLogging? logging, Outputs.RulesetRuleRatelimit? ratelimit, - string? @ref, - - string? version) + string? @ref) { Action = action; ActionParameters = actionParameters; @@ -95,11 +83,9 @@ private RulesetRule( ExposedCredentialCheck = exposedCredentialCheck; Expression = expression; Id = id; - LastUpdated = lastUpdated; Logging = logging; Ratelimit = ratelimit; Ref = @ref; - Version = version; } } } diff --git a/sdk/dotnet/Outputs/RulesetRuleActionParameters.cs b/sdk/dotnet/Outputs/RulesetRuleActionParameters.cs index d4fac479..95b4f19c 100644 --- a/sdk/dotnet/Outputs/RulesetRuleActionParameters.cs +++ b/sdk/dotnet/Outputs/RulesetRuleActionParameters.cs @@ -222,10 +222,6 @@ public sealed class RulesetRuleActionParameters /// List of URI properties to configure for the ruleset rule when performing URL rewrite transformations. /// public readonly Outputs.RulesetRuleActionParametersUri? Uri; - /// - /// Version of the ruleset to deploy. - /// - public readonly string? Version; [OutputConstructor] private RulesetRuleActionParameters( @@ -333,9 +329,7 @@ private RulesetRuleActionParameters( bool? sxg, - Outputs.RulesetRuleActionParametersUri? uri, - - string? version) + Outputs.RulesetRuleActionParametersUri? uri) { AdditionalCacheablePorts = additionalCacheablePorts; Algorithms = algorithms; @@ -390,7 +384,6 @@ private RulesetRuleActionParameters( StatusCode = statusCode; Sxg = sxg; Uri = uri; - Version = version; } } } diff --git a/sdk/dotnet/Outputs/SnippetFile.cs b/sdk/dotnet/Outputs/SnippetFile.cs new file mode 100644 index 00000000..4bbe115e --- /dev/null +++ b/sdk/dotnet/Outputs/SnippetFile.cs @@ -0,0 +1,35 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Cloudflare.Outputs +{ + + [OutputType] + public sealed class SnippetFile + { + /// + /// Content of the snippet file. + /// + public readonly string? Content; + /// + /// Name of the snippet file. + /// + public readonly string Name; + + [OutputConstructor] + private SnippetFile( + string? content, + + string name) + { + Content = content; + Name = name; + } + } +} diff --git a/sdk/dotnet/Outputs/SnippetRulesRule.cs b/sdk/dotnet/Outputs/SnippetRulesRule.cs new file mode 100644 index 00000000..873514f8 --- /dev/null +++ b/sdk/dotnet/Outputs/SnippetRulesRule.cs @@ -0,0 +1,49 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Cloudflare.Outputs +{ + + [OutputType] + public sealed class SnippetRulesRule + { + /// + /// Brief summary of the snippet rule and its intended use. + /// + public readonly string? Description; + /// + /// Whether the headers rule is active. + /// + public readonly bool? Enabled; + /// + /// Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters. + /// + public readonly string Expression; + /// + /// Name of the snippet invoked by this rule. + /// + public readonly string SnippetName; + + [OutputConstructor] + private SnippetRulesRule( + string? description, + + bool? enabled, + + string expression, + + string snippetName) + { + Description = description; + Enabled = enabled; + Expression = expression; + SnippetName = snippetName; + } + } +} diff --git a/sdk/dotnet/Outputs/ZeroTrustAccessApplicationDestination.cs b/sdk/dotnet/Outputs/ZeroTrustAccessApplicationDestination.cs new file mode 100644 index 00000000..19992f32 --- /dev/null +++ b/sdk/dotnet/Outputs/ZeroTrustAccessApplicationDestination.cs @@ -0,0 +1,35 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Cloudflare.Outputs +{ + + [OutputType] + public sealed class ZeroTrustAccessApplicationDestination + { + /// + /// The destination type. Available values: `public`, `private`. Defaults to `public`. + /// + public readonly string? Type; + /// + /// The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges. + /// + public readonly string Uri; + + [OutputConstructor] + private ZeroTrustAccessApplicationDestination( + string? type, + + string uri) + { + Type = type; + Uri = uri; + } + } +} diff --git a/sdk/dotnet/Outputs/ZeroTrustAccessIdentityProviderScimConfig.cs b/sdk/dotnet/Outputs/ZeroTrustAccessIdentityProviderScimConfig.cs index a084722c..adb25dee 100644 --- a/sdk/dotnet/Outputs/ZeroTrustAccessIdentityProviderScimConfig.cs +++ b/sdk/dotnet/Outputs/ZeroTrustAccessIdentityProviderScimConfig.cs @@ -13,11 +13,29 @@ namespace Pulumi.Cloudflare.Outputs [OutputType] public sealed class ZeroTrustAccessIdentityProviderScimConfig { + /// + /// A flag to enable or disable SCIM for the identity provider. + /// public readonly bool? Enabled; + /// + /// Deprecated. Use `identity_update_behavior`. + /// public readonly bool? GroupMemberDeprovision; + /// + /// Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. + /// public readonly string? IdentityUpdateBehavior; + /// + /// A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless user_deprovision is also enabled. + /// public readonly bool? SeatDeprovision; + /// + /// A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret. + /// public readonly string? Secret; + /// + /// A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. + /// public readonly bool? UserDeprovision; [OutputConstructor] diff --git a/sdk/dotnet/Outputs/ZeroTrustAccessPolicyConnectionRulesSsh.cs b/sdk/dotnet/Outputs/ZeroTrustAccessPolicyConnectionRulesSsh.cs index be1c505a..3ba187b2 100644 --- a/sdk/dotnet/Outputs/ZeroTrustAccessPolicyConnectionRulesSsh.cs +++ b/sdk/dotnet/Outputs/ZeroTrustAccessPolicyConnectionRulesSsh.cs @@ -13,14 +13,22 @@ namespace Pulumi.Cloudflare.Outputs [OutputType] public sealed class ZeroTrustAccessPolicyConnectionRulesSsh { + /// + /// Allows connecting to Unix username that matches the authenticating email prefix. + /// + public readonly bool? AllowEmailAlias; /// /// Contains the Unix usernames that may be used when connecting over SSH. /// public readonly ImmutableArray Usernames; [OutputConstructor] - private ZeroTrustAccessPolicyConnectionRulesSsh(ImmutableArray usernames) + private ZeroTrustAccessPolicyConnectionRulesSsh( + bool? allowEmailAlias, + + ImmutableArray usernames) { + AllowEmailAlias = allowEmailAlias; Usernames = usernames; } } diff --git a/sdk/dotnet/Snippet.cs b/sdk/dotnet/Snippet.cs new file mode 100644 index 00000000..9221ceb6 --- /dev/null +++ b/sdk/dotnet/Snippet.cs @@ -0,0 +1,158 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Cloudflare +{ + [CloudflareResourceType("cloudflare:index/snippet:Snippet")] + public partial class Snippet : global::Pulumi.CustomResource + { + /// + /// List of Snippet Files + /// + [Output("files")] + public Output> Files { get; private set; } = null!; + + /// + /// Main module file name of the snippet. + /// + [Output("mainModule")] + public Output MainModule { get; private set; } = null!; + + /// + /// Name of the snippet. + /// + [Output("name")] + public Output Name { get; private set; } = null!; + + /// + /// The zone identifier to target for the resource. + /// + [Output("zoneId")] + public Output ZoneId { get; private set; } = null!; + + + /// + /// Create a Snippet resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public Snippet(string name, SnippetArgs args, CustomResourceOptions? options = null) + : base("cloudflare:index/snippet:Snippet", name, args ?? new SnippetArgs(), MakeResourceOptions(options, "")) + { + } + + private Snippet(string name, Input id, SnippetState? state = null, CustomResourceOptions? options = null) + : base("cloudflare:index/snippet:Snippet", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing Snippet resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static Snippet Get(string name, Input id, SnippetState? state = null, CustomResourceOptions? options = null) + { + return new Snippet(name, id, state, options); + } + } + + public sealed class SnippetArgs : global::Pulumi.ResourceArgs + { + [Input("files")] + private InputList? _files; + + /// + /// List of Snippet Files + /// + public InputList Files + { + get => _files ?? (_files = new InputList()); + set => _files = value; + } + + /// + /// Main module file name of the snippet. + /// + [Input("mainModule", required: true)] + public Input MainModule { get; set; } = null!; + + /// + /// Name of the snippet. + /// + [Input("name", required: true)] + public Input Name { get; set; } = null!; + + /// + /// The zone identifier to target for the resource. + /// + [Input("zoneId", required: true)] + public Input ZoneId { get; set; } = null!; + + public SnippetArgs() + { + } + public static new SnippetArgs Empty => new SnippetArgs(); + } + + public sealed class SnippetState : global::Pulumi.ResourceArgs + { + [Input("files")] + private InputList? _files; + + /// + /// List of Snippet Files + /// + public InputList Files + { + get => _files ?? (_files = new InputList()); + set => _files = value; + } + + /// + /// Main module file name of the snippet. + /// + [Input("mainModule")] + public Input? MainModule { get; set; } + + /// + /// Name of the snippet. + /// + [Input("name")] + public Input? Name { get; set; } + + /// + /// The zone identifier to target for the resource. + /// + [Input("zoneId")] + public Input? ZoneId { get; set; } + + public SnippetState() + { + } + public static new SnippetState Empty => new SnippetState(); + } +} diff --git a/sdk/dotnet/SnippetRules.cs b/sdk/dotnet/SnippetRules.cs new file mode 100644 index 00000000..4b9755ba --- /dev/null +++ b/sdk/dotnet/SnippetRules.cs @@ -0,0 +1,122 @@ +// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.Cloudflare +{ + [CloudflareResourceType("cloudflare:index/snippetRules:SnippetRules")] + public partial class SnippetRules : global::Pulumi.CustomResource + { + /// + /// List of Snippet Rules + /// + [Output("rules")] + public Output> Rules { get; private set; } = null!; + + /// + /// The zone identifier to target for the resource. + /// + [Output("zoneId")] + public Output ZoneId { get; private set; } = null!; + + + /// + /// Create a SnippetRules resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public SnippetRules(string name, SnippetRulesArgs args, CustomResourceOptions? options = null) + : base("cloudflare:index/snippetRules:SnippetRules", name, args ?? new SnippetRulesArgs(), MakeResourceOptions(options, "")) + { + } + + private SnippetRules(string name, Input id, SnippetRulesState? state = null, CustomResourceOptions? options = null) + : base("cloudflare:index/snippetRules:SnippetRules", name, state, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing SnippetRules resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// Any extra arguments used during the lookup. + /// A bag of options that control this resource's behavior + public static SnippetRules Get(string name, Input id, SnippetRulesState? state = null, CustomResourceOptions? options = null) + { + return new SnippetRules(name, id, state, options); + } + } + + public sealed class SnippetRulesArgs : global::Pulumi.ResourceArgs + { + [Input("rules")] + private InputList? _rules; + + /// + /// List of Snippet Rules + /// + public InputList Rules + { + get => _rules ?? (_rules = new InputList()); + set => _rules = value; + } + + /// + /// The zone identifier to target for the resource. + /// + [Input("zoneId", required: true)] + public Input ZoneId { get; set; } = null!; + + public SnippetRulesArgs() + { + } + public static new SnippetRulesArgs Empty => new SnippetRulesArgs(); + } + + public sealed class SnippetRulesState : global::Pulumi.ResourceArgs + { + [Input("rules")] + private InputList? _rules; + + /// + /// List of Snippet Rules + /// + public InputList Rules + { + get => _rules ?? (_rules = new InputList()); + set => _rules = value; + } + + /// + /// The zone identifier to target for the resource. + /// + [Input("zoneId")] + public Input? ZoneId { get; set; } + + public SnippetRulesState() + { + } + public static new SnippetRulesState Empty => new SnippetRulesState(); + } +} diff --git a/sdk/dotnet/ZeroTrustAccessApplication.cs b/sdk/dotnet/ZeroTrustAccessApplication.cs index 2a4caef7..abb4800d 100644 --- a/sdk/dotnet/ZeroTrustAccessApplication.cs +++ b/sdk/dotnet/ZeroTrustAccessApplication.cs @@ -107,12 +107,24 @@ public partial class ZeroTrustAccessApplication : global::Pulumi.CustomResource [Output("customPages")] public Output> CustomPages { get; private set; } = null!; + /// + /// A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`. + /// + [Output("destinations")] + public Output> Destinations { get; private set; } = null!; + /// /// The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. /// [Output("domain")] public Output Domain { get; private set; } = null!; + /// + /// The type of the primary domain. Available values: `public`, `private`. + /// + [Output("domainType")] + public Output DomainType { get; private set; } = null!; + /// /// Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. /// @@ -186,7 +198,7 @@ public partial class ZeroTrustAccessApplication : global::Pulumi.CustomResource public Output ScimConfig { get; private set; } = null!; /// - /// List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + /// List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. /// [Output("selfHostedDomains")] public Output> SelfHostedDomains { get; private set; } = null!; @@ -375,12 +387,30 @@ public InputList CustomPages set => _customPages = value; } + [Input("destinations")] + private InputList? _destinations; + + /// + /// A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`. + /// + public InputList Destinations + { + get => _destinations ?? (_destinations = new InputList()); + set => _destinations = value; + } + /// /// The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. /// [Input("domain")] public Input? Domain { get; set; } + /// + /// The type of the primary domain. Available values: `public`, `private`. + /// + [Input("domainType")] + public Input? DomainType { get; set; } + /// /// Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. /// @@ -469,8 +499,9 @@ public InputList Policies private InputList? _selfHostedDomains; /// - /// List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + /// List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. /// + [Obsolete(@"Use `destinations` instead")] public InputList SelfHostedDomains { get => _selfHostedDomains ?? (_selfHostedDomains = new InputList()); @@ -641,12 +672,30 @@ public InputList CustomPages set => _customPages = value; } + [Input("destinations")] + private InputList? _destinations; + + /// + /// A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`. + /// + public InputList Destinations + { + get => _destinations ?? (_destinations = new InputList()); + set => _destinations = value; + } + /// /// The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. /// [Input("domain")] public Input? Domain { get; set; } + /// + /// The type of the primary domain. Available values: `public`, `private`. + /// + [Input("domainType")] + public Input? DomainType { get; set; } + /// /// Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. /// @@ -735,8 +784,9 @@ public InputList Policies private InputList? _selfHostedDomains; /// - /// List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + /// List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. /// + [Obsolete(@"Use `destinations` instead")] public InputList SelfHostedDomains { get => _selfHostedDomains ?? (_selfHostedDomains = new InputList()); diff --git a/sdk/go/cloudflare/accessApplication.go b/sdk/go/cloudflare/accessApplication.go index 9f7ef573..2b893a5e 100644 --- a/sdk/go/cloudflare/accessApplication.go +++ b/sdk/go/cloudflare/accessApplication.go @@ -56,8 +56,12 @@ type AccessApplication struct { CustomNonIdentityDenyUrl pulumi.StringPtrOutput `pulumi:"customNonIdentityDenyUrl"` // The custom pages selected for the application. CustomPages pulumi.StringArrayOutput `pulumi:"customPages"` + // A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `selfHostedDomains` to allow for more flexibility in defining different types of destinations. Conflicts with `selfHostedDomains`. + Destinations AccessApplicationDestinationArrayOutput `pulumi:"destinations"` // The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. Domain pulumi.StringOutput `pulumi:"domain"` + // The type of the primary domain. Available values: `public`, `private`. + DomainType pulumi.StringOutput `pulumi:"domainType"` // Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. EnableBindingCookie pulumi.BoolPtrOutput `pulumi:"enableBindingCookie"` // The footer links of the app launcher. @@ -82,7 +86,9 @@ type AccessApplication struct { SameSiteCookieAttribute pulumi.StringPtrOutput `pulumi:"sameSiteCookieAttribute"` // Configuration for provisioning to this application via SCIM. This is currently in closed beta. ScimConfig AccessApplicationScimConfigPtrOutput `pulumi:"scimConfig"` - // List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + // List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. + // + // Deprecated: Use `destinations` instead SelfHostedDomains pulumi.StringArrayOutput `pulumi:"selfHostedDomains"` // Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`. ServiceAuth401Redirect pulumi.BoolPtrOutput `pulumi:"serviceAuth401Redirect"` @@ -158,8 +164,12 @@ type accessApplicationState struct { CustomNonIdentityDenyUrl *string `pulumi:"customNonIdentityDenyUrl"` // The custom pages selected for the application. CustomPages []string `pulumi:"customPages"` + // A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `selfHostedDomains` to allow for more flexibility in defining different types of destinations. Conflicts with `selfHostedDomains`. + Destinations []AccessApplicationDestination `pulumi:"destinations"` // The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. Domain *string `pulumi:"domain"` + // The type of the primary domain. Available values: `public`, `private`. + DomainType *string `pulumi:"domainType"` // Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. EnableBindingCookie *bool `pulumi:"enableBindingCookie"` // The footer links of the app launcher. @@ -184,7 +194,9 @@ type accessApplicationState struct { SameSiteCookieAttribute *string `pulumi:"sameSiteCookieAttribute"` // Configuration for provisioning to this application via SCIM. This is currently in closed beta. ScimConfig *AccessApplicationScimConfig `pulumi:"scimConfig"` - // List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + // List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. + // + // Deprecated: Use `destinations` instead SelfHostedDomains []string `pulumi:"selfHostedDomains"` // Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`. ServiceAuth401Redirect *bool `pulumi:"serviceAuth401Redirect"` @@ -231,8 +243,12 @@ type AccessApplicationState struct { CustomNonIdentityDenyUrl pulumi.StringPtrInput // The custom pages selected for the application. CustomPages pulumi.StringArrayInput + // A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `selfHostedDomains` to allow for more flexibility in defining different types of destinations. Conflicts with `selfHostedDomains`. + Destinations AccessApplicationDestinationArrayInput // The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. Domain pulumi.StringPtrInput + // The type of the primary domain. Available values: `public`, `private`. + DomainType pulumi.StringPtrInput // Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. EnableBindingCookie pulumi.BoolPtrInput // The footer links of the app launcher. @@ -257,7 +273,9 @@ type AccessApplicationState struct { SameSiteCookieAttribute pulumi.StringPtrInput // Configuration for provisioning to this application via SCIM. This is currently in closed beta. ScimConfig AccessApplicationScimConfigPtrInput - // List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + // List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. + // + // Deprecated: Use `destinations` instead SelfHostedDomains pulumi.StringArrayInput // Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`. ServiceAuth401Redirect pulumi.BoolPtrInput @@ -306,8 +324,12 @@ type accessApplicationArgs struct { CustomNonIdentityDenyUrl *string `pulumi:"customNonIdentityDenyUrl"` // The custom pages selected for the application. CustomPages []string `pulumi:"customPages"` + // A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `selfHostedDomains` to allow for more flexibility in defining different types of destinations. Conflicts with `selfHostedDomains`. + Destinations []AccessApplicationDestination `pulumi:"destinations"` // The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. Domain *string `pulumi:"domain"` + // The type of the primary domain. Available values: `public`, `private`. + DomainType *string `pulumi:"domainType"` // Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. EnableBindingCookie *bool `pulumi:"enableBindingCookie"` // The footer links of the app launcher. @@ -332,7 +354,9 @@ type accessApplicationArgs struct { SameSiteCookieAttribute *string `pulumi:"sameSiteCookieAttribute"` // Configuration for provisioning to this application via SCIM. This is currently in closed beta. ScimConfig *AccessApplicationScimConfig `pulumi:"scimConfig"` - // List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + // List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. + // + // Deprecated: Use `destinations` instead SelfHostedDomains []string `pulumi:"selfHostedDomains"` // Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`. ServiceAuth401Redirect *bool `pulumi:"serviceAuth401Redirect"` @@ -378,8 +402,12 @@ type AccessApplicationArgs struct { CustomNonIdentityDenyUrl pulumi.StringPtrInput // The custom pages selected for the application. CustomPages pulumi.StringArrayInput + // A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `selfHostedDomains` to allow for more flexibility in defining different types of destinations. Conflicts with `selfHostedDomains`. + Destinations AccessApplicationDestinationArrayInput // The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. Domain pulumi.StringPtrInput + // The type of the primary domain. Available values: `public`, `private`. + DomainType pulumi.StringPtrInput // Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. EnableBindingCookie pulumi.BoolPtrInput // The footer links of the app launcher. @@ -404,7 +432,9 @@ type AccessApplicationArgs struct { SameSiteCookieAttribute pulumi.StringPtrInput // Configuration for provisioning to this application via SCIM. This is currently in closed beta. ScimConfig AccessApplicationScimConfigPtrInput - // List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + // List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. + // + // Deprecated: Use `destinations` instead SelfHostedDomains pulumi.StringArrayInput // Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`. ServiceAuth401Redirect pulumi.BoolPtrInput @@ -576,11 +606,21 @@ func (o AccessApplicationOutput) CustomPages() pulumi.StringArrayOutput { return o.ApplyT(func(v *AccessApplication) pulumi.StringArrayOutput { return v.CustomPages }).(pulumi.StringArrayOutput) } +// A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `selfHostedDomains` to allow for more flexibility in defining different types of destinations. Conflicts with `selfHostedDomains`. +func (o AccessApplicationOutput) Destinations() AccessApplicationDestinationArrayOutput { + return o.ApplyT(func(v *AccessApplication) AccessApplicationDestinationArrayOutput { return v.Destinations }).(AccessApplicationDestinationArrayOutput) +} + // The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. func (o AccessApplicationOutput) Domain() pulumi.StringOutput { return o.ApplyT(func(v *AccessApplication) pulumi.StringOutput { return v.Domain }).(pulumi.StringOutput) } +// The type of the primary domain. Available values: `public`, `private`. +func (o AccessApplicationOutput) DomainType() pulumi.StringOutput { + return o.ApplyT(func(v *AccessApplication) pulumi.StringOutput { return v.DomainType }).(pulumi.StringOutput) +} + // Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. func (o AccessApplicationOutput) EnableBindingCookie() pulumi.BoolPtrOutput { return o.ApplyT(func(v *AccessApplication) pulumi.BoolPtrOutput { return v.EnableBindingCookie }).(pulumi.BoolPtrOutput) @@ -641,7 +681,9 @@ func (o AccessApplicationOutput) ScimConfig() AccessApplicationScimConfigPtrOutp return o.ApplyT(func(v *AccessApplication) AccessApplicationScimConfigPtrOutput { return v.ScimConfig }).(AccessApplicationScimConfigPtrOutput) } -// List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. +// List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. +// +// Deprecated: Use `destinations` instead func (o AccessApplicationOutput) SelfHostedDomains() pulumi.StringArrayOutput { return o.ApplyT(func(v *AccessApplication) pulumi.StringArrayOutput { return v.SelfHostedDomains }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/cloudflare/init.go b/sdk/go/cloudflare/init.go index 89dea081..8bfc299c 100644 --- a/sdk/go/cloudflare/init.go +++ b/sdk/go/cloudflare/init.go @@ -133,6 +133,10 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi r = &IpsecTunnel{} case "cloudflare:index/keylessCertificate:KeylessCertificate": r = &KeylessCertificate{} + case "cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck": + r = &LeakedCredentialCheck{} + case "cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule": + r = &LeakedCredentialCheckRule{} case "cloudflare:index/list:List": r = &List{} case "cloudflare:index/listItem:ListItem": @@ -191,6 +195,10 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi r = &RiskBehavior{} case "cloudflare:index/ruleset:Ruleset": r = &Ruleset{} + case "cloudflare:index/snippet:Snippet": + r = &Snippet{} + case "cloudflare:index/snippetRules:SnippetRules": + r = &SnippetRules{} case "cloudflare:index/spectrumApplication:SpectrumApplication": r = &SpectrumApplication{} case "cloudflare:index/splitTunnel:SplitTunnel": @@ -660,6 +668,16 @@ func init() { "index/keylessCertificate", &module{version}, ) + pulumi.RegisterResourceModule( + "cloudflare", + "index/leakedCredentialCheck", + &module{version}, + ) + pulumi.RegisterResourceModule( + "cloudflare", + "index/leakedCredentialCheckRule", + &module{version}, + ) pulumi.RegisterResourceModule( "cloudflare", "index/list", @@ -805,6 +823,16 @@ func init() { "index/ruleset", &module{version}, ) + pulumi.RegisterResourceModule( + "cloudflare", + "index/snippet", + &module{version}, + ) + pulumi.RegisterResourceModule( + "cloudflare", + "index/snippetRules", + &module{version}, + ) pulumi.RegisterResourceModule( "cloudflare", "index/spectrumApplication", diff --git a/sdk/go/cloudflare/leakedCredentialCheck.go b/sdk/go/cloudflare/leakedCredentialCheck.go new file mode 100644 index 00000000..51d886c2 --- /dev/null +++ b/sdk/go/cloudflare/leakedCredentialCheck.go @@ -0,0 +1,271 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package cloudflare + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Provides a Cloudflare Leaked Credential Check resource to be used for managing the status of the Cloudflare Leaked Credential detection within a specific zone. +// +// ## Example Usage +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// // Enable the Leaked Credentials Check detection +// _, err := cloudflare.NewLeakedCredentialCheck(ctx, "example", &cloudflare.LeakedCredentialCheckArgs{ +// ZoneId: pulumi.String("399c6f4950c01a5a141b99ff7fbcbd8b"), +// Enabled: pulumi.Bool(true), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// ```sh +// $ pulumi import cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck example +// ``` +type LeakedCredentialCheck struct { + pulumi.CustomResourceState + + // State of the Leaked Credential Check detection + Enabled pulumi.BoolOutput `pulumi:"enabled"` + // The zone identifier to target for the resource. + ZoneId pulumi.StringOutput `pulumi:"zoneId"` +} + +// NewLeakedCredentialCheck registers a new resource with the given unique name, arguments, and options. +func NewLeakedCredentialCheck(ctx *pulumi.Context, + name string, args *LeakedCredentialCheckArgs, opts ...pulumi.ResourceOption) (*LeakedCredentialCheck, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.Enabled == nil { + return nil, errors.New("invalid value for required argument 'Enabled'") + } + if args.ZoneId == nil { + return nil, errors.New("invalid value for required argument 'ZoneId'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource LeakedCredentialCheck + err := ctx.RegisterResource("cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetLeakedCredentialCheck gets an existing LeakedCredentialCheck resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetLeakedCredentialCheck(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *LeakedCredentialCheckState, opts ...pulumi.ResourceOption) (*LeakedCredentialCheck, error) { + var resource LeakedCredentialCheck + err := ctx.ReadResource("cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering LeakedCredentialCheck resources. +type leakedCredentialCheckState struct { + // State of the Leaked Credential Check detection + Enabled *bool `pulumi:"enabled"` + // The zone identifier to target for the resource. + ZoneId *string `pulumi:"zoneId"` +} + +type LeakedCredentialCheckState struct { + // State of the Leaked Credential Check detection + Enabled pulumi.BoolPtrInput + // The zone identifier to target for the resource. + ZoneId pulumi.StringPtrInput +} + +func (LeakedCredentialCheckState) ElementType() reflect.Type { + return reflect.TypeOf((*leakedCredentialCheckState)(nil)).Elem() +} + +type leakedCredentialCheckArgs struct { + // State of the Leaked Credential Check detection + Enabled bool `pulumi:"enabled"` + // The zone identifier to target for the resource. + ZoneId string `pulumi:"zoneId"` +} + +// The set of arguments for constructing a LeakedCredentialCheck resource. +type LeakedCredentialCheckArgs struct { + // State of the Leaked Credential Check detection + Enabled pulumi.BoolInput + // The zone identifier to target for the resource. + ZoneId pulumi.StringInput +} + +func (LeakedCredentialCheckArgs) ElementType() reflect.Type { + return reflect.TypeOf((*leakedCredentialCheckArgs)(nil)).Elem() +} + +type LeakedCredentialCheckInput interface { + pulumi.Input + + ToLeakedCredentialCheckOutput() LeakedCredentialCheckOutput + ToLeakedCredentialCheckOutputWithContext(ctx context.Context) LeakedCredentialCheckOutput +} + +func (*LeakedCredentialCheck) ElementType() reflect.Type { + return reflect.TypeOf((**LeakedCredentialCheck)(nil)).Elem() +} + +func (i *LeakedCredentialCheck) ToLeakedCredentialCheckOutput() LeakedCredentialCheckOutput { + return i.ToLeakedCredentialCheckOutputWithContext(context.Background()) +} + +func (i *LeakedCredentialCheck) ToLeakedCredentialCheckOutputWithContext(ctx context.Context) LeakedCredentialCheckOutput { + return pulumi.ToOutputWithContext(ctx, i).(LeakedCredentialCheckOutput) +} + +// LeakedCredentialCheckArrayInput is an input type that accepts LeakedCredentialCheckArray and LeakedCredentialCheckArrayOutput values. +// You can construct a concrete instance of `LeakedCredentialCheckArrayInput` via: +// +// LeakedCredentialCheckArray{ LeakedCredentialCheckArgs{...} } +type LeakedCredentialCheckArrayInput interface { + pulumi.Input + + ToLeakedCredentialCheckArrayOutput() LeakedCredentialCheckArrayOutput + ToLeakedCredentialCheckArrayOutputWithContext(context.Context) LeakedCredentialCheckArrayOutput +} + +type LeakedCredentialCheckArray []LeakedCredentialCheckInput + +func (LeakedCredentialCheckArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*LeakedCredentialCheck)(nil)).Elem() +} + +func (i LeakedCredentialCheckArray) ToLeakedCredentialCheckArrayOutput() LeakedCredentialCheckArrayOutput { + return i.ToLeakedCredentialCheckArrayOutputWithContext(context.Background()) +} + +func (i LeakedCredentialCheckArray) ToLeakedCredentialCheckArrayOutputWithContext(ctx context.Context) LeakedCredentialCheckArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(LeakedCredentialCheckArrayOutput) +} + +// LeakedCredentialCheckMapInput is an input type that accepts LeakedCredentialCheckMap and LeakedCredentialCheckMapOutput values. +// You can construct a concrete instance of `LeakedCredentialCheckMapInput` via: +// +// LeakedCredentialCheckMap{ "key": LeakedCredentialCheckArgs{...} } +type LeakedCredentialCheckMapInput interface { + pulumi.Input + + ToLeakedCredentialCheckMapOutput() LeakedCredentialCheckMapOutput + ToLeakedCredentialCheckMapOutputWithContext(context.Context) LeakedCredentialCheckMapOutput +} + +type LeakedCredentialCheckMap map[string]LeakedCredentialCheckInput + +func (LeakedCredentialCheckMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*LeakedCredentialCheck)(nil)).Elem() +} + +func (i LeakedCredentialCheckMap) ToLeakedCredentialCheckMapOutput() LeakedCredentialCheckMapOutput { + return i.ToLeakedCredentialCheckMapOutputWithContext(context.Background()) +} + +func (i LeakedCredentialCheckMap) ToLeakedCredentialCheckMapOutputWithContext(ctx context.Context) LeakedCredentialCheckMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(LeakedCredentialCheckMapOutput) +} + +type LeakedCredentialCheckOutput struct{ *pulumi.OutputState } + +func (LeakedCredentialCheckOutput) ElementType() reflect.Type { + return reflect.TypeOf((**LeakedCredentialCheck)(nil)).Elem() +} + +func (o LeakedCredentialCheckOutput) ToLeakedCredentialCheckOutput() LeakedCredentialCheckOutput { + return o +} + +func (o LeakedCredentialCheckOutput) ToLeakedCredentialCheckOutputWithContext(ctx context.Context) LeakedCredentialCheckOutput { + return o +} + +// State of the Leaked Credential Check detection +func (o LeakedCredentialCheckOutput) Enabled() pulumi.BoolOutput { + return o.ApplyT(func(v *LeakedCredentialCheck) pulumi.BoolOutput { return v.Enabled }).(pulumi.BoolOutput) +} + +// The zone identifier to target for the resource. +func (o LeakedCredentialCheckOutput) ZoneId() pulumi.StringOutput { + return o.ApplyT(func(v *LeakedCredentialCheck) pulumi.StringOutput { return v.ZoneId }).(pulumi.StringOutput) +} + +type LeakedCredentialCheckArrayOutput struct{ *pulumi.OutputState } + +func (LeakedCredentialCheckArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*LeakedCredentialCheck)(nil)).Elem() +} + +func (o LeakedCredentialCheckArrayOutput) ToLeakedCredentialCheckArrayOutput() LeakedCredentialCheckArrayOutput { + return o +} + +func (o LeakedCredentialCheckArrayOutput) ToLeakedCredentialCheckArrayOutputWithContext(ctx context.Context) LeakedCredentialCheckArrayOutput { + return o +} + +func (o LeakedCredentialCheckArrayOutput) Index(i pulumi.IntInput) LeakedCredentialCheckOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *LeakedCredentialCheck { + return vs[0].([]*LeakedCredentialCheck)[vs[1].(int)] + }).(LeakedCredentialCheckOutput) +} + +type LeakedCredentialCheckMapOutput struct{ *pulumi.OutputState } + +func (LeakedCredentialCheckMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*LeakedCredentialCheck)(nil)).Elem() +} + +func (o LeakedCredentialCheckMapOutput) ToLeakedCredentialCheckMapOutput() LeakedCredentialCheckMapOutput { + return o +} + +func (o LeakedCredentialCheckMapOutput) ToLeakedCredentialCheckMapOutputWithContext(ctx context.Context) LeakedCredentialCheckMapOutput { + return o +} + +func (o LeakedCredentialCheckMapOutput) MapIndex(k pulumi.StringInput) LeakedCredentialCheckOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *LeakedCredentialCheck { + return vs[0].(map[string]*LeakedCredentialCheck)[vs[1].(string)] + }).(LeakedCredentialCheckOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*LeakedCredentialCheckInput)(nil)).Elem(), &LeakedCredentialCheck{}) + pulumi.RegisterInputType(reflect.TypeOf((*LeakedCredentialCheckArrayInput)(nil)).Elem(), LeakedCredentialCheckArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*LeakedCredentialCheckMapInput)(nil)).Elem(), LeakedCredentialCheckMap{}) + pulumi.RegisterOutputType(LeakedCredentialCheckOutput{}) + pulumi.RegisterOutputType(LeakedCredentialCheckArrayOutput{}) + pulumi.RegisterOutputType(LeakedCredentialCheckMapOutput{}) +} diff --git a/sdk/go/cloudflare/leakedCredentialCheckRule.go b/sdk/go/cloudflare/leakedCredentialCheckRule.go new file mode 100644 index 00000000..17741c42 --- /dev/null +++ b/sdk/go/cloudflare/leakedCredentialCheckRule.go @@ -0,0 +1,298 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package cloudflare + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Provides a Cloudflare Leaked Credential Check Rule resource for managing user-defined Leaked Credential detection patterns within a specific zone. +// +// ## Example Usage +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// // Enable the Leaked Credentials Check detection before trying +// // to add detections. +// example, err := cloudflare.NewLeakedCredentialCheck(ctx, "example", &cloudflare.LeakedCredentialCheckArgs{ +// ZoneId: pulumi.String("399c6f4950c01a5a141b99ff7fbcbd8b"), +// Enabled: pulumi.Bool(true), +// }) +// if err != nil { +// return err +// } +// _, err = cloudflare.NewLeakedCredentialCheckRule(ctx, "example", &cloudflare.LeakedCredentialCheckRuleArgs{ +// ZoneId: example.ZoneId, +// Username: pulumi.String("lookup_json_string(http.request.body.raw, \"user\")"), +// Password: pulumi.String("lookup_json_string(http.request.body.raw, \"pass\")"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## Import +// +// ```sh +// $ pulumi import cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule example / +// ``` +type LeakedCredentialCheckRule struct { + pulumi.CustomResourceState + + // The ruleset expression to use in matching the password in a request + Password pulumi.StringOutput `pulumi:"password"` + // The ruleset expression to use in matching the username in a request. + Username pulumi.StringOutput `pulumi:"username"` + // The zone identifier to target for the resource. + ZoneId pulumi.StringOutput `pulumi:"zoneId"` +} + +// NewLeakedCredentialCheckRule registers a new resource with the given unique name, arguments, and options. +func NewLeakedCredentialCheckRule(ctx *pulumi.Context, + name string, args *LeakedCredentialCheckRuleArgs, opts ...pulumi.ResourceOption) (*LeakedCredentialCheckRule, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.Password == nil { + return nil, errors.New("invalid value for required argument 'Password'") + } + if args.Username == nil { + return nil, errors.New("invalid value for required argument 'Username'") + } + if args.ZoneId == nil { + return nil, errors.New("invalid value for required argument 'ZoneId'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource LeakedCredentialCheckRule + err := ctx.RegisterResource("cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetLeakedCredentialCheckRule gets an existing LeakedCredentialCheckRule resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetLeakedCredentialCheckRule(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *LeakedCredentialCheckRuleState, opts ...pulumi.ResourceOption) (*LeakedCredentialCheckRule, error) { + var resource LeakedCredentialCheckRule + err := ctx.ReadResource("cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering LeakedCredentialCheckRule resources. +type leakedCredentialCheckRuleState struct { + // The ruleset expression to use in matching the password in a request + Password *string `pulumi:"password"` + // The ruleset expression to use in matching the username in a request. + Username *string `pulumi:"username"` + // The zone identifier to target for the resource. + ZoneId *string `pulumi:"zoneId"` +} + +type LeakedCredentialCheckRuleState struct { + // The ruleset expression to use in matching the password in a request + Password pulumi.StringPtrInput + // The ruleset expression to use in matching the username in a request. + Username pulumi.StringPtrInput + // The zone identifier to target for the resource. + ZoneId pulumi.StringPtrInput +} + +func (LeakedCredentialCheckRuleState) ElementType() reflect.Type { + return reflect.TypeOf((*leakedCredentialCheckRuleState)(nil)).Elem() +} + +type leakedCredentialCheckRuleArgs struct { + // The ruleset expression to use in matching the password in a request + Password string `pulumi:"password"` + // The ruleset expression to use in matching the username in a request. + Username string `pulumi:"username"` + // The zone identifier to target for the resource. + ZoneId string `pulumi:"zoneId"` +} + +// The set of arguments for constructing a LeakedCredentialCheckRule resource. +type LeakedCredentialCheckRuleArgs struct { + // The ruleset expression to use in matching the password in a request + Password pulumi.StringInput + // The ruleset expression to use in matching the username in a request. + Username pulumi.StringInput + // The zone identifier to target for the resource. + ZoneId pulumi.StringInput +} + +func (LeakedCredentialCheckRuleArgs) ElementType() reflect.Type { + return reflect.TypeOf((*leakedCredentialCheckRuleArgs)(nil)).Elem() +} + +type LeakedCredentialCheckRuleInput interface { + pulumi.Input + + ToLeakedCredentialCheckRuleOutput() LeakedCredentialCheckRuleOutput + ToLeakedCredentialCheckRuleOutputWithContext(ctx context.Context) LeakedCredentialCheckRuleOutput +} + +func (*LeakedCredentialCheckRule) ElementType() reflect.Type { + return reflect.TypeOf((**LeakedCredentialCheckRule)(nil)).Elem() +} + +func (i *LeakedCredentialCheckRule) ToLeakedCredentialCheckRuleOutput() LeakedCredentialCheckRuleOutput { + return i.ToLeakedCredentialCheckRuleOutputWithContext(context.Background()) +} + +func (i *LeakedCredentialCheckRule) ToLeakedCredentialCheckRuleOutputWithContext(ctx context.Context) LeakedCredentialCheckRuleOutput { + return pulumi.ToOutputWithContext(ctx, i).(LeakedCredentialCheckRuleOutput) +} + +// LeakedCredentialCheckRuleArrayInput is an input type that accepts LeakedCredentialCheckRuleArray and LeakedCredentialCheckRuleArrayOutput values. +// You can construct a concrete instance of `LeakedCredentialCheckRuleArrayInput` via: +// +// LeakedCredentialCheckRuleArray{ LeakedCredentialCheckRuleArgs{...} } +type LeakedCredentialCheckRuleArrayInput interface { + pulumi.Input + + ToLeakedCredentialCheckRuleArrayOutput() LeakedCredentialCheckRuleArrayOutput + ToLeakedCredentialCheckRuleArrayOutputWithContext(context.Context) LeakedCredentialCheckRuleArrayOutput +} + +type LeakedCredentialCheckRuleArray []LeakedCredentialCheckRuleInput + +func (LeakedCredentialCheckRuleArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*LeakedCredentialCheckRule)(nil)).Elem() +} + +func (i LeakedCredentialCheckRuleArray) ToLeakedCredentialCheckRuleArrayOutput() LeakedCredentialCheckRuleArrayOutput { + return i.ToLeakedCredentialCheckRuleArrayOutputWithContext(context.Background()) +} + +func (i LeakedCredentialCheckRuleArray) ToLeakedCredentialCheckRuleArrayOutputWithContext(ctx context.Context) LeakedCredentialCheckRuleArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(LeakedCredentialCheckRuleArrayOutput) +} + +// LeakedCredentialCheckRuleMapInput is an input type that accepts LeakedCredentialCheckRuleMap and LeakedCredentialCheckRuleMapOutput values. +// You can construct a concrete instance of `LeakedCredentialCheckRuleMapInput` via: +// +// LeakedCredentialCheckRuleMap{ "key": LeakedCredentialCheckRuleArgs{...} } +type LeakedCredentialCheckRuleMapInput interface { + pulumi.Input + + ToLeakedCredentialCheckRuleMapOutput() LeakedCredentialCheckRuleMapOutput + ToLeakedCredentialCheckRuleMapOutputWithContext(context.Context) LeakedCredentialCheckRuleMapOutput +} + +type LeakedCredentialCheckRuleMap map[string]LeakedCredentialCheckRuleInput + +func (LeakedCredentialCheckRuleMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*LeakedCredentialCheckRule)(nil)).Elem() +} + +func (i LeakedCredentialCheckRuleMap) ToLeakedCredentialCheckRuleMapOutput() LeakedCredentialCheckRuleMapOutput { + return i.ToLeakedCredentialCheckRuleMapOutputWithContext(context.Background()) +} + +func (i LeakedCredentialCheckRuleMap) ToLeakedCredentialCheckRuleMapOutputWithContext(ctx context.Context) LeakedCredentialCheckRuleMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(LeakedCredentialCheckRuleMapOutput) +} + +type LeakedCredentialCheckRuleOutput struct{ *pulumi.OutputState } + +func (LeakedCredentialCheckRuleOutput) ElementType() reflect.Type { + return reflect.TypeOf((**LeakedCredentialCheckRule)(nil)).Elem() +} + +func (o LeakedCredentialCheckRuleOutput) ToLeakedCredentialCheckRuleOutput() LeakedCredentialCheckRuleOutput { + return o +} + +func (o LeakedCredentialCheckRuleOutput) ToLeakedCredentialCheckRuleOutputWithContext(ctx context.Context) LeakedCredentialCheckRuleOutput { + return o +} + +// The ruleset expression to use in matching the password in a request +func (o LeakedCredentialCheckRuleOutput) Password() pulumi.StringOutput { + return o.ApplyT(func(v *LeakedCredentialCheckRule) pulumi.StringOutput { return v.Password }).(pulumi.StringOutput) +} + +// The ruleset expression to use in matching the username in a request. +func (o LeakedCredentialCheckRuleOutput) Username() pulumi.StringOutput { + return o.ApplyT(func(v *LeakedCredentialCheckRule) pulumi.StringOutput { return v.Username }).(pulumi.StringOutput) +} + +// The zone identifier to target for the resource. +func (o LeakedCredentialCheckRuleOutput) ZoneId() pulumi.StringOutput { + return o.ApplyT(func(v *LeakedCredentialCheckRule) pulumi.StringOutput { return v.ZoneId }).(pulumi.StringOutput) +} + +type LeakedCredentialCheckRuleArrayOutput struct{ *pulumi.OutputState } + +func (LeakedCredentialCheckRuleArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*LeakedCredentialCheckRule)(nil)).Elem() +} + +func (o LeakedCredentialCheckRuleArrayOutput) ToLeakedCredentialCheckRuleArrayOutput() LeakedCredentialCheckRuleArrayOutput { + return o +} + +func (o LeakedCredentialCheckRuleArrayOutput) ToLeakedCredentialCheckRuleArrayOutputWithContext(ctx context.Context) LeakedCredentialCheckRuleArrayOutput { + return o +} + +func (o LeakedCredentialCheckRuleArrayOutput) Index(i pulumi.IntInput) LeakedCredentialCheckRuleOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *LeakedCredentialCheckRule { + return vs[0].([]*LeakedCredentialCheckRule)[vs[1].(int)] + }).(LeakedCredentialCheckRuleOutput) +} + +type LeakedCredentialCheckRuleMapOutput struct{ *pulumi.OutputState } + +func (LeakedCredentialCheckRuleMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*LeakedCredentialCheckRule)(nil)).Elem() +} + +func (o LeakedCredentialCheckRuleMapOutput) ToLeakedCredentialCheckRuleMapOutput() LeakedCredentialCheckRuleMapOutput { + return o +} + +func (o LeakedCredentialCheckRuleMapOutput) ToLeakedCredentialCheckRuleMapOutputWithContext(ctx context.Context) LeakedCredentialCheckRuleMapOutput { + return o +} + +func (o LeakedCredentialCheckRuleMapOutput) MapIndex(k pulumi.StringInput) LeakedCredentialCheckRuleOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *LeakedCredentialCheckRule { + return vs[0].(map[string]*LeakedCredentialCheckRule)[vs[1].(string)] + }).(LeakedCredentialCheckRuleOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*LeakedCredentialCheckRuleInput)(nil)).Elem(), &LeakedCredentialCheckRule{}) + pulumi.RegisterInputType(reflect.TypeOf((*LeakedCredentialCheckRuleArrayInput)(nil)).Elem(), LeakedCredentialCheckRuleArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*LeakedCredentialCheckRuleMapInput)(nil)).Elem(), LeakedCredentialCheckRuleMap{}) + pulumi.RegisterOutputType(LeakedCredentialCheckRuleOutput{}) + pulumi.RegisterOutputType(LeakedCredentialCheckRuleArrayOutput{}) + pulumi.RegisterOutputType(LeakedCredentialCheckRuleMapOutput{}) +} diff --git a/sdk/go/cloudflare/pulumiTypes.go b/sdk/go/cloudflare/pulumiTypes.go index a00f02e7..4833d877 100644 --- a/sdk/go/cloudflare/pulumiTypes.go +++ b/sdk/go/cloudflare/pulumiTypes.go @@ -173,6 +173,112 @@ func (o AccessApplicationCorsHeaderArrayOutput) Index(i pulumi.IntInput) AccessA }).(AccessApplicationCorsHeaderOutput) } +type AccessApplicationDestination struct { + // The destination type. Available values: `public`, `private`. Defaults to `public`. + Type *string `pulumi:"type"` + // The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges. + Uri string `pulumi:"uri"` +} + +// AccessApplicationDestinationInput is an input type that accepts AccessApplicationDestinationArgs and AccessApplicationDestinationOutput values. +// You can construct a concrete instance of `AccessApplicationDestinationInput` via: +// +// AccessApplicationDestinationArgs{...} +type AccessApplicationDestinationInput interface { + pulumi.Input + + ToAccessApplicationDestinationOutput() AccessApplicationDestinationOutput + ToAccessApplicationDestinationOutputWithContext(context.Context) AccessApplicationDestinationOutput +} + +type AccessApplicationDestinationArgs struct { + // The destination type. Available values: `public`, `private`. Defaults to `public`. + Type pulumi.StringPtrInput `pulumi:"type"` + // The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges. + Uri pulumi.StringInput `pulumi:"uri"` +} + +func (AccessApplicationDestinationArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AccessApplicationDestination)(nil)).Elem() +} + +func (i AccessApplicationDestinationArgs) ToAccessApplicationDestinationOutput() AccessApplicationDestinationOutput { + return i.ToAccessApplicationDestinationOutputWithContext(context.Background()) +} + +func (i AccessApplicationDestinationArgs) ToAccessApplicationDestinationOutputWithContext(ctx context.Context) AccessApplicationDestinationOutput { + return pulumi.ToOutputWithContext(ctx, i).(AccessApplicationDestinationOutput) +} + +// AccessApplicationDestinationArrayInput is an input type that accepts AccessApplicationDestinationArray and AccessApplicationDestinationArrayOutput values. +// You can construct a concrete instance of `AccessApplicationDestinationArrayInput` via: +// +// AccessApplicationDestinationArray{ AccessApplicationDestinationArgs{...} } +type AccessApplicationDestinationArrayInput interface { + pulumi.Input + + ToAccessApplicationDestinationArrayOutput() AccessApplicationDestinationArrayOutput + ToAccessApplicationDestinationArrayOutputWithContext(context.Context) AccessApplicationDestinationArrayOutput +} + +type AccessApplicationDestinationArray []AccessApplicationDestinationInput + +func (AccessApplicationDestinationArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]AccessApplicationDestination)(nil)).Elem() +} + +func (i AccessApplicationDestinationArray) ToAccessApplicationDestinationArrayOutput() AccessApplicationDestinationArrayOutput { + return i.ToAccessApplicationDestinationArrayOutputWithContext(context.Background()) +} + +func (i AccessApplicationDestinationArray) ToAccessApplicationDestinationArrayOutputWithContext(ctx context.Context) AccessApplicationDestinationArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(AccessApplicationDestinationArrayOutput) +} + +type AccessApplicationDestinationOutput struct{ *pulumi.OutputState } + +func (AccessApplicationDestinationOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AccessApplicationDestination)(nil)).Elem() +} + +func (o AccessApplicationDestinationOutput) ToAccessApplicationDestinationOutput() AccessApplicationDestinationOutput { + return o +} + +func (o AccessApplicationDestinationOutput) ToAccessApplicationDestinationOutputWithContext(ctx context.Context) AccessApplicationDestinationOutput { + return o +} + +// The destination type. Available values: `public`, `private`. Defaults to `public`. +func (o AccessApplicationDestinationOutput) Type() pulumi.StringPtrOutput { + return o.ApplyT(func(v AccessApplicationDestination) *string { return v.Type }).(pulumi.StringPtrOutput) +} + +// The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges. +func (o AccessApplicationDestinationOutput) Uri() pulumi.StringOutput { + return o.ApplyT(func(v AccessApplicationDestination) string { return v.Uri }).(pulumi.StringOutput) +} + +type AccessApplicationDestinationArrayOutput struct{ *pulumi.OutputState } + +func (AccessApplicationDestinationArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]AccessApplicationDestination)(nil)).Elem() +} + +func (o AccessApplicationDestinationArrayOutput) ToAccessApplicationDestinationArrayOutput() AccessApplicationDestinationArrayOutput { + return o +} + +func (o AccessApplicationDestinationArrayOutput) ToAccessApplicationDestinationArrayOutputWithContext(ctx context.Context) AccessApplicationDestinationArrayOutput { + return o +} + +func (o AccessApplicationDestinationArrayOutput) Index(i pulumi.IntInput) AccessApplicationDestinationOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) AccessApplicationDestination { + return vs[0].([]AccessApplicationDestination)[vs[1].(int)] + }).(AccessApplicationDestinationOutput) +} + type AccessApplicationFooterLink struct { // The name of the footer link. Name *string `pulumi:"name"` @@ -6332,12 +6438,18 @@ func (o AccessIdentityProviderConfigArrayOutput) Index(i pulumi.IntInput) Access } type AccessIdentityProviderScimConfig struct { - Enabled *bool `pulumi:"enabled"` - GroupMemberDeprovision *bool `pulumi:"groupMemberDeprovision"` + // A flag to enable or disable SCIM for the identity provider. + Enabled *bool `pulumi:"enabled"` + // Deprecated. Use `identityUpdateBehavior`. + GroupMemberDeprovision *bool `pulumi:"groupMemberDeprovision"` + // Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "noAction" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. IdentityUpdateBehavior *string `pulumi:"identityUpdateBehavior"` - SeatDeprovision *bool `pulumi:"seatDeprovision"` - Secret *string `pulumi:"secret"` - UserDeprovision *bool `pulumi:"userDeprovision"` + // A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless userDeprovision is also enabled. + SeatDeprovision *bool `pulumi:"seatDeprovision"` + // A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret. + Secret *string `pulumi:"secret"` + // A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. + UserDeprovision *bool `pulumi:"userDeprovision"` } // AccessIdentityProviderScimConfigInput is an input type that accepts AccessIdentityProviderScimConfigArgs and AccessIdentityProviderScimConfigOutput values. @@ -6352,12 +6464,18 @@ type AccessIdentityProviderScimConfigInput interface { } type AccessIdentityProviderScimConfigArgs struct { - Enabled pulumi.BoolPtrInput `pulumi:"enabled"` - GroupMemberDeprovision pulumi.BoolPtrInput `pulumi:"groupMemberDeprovision"` + // A flag to enable or disable SCIM for the identity provider. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Deprecated. Use `identityUpdateBehavior`. + GroupMemberDeprovision pulumi.BoolPtrInput `pulumi:"groupMemberDeprovision"` + // Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "noAction" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. IdentityUpdateBehavior pulumi.StringPtrInput `pulumi:"identityUpdateBehavior"` - SeatDeprovision pulumi.BoolPtrInput `pulumi:"seatDeprovision"` - Secret pulumi.StringPtrInput `pulumi:"secret"` - UserDeprovision pulumi.BoolPtrInput `pulumi:"userDeprovision"` + // A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless userDeprovision is also enabled. + SeatDeprovision pulumi.BoolPtrInput `pulumi:"seatDeprovision"` + // A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret. + Secret pulumi.StringPtrInput `pulumi:"secret"` + // A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. + UserDeprovision pulumi.BoolPtrInput `pulumi:"userDeprovision"` } func (AccessIdentityProviderScimConfigArgs) ElementType() reflect.Type { @@ -6411,26 +6529,32 @@ func (o AccessIdentityProviderScimConfigOutput) ToAccessIdentityProviderScimConf return o } +// A flag to enable or disable SCIM for the identity provider. func (o AccessIdentityProviderScimConfigOutput) Enabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v AccessIdentityProviderScimConfig) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } +// Deprecated. Use `identityUpdateBehavior`. func (o AccessIdentityProviderScimConfigOutput) GroupMemberDeprovision() pulumi.BoolPtrOutput { return o.ApplyT(func(v AccessIdentityProviderScimConfig) *bool { return v.GroupMemberDeprovision }).(pulumi.BoolPtrOutput) } +// Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "noAction" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. func (o AccessIdentityProviderScimConfigOutput) IdentityUpdateBehavior() pulumi.StringPtrOutput { return o.ApplyT(func(v AccessIdentityProviderScimConfig) *string { return v.IdentityUpdateBehavior }).(pulumi.StringPtrOutput) } +// A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless userDeprovision is also enabled. func (o AccessIdentityProviderScimConfigOutput) SeatDeprovision() pulumi.BoolPtrOutput { return o.ApplyT(func(v AccessIdentityProviderScimConfig) *bool { return v.SeatDeprovision }).(pulumi.BoolPtrOutput) } +// A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret. func (o AccessIdentityProviderScimConfigOutput) Secret() pulumi.StringPtrOutput { return o.ApplyT(func(v AccessIdentityProviderScimConfig) *string { return v.Secret }).(pulumi.StringPtrOutput) } +// A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. func (o AccessIdentityProviderScimConfigOutput) UserDeprovision() pulumi.BoolPtrOutput { return o.ApplyT(func(v AccessIdentityProviderScimConfig) *bool { return v.UserDeprovision }).(pulumi.BoolPtrOutput) } @@ -7059,6 +7183,8 @@ func (o AccessPolicyConnectionRulesPtrOutput) Ssh() AccessPolicyConnectionRulesS } type AccessPolicyConnectionRulesSsh struct { + // Allows connecting to Unix username that matches the authenticating email prefix. + AllowEmailAlias *bool `pulumi:"allowEmailAlias"` // Contains the Unix usernames that may be used when connecting over SSH. Usernames []string `pulumi:"usernames"` } @@ -7075,6 +7201,8 @@ type AccessPolicyConnectionRulesSshInput interface { } type AccessPolicyConnectionRulesSshArgs struct { + // Allows connecting to Unix username that matches the authenticating email prefix. + AllowEmailAlias pulumi.BoolPtrInput `pulumi:"allowEmailAlias"` // Contains the Unix usernames that may be used when connecting over SSH. Usernames pulumi.StringArrayInput `pulumi:"usernames"` } @@ -7156,6 +7284,11 @@ func (o AccessPolicyConnectionRulesSshOutput) ToAccessPolicyConnectionRulesSshPt }).(AccessPolicyConnectionRulesSshPtrOutput) } +// Allows connecting to Unix username that matches the authenticating email prefix. +func (o AccessPolicyConnectionRulesSshOutput) AllowEmailAlias() pulumi.BoolPtrOutput { + return o.ApplyT(func(v AccessPolicyConnectionRulesSsh) *bool { return v.AllowEmailAlias }).(pulumi.BoolPtrOutput) +} + // Contains the Unix usernames that may be used when connecting over SSH. func (o AccessPolicyConnectionRulesSshOutput) Usernames() pulumi.StringArrayOutput { return o.ApplyT(func(v AccessPolicyConnectionRulesSsh) []string { return v.Usernames }).(pulumi.StringArrayOutput) @@ -7185,6 +7318,16 @@ func (o AccessPolicyConnectionRulesSshPtrOutput) Elem() AccessPolicyConnectionRu }).(AccessPolicyConnectionRulesSshOutput) } +// Allows connecting to Unix username that matches the authenticating email prefix. +func (o AccessPolicyConnectionRulesSshPtrOutput) AllowEmailAlias() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *AccessPolicyConnectionRulesSsh) *bool { + if v == nil { + return nil + } + return v.AllowEmailAlias + }).(pulumi.BoolPtrOutput) +} + // Contains the Unix usernames that may be used when connecting over SSH. func (o AccessPolicyConnectionRulesSshPtrOutput) Usernames() pulumi.StringArrayOutput { return o.ApplyT(func(v *AccessPolicyConnectionRulesSsh) []string { @@ -20256,7 +20399,7 @@ func (o NotificationPolicyEmailIntegrationArrayOutput) Index(i pulumi.IntInput) type NotificationPolicyFilters struct { // Targeted actions for alert. Actions []string `pulumi:"actions"` - // Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`. + // Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`. AffectedComponents []string `pulumi:"affectedComponents"` // Filter on Points of Presence. AirportCodes []string `pulumi:"airportCodes"` @@ -20337,7 +20480,7 @@ type NotificationPolicyFiltersInput interface { type NotificationPolicyFiltersArgs struct { // Targeted actions for alert. Actions pulumi.StringArrayInput `pulumi:"actions"` - // Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`. + // Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`. AffectedComponents pulumi.StringArrayInput `pulumi:"affectedComponents"` // Filter on Points of Presence. AirportCodes pulumi.StringArrayInput `pulumi:"airportCodes"` @@ -20486,7 +20629,7 @@ func (o NotificationPolicyFiltersOutput) Actions() pulumi.StringArrayOutput { return o.ApplyT(func(v NotificationPolicyFilters) []string { return v.Actions }).(pulumi.StringArrayOutput) } -// Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`. +// Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`. func (o NotificationPolicyFiltersOutput) AffectedComponents() pulumi.StringArrayOutput { return o.ApplyT(func(v NotificationPolicyFilters) []string { return v.AffectedComponents }).(pulumi.StringArrayOutput) } @@ -20684,7 +20827,7 @@ func (o NotificationPolicyFiltersPtrOutput) Actions() pulumi.StringArrayOutput { }).(pulumi.StringArrayOutput) } -// Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`. +// Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`. func (o NotificationPolicyFiltersPtrOutput) AffectedComponents() pulumi.StringArrayOutput { return o.ApplyT(func(v *NotificationPolicyFilters) []string { if v == nil { @@ -27579,16 +27722,12 @@ type RulesetRule struct { Expression string `pulumi:"expression"` // Unique rule identifier. Id *string `pulumi:"id"` - // The most recent update to this rule. - LastUpdated *string `pulumi:"lastUpdated"` // List parameters to configure how the rule generates logs. Only valid for skip action. Logging *RulesetRuleLogging `pulumi:"logging"` // List of parameters that configure HTTP rate limiting behaviour. Ratelimit *RulesetRuleRatelimit `pulumi:"ratelimit"` // Rule reference. Ref *string `pulumi:"ref"` - // Version of the ruleset to deploy. - Version *string `pulumi:"version"` } // RulesetRuleInput is an input type that accepts RulesetRuleArgs and RulesetRuleOutput values. @@ -27617,16 +27756,12 @@ type RulesetRuleArgs struct { Expression pulumi.StringInput `pulumi:"expression"` // Unique rule identifier. Id pulumi.StringPtrInput `pulumi:"id"` - // The most recent update to this rule. - LastUpdated pulumi.StringPtrInput `pulumi:"lastUpdated"` // List parameters to configure how the rule generates logs. Only valid for skip action. Logging RulesetRuleLoggingPtrInput `pulumi:"logging"` // List of parameters that configure HTTP rate limiting behaviour. Ratelimit RulesetRuleRatelimitPtrInput `pulumi:"ratelimit"` // Rule reference. Ref pulumi.StringPtrInput `pulumi:"ref"` - // Version of the ruleset to deploy. - Version pulumi.StringPtrInput `pulumi:"version"` } func (RulesetRuleArgs) ElementType() reflect.Type { @@ -27715,11 +27850,6 @@ func (o RulesetRuleOutput) Id() pulumi.StringPtrOutput { return o.ApplyT(func(v RulesetRule) *string { return v.Id }).(pulumi.StringPtrOutput) } -// The most recent update to this rule. -func (o RulesetRuleOutput) LastUpdated() pulumi.StringPtrOutput { - return o.ApplyT(func(v RulesetRule) *string { return v.LastUpdated }).(pulumi.StringPtrOutput) -} - // List parameters to configure how the rule generates logs. Only valid for skip action. func (o RulesetRuleOutput) Logging() RulesetRuleLoggingPtrOutput { return o.ApplyT(func(v RulesetRule) *RulesetRuleLogging { return v.Logging }).(RulesetRuleLoggingPtrOutput) @@ -27735,11 +27865,6 @@ func (o RulesetRuleOutput) Ref() pulumi.StringPtrOutput { return o.ApplyT(func(v RulesetRule) *string { return v.Ref }).(pulumi.StringPtrOutput) } -// Version of the ruleset to deploy. -func (o RulesetRuleOutput) Version() pulumi.StringPtrOutput { - return o.ApplyT(func(v RulesetRule) *string { return v.Version }).(pulumi.StringPtrOutput) -} - type RulesetRuleArrayOutput struct{ *pulumi.OutputState } func (RulesetRuleArrayOutput) ElementType() reflect.Type { @@ -27866,8 +27991,6 @@ type RulesetRuleActionParameters struct { Sxg *bool `pulumi:"sxg"` // List of URI properties to configure for the ruleset rule when performing URL rewrite transformations. Uri *RulesetRuleActionParametersUri `pulumi:"uri"` - // Version of the ruleset to deploy. - Version *string `pulumi:"version"` } // RulesetRuleActionParametersInput is an input type that accepts RulesetRuleActionParametersArgs and RulesetRuleActionParametersOutput values. @@ -27987,8 +28110,6 @@ type RulesetRuleActionParametersArgs struct { Sxg pulumi.BoolPtrInput `pulumi:"sxg"` // List of URI properties to configure for the ruleset rule when performing URL rewrite transformations. Uri RulesetRuleActionParametersUriPtrInput `pulumi:"uri"` - // Version of the ruleset to deploy. - Version pulumi.StringPtrInput `pulumi:"version"` } func (RulesetRuleActionParametersArgs) ElementType() reflect.Type { @@ -28332,11 +28453,6 @@ func (o RulesetRuleActionParametersOutput) Uri() RulesetRuleActionParametersUriP return o.ApplyT(func(v RulesetRuleActionParameters) *RulesetRuleActionParametersUri { return v.Uri }).(RulesetRuleActionParametersUriPtrOutput) } -// Version of the ruleset to deploy. -func (o RulesetRuleActionParametersOutput) Version() pulumi.StringPtrOutput { - return o.ApplyT(func(v RulesetRuleActionParameters) *string { return v.Version }).(pulumi.StringPtrOutput) -} - type RulesetRuleActionParametersPtrOutput struct{ *pulumi.OutputState } func (RulesetRuleActionParametersPtrOutput) ElementType() reflect.Type { @@ -28890,16 +29006,6 @@ func (o RulesetRuleActionParametersPtrOutput) Uri() RulesetRuleActionParametersU }).(RulesetRuleActionParametersUriPtrOutput) } -// Version of the ruleset to deploy. -func (o RulesetRuleActionParametersPtrOutput) Version() pulumi.StringPtrOutput { - return o.ApplyT(func(v *RulesetRuleActionParameters) *string { - if v == nil { - return nil - } - return v.Version - }).(pulumi.StringPtrOutput) -} - type RulesetRuleActionParametersAlgorithm struct { // Name of the compression algorithm to use. Available values: `zstd`, `gzip`, `brotli`, `auto`, `default`, `none` Name string `pulumi:"name"` @@ -33867,6 +33973,236 @@ func (o RulesetRuleRatelimitPtrOutput) ScoreResponseHeaderName() pulumi.StringPt }).(pulumi.StringPtrOutput) } +type SnippetFile struct { + // Content of the snippet file. + Content *string `pulumi:"content"` + // Name of the snippet file. + Name string `pulumi:"name"` +} + +// SnippetFileInput is an input type that accepts SnippetFileArgs and SnippetFileOutput values. +// You can construct a concrete instance of `SnippetFileInput` via: +// +// SnippetFileArgs{...} +type SnippetFileInput interface { + pulumi.Input + + ToSnippetFileOutput() SnippetFileOutput + ToSnippetFileOutputWithContext(context.Context) SnippetFileOutput +} + +type SnippetFileArgs struct { + // Content of the snippet file. + Content pulumi.StringPtrInput `pulumi:"content"` + // Name of the snippet file. + Name pulumi.StringInput `pulumi:"name"` +} + +func (SnippetFileArgs) ElementType() reflect.Type { + return reflect.TypeOf((*SnippetFile)(nil)).Elem() +} + +func (i SnippetFileArgs) ToSnippetFileOutput() SnippetFileOutput { + return i.ToSnippetFileOutputWithContext(context.Background()) +} + +func (i SnippetFileArgs) ToSnippetFileOutputWithContext(ctx context.Context) SnippetFileOutput { + return pulumi.ToOutputWithContext(ctx, i).(SnippetFileOutput) +} + +// SnippetFileArrayInput is an input type that accepts SnippetFileArray and SnippetFileArrayOutput values. +// You can construct a concrete instance of `SnippetFileArrayInput` via: +// +// SnippetFileArray{ SnippetFileArgs{...} } +type SnippetFileArrayInput interface { + pulumi.Input + + ToSnippetFileArrayOutput() SnippetFileArrayOutput + ToSnippetFileArrayOutputWithContext(context.Context) SnippetFileArrayOutput +} + +type SnippetFileArray []SnippetFileInput + +func (SnippetFileArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]SnippetFile)(nil)).Elem() +} + +func (i SnippetFileArray) ToSnippetFileArrayOutput() SnippetFileArrayOutput { + return i.ToSnippetFileArrayOutputWithContext(context.Background()) +} + +func (i SnippetFileArray) ToSnippetFileArrayOutputWithContext(ctx context.Context) SnippetFileArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SnippetFileArrayOutput) +} + +type SnippetFileOutput struct{ *pulumi.OutputState } + +func (SnippetFileOutput) ElementType() reflect.Type { + return reflect.TypeOf((*SnippetFile)(nil)).Elem() +} + +func (o SnippetFileOutput) ToSnippetFileOutput() SnippetFileOutput { + return o +} + +func (o SnippetFileOutput) ToSnippetFileOutputWithContext(ctx context.Context) SnippetFileOutput { + return o +} + +// Content of the snippet file. +func (o SnippetFileOutput) Content() pulumi.StringPtrOutput { + return o.ApplyT(func(v SnippetFile) *string { return v.Content }).(pulumi.StringPtrOutput) +} + +// Name of the snippet file. +func (o SnippetFileOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v SnippetFile) string { return v.Name }).(pulumi.StringOutput) +} + +type SnippetFileArrayOutput struct{ *pulumi.OutputState } + +func (SnippetFileArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]SnippetFile)(nil)).Elem() +} + +func (o SnippetFileArrayOutput) ToSnippetFileArrayOutput() SnippetFileArrayOutput { + return o +} + +func (o SnippetFileArrayOutput) ToSnippetFileArrayOutputWithContext(ctx context.Context) SnippetFileArrayOutput { + return o +} + +func (o SnippetFileArrayOutput) Index(i pulumi.IntInput) SnippetFileOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) SnippetFile { + return vs[0].([]SnippetFile)[vs[1].(int)] + }).(SnippetFileOutput) +} + +type SnippetRulesRule struct { + // Brief summary of the snippet rule and its intended use. + Description *string `pulumi:"description"` + // Whether the headers rule is active. + Enabled *bool `pulumi:"enabled"` + // Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters. + Expression string `pulumi:"expression"` + // Name of the snippet invoked by this rule. + SnippetName string `pulumi:"snippetName"` +} + +// SnippetRulesRuleInput is an input type that accepts SnippetRulesRuleArgs and SnippetRulesRuleOutput values. +// You can construct a concrete instance of `SnippetRulesRuleInput` via: +// +// SnippetRulesRuleArgs{...} +type SnippetRulesRuleInput interface { + pulumi.Input + + ToSnippetRulesRuleOutput() SnippetRulesRuleOutput + ToSnippetRulesRuleOutputWithContext(context.Context) SnippetRulesRuleOutput +} + +type SnippetRulesRuleArgs struct { + // Brief summary of the snippet rule and its intended use. + Description pulumi.StringPtrInput `pulumi:"description"` + // Whether the headers rule is active. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters. + Expression pulumi.StringInput `pulumi:"expression"` + // Name of the snippet invoked by this rule. + SnippetName pulumi.StringInput `pulumi:"snippetName"` +} + +func (SnippetRulesRuleArgs) ElementType() reflect.Type { + return reflect.TypeOf((*SnippetRulesRule)(nil)).Elem() +} + +func (i SnippetRulesRuleArgs) ToSnippetRulesRuleOutput() SnippetRulesRuleOutput { + return i.ToSnippetRulesRuleOutputWithContext(context.Background()) +} + +func (i SnippetRulesRuleArgs) ToSnippetRulesRuleOutputWithContext(ctx context.Context) SnippetRulesRuleOutput { + return pulumi.ToOutputWithContext(ctx, i).(SnippetRulesRuleOutput) +} + +// SnippetRulesRuleArrayInput is an input type that accepts SnippetRulesRuleArray and SnippetRulesRuleArrayOutput values. +// You can construct a concrete instance of `SnippetRulesRuleArrayInput` via: +// +// SnippetRulesRuleArray{ SnippetRulesRuleArgs{...} } +type SnippetRulesRuleArrayInput interface { + pulumi.Input + + ToSnippetRulesRuleArrayOutput() SnippetRulesRuleArrayOutput + ToSnippetRulesRuleArrayOutputWithContext(context.Context) SnippetRulesRuleArrayOutput +} + +type SnippetRulesRuleArray []SnippetRulesRuleInput + +func (SnippetRulesRuleArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]SnippetRulesRule)(nil)).Elem() +} + +func (i SnippetRulesRuleArray) ToSnippetRulesRuleArrayOutput() SnippetRulesRuleArrayOutput { + return i.ToSnippetRulesRuleArrayOutputWithContext(context.Background()) +} + +func (i SnippetRulesRuleArray) ToSnippetRulesRuleArrayOutputWithContext(ctx context.Context) SnippetRulesRuleArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SnippetRulesRuleArrayOutput) +} + +type SnippetRulesRuleOutput struct{ *pulumi.OutputState } + +func (SnippetRulesRuleOutput) ElementType() reflect.Type { + return reflect.TypeOf((*SnippetRulesRule)(nil)).Elem() +} + +func (o SnippetRulesRuleOutput) ToSnippetRulesRuleOutput() SnippetRulesRuleOutput { + return o +} + +func (o SnippetRulesRuleOutput) ToSnippetRulesRuleOutputWithContext(ctx context.Context) SnippetRulesRuleOutput { + return o +} + +// Brief summary of the snippet rule and its intended use. +func (o SnippetRulesRuleOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v SnippetRulesRule) *string { return v.Description }).(pulumi.StringPtrOutput) +} + +// Whether the headers rule is active. +func (o SnippetRulesRuleOutput) Enabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v SnippetRulesRule) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) +} + +// Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters. +func (o SnippetRulesRuleOutput) Expression() pulumi.StringOutput { + return o.ApplyT(func(v SnippetRulesRule) string { return v.Expression }).(pulumi.StringOutput) +} + +// Name of the snippet invoked by this rule. +func (o SnippetRulesRuleOutput) SnippetName() pulumi.StringOutput { + return o.ApplyT(func(v SnippetRulesRule) string { return v.SnippetName }).(pulumi.StringOutput) +} + +type SnippetRulesRuleArrayOutput struct{ *pulumi.OutputState } + +func (SnippetRulesRuleArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]SnippetRulesRule)(nil)).Elem() +} + +func (o SnippetRulesRuleArrayOutput) ToSnippetRulesRuleArrayOutput() SnippetRulesRuleArrayOutput { + return o +} + +func (o SnippetRulesRuleArrayOutput) ToSnippetRulesRuleArrayOutputWithContext(ctx context.Context) SnippetRulesRuleArrayOutput { + return o +} + +func (o SnippetRulesRuleArrayOutput) Index(i pulumi.IntInput) SnippetRulesRuleOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) SnippetRulesRule { + return vs[0].([]SnippetRulesRule)[vs[1].(int)] + }).(SnippetRulesRuleOutput) +} + type SpectrumApplicationDns struct { // The name of the DNS record associated with the application. Name string `pulumi:"name"` @@ -44486,6 +44822,112 @@ func (o ZeroTrustAccessApplicationCorsHeaderArrayOutput) Index(i pulumi.IntInput }).(ZeroTrustAccessApplicationCorsHeaderOutput) } +type ZeroTrustAccessApplicationDestination struct { + // The destination type. Available values: `public`, `private`. Defaults to `public`. + Type *string `pulumi:"type"` + // The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges. + Uri string `pulumi:"uri"` +} + +// ZeroTrustAccessApplicationDestinationInput is an input type that accepts ZeroTrustAccessApplicationDestinationArgs and ZeroTrustAccessApplicationDestinationOutput values. +// You can construct a concrete instance of `ZeroTrustAccessApplicationDestinationInput` via: +// +// ZeroTrustAccessApplicationDestinationArgs{...} +type ZeroTrustAccessApplicationDestinationInput interface { + pulumi.Input + + ToZeroTrustAccessApplicationDestinationOutput() ZeroTrustAccessApplicationDestinationOutput + ToZeroTrustAccessApplicationDestinationOutputWithContext(context.Context) ZeroTrustAccessApplicationDestinationOutput +} + +type ZeroTrustAccessApplicationDestinationArgs struct { + // The destination type. Available values: `public`, `private`. Defaults to `public`. + Type pulumi.StringPtrInput `pulumi:"type"` + // The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges. + Uri pulumi.StringInput `pulumi:"uri"` +} + +func (ZeroTrustAccessApplicationDestinationArgs) ElementType() reflect.Type { + return reflect.TypeOf((*ZeroTrustAccessApplicationDestination)(nil)).Elem() +} + +func (i ZeroTrustAccessApplicationDestinationArgs) ToZeroTrustAccessApplicationDestinationOutput() ZeroTrustAccessApplicationDestinationOutput { + return i.ToZeroTrustAccessApplicationDestinationOutputWithContext(context.Background()) +} + +func (i ZeroTrustAccessApplicationDestinationArgs) ToZeroTrustAccessApplicationDestinationOutputWithContext(ctx context.Context) ZeroTrustAccessApplicationDestinationOutput { + return pulumi.ToOutputWithContext(ctx, i).(ZeroTrustAccessApplicationDestinationOutput) +} + +// ZeroTrustAccessApplicationDestinationArrayInput is an input type that accepts ZeroTrustAccessApplicationDestinationArray and ZeroTrustAccessApplicationDestinationArrayOutput values. +// You can construct a concrete instance of `ZeroTrustAccessApplicationDestinationArrayInput` via: +// +// ZeroTrustAccessApplicationDestinationArray{ ZeroTrustAccessApplicationDestinationArgs{...} } +type ZeroTrustAccessApplicationDestinationArrayInput interface { + pulumi.Input + + ToZeroTrustAccessApplicationDestinationArrayOutput() ZeroTrustAccessApplicationDestinationArrayOutput + ToZeroTrustAccessApplicationDestinationArrayOutputWithContext(context.Context) ZeroTrustAccessApplicationDestinationArrayOutput +} + +type ZeroTrustAccessApplicationDestinationArray []ZeroTrustAccessApplicationDestinationInput + +func (ZeroTrustAccessApplicationDestinationArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]ZeroTrustAccessApplicationDestination)(nil)).Elem() +} + +func (i ZeroTrustAccessApplicationDestinationArray) ToZeroTrustAccessApplicationDestinationArrayOutput() ZeroTrustAccessApplicationDestinationArrayOutput { + return i.ToZeroTrustAccessApplicationDestinationArrayOutputWithContext(context.Background()) +} + +func (i ZeroTrustAccessApplicationDestinationArray) ToZeroTrustAccessApplicationDestinationArrayOutputWithContext(ctx context.Context) ZeroTrustAccessApplicationDestinationArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(ZeroTrustAccessApplicationDestinationArrayOutput) +} + +type ZeroTrustAccessApplicationDestinationOutput struct{ *pulumi.OutputState } + +func (ZeroTrustAccessApplicationDestinationOutput) ElementType() reflect.Type { + return reflect.TypeOf((*ZeroTrustAccessApplicationDestination)(nil)).Elem() +} + +func (o ZeroTrustAccessApplicationDestinationOutput) ToZeroTrustAccessApplicationDestinationOutput() ZeroTrustAccessApplicationDestinationOutput { + return o +} + +func (o ZeroTrustAccessApplicationDestinationOutput) ToZeroTrustAccessApplicationDestinationOutputWithContext(ctx context.Context) ZeroTrustAccessApplicationDestinationOutput { + return o +} + +// The destination type. Available values: `public`, `private`. Defaults to `public`. +func (o ZeroTrustAccessApplicationDestinationOutput) Type() pulumi.StringPtrOutput { + return o.ApplyT(func(v ZeroTrustAccessApplicationDestination) *string { return v.Type }).(pulumi.StringPtrOutput) +} + +// The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges. +func (o ZeroTrustAccessApplicationDestinationOutput) Uri() pulumi.StringOutput { + return o.ApplyT(func(v ZeroTrustAccessApplicationDestination) string { return v.Uri }).(pulumi.StringOutput) +} + +type ZeroTrustAccessApplicationDestinationArrayOutput struct{ *pulumi.OutputState } + +func (ZeroTrustAccessApplicationDestinationArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]ZeroTrustAccessApplicationDestination)(nil)).Elem() +} + +func (o ZeroTrustAccessApplicationDestinationArrayOutput) ToZeroTrustAccessApplicationDestinationArrayOutput() ZeroTrustAccessApplicationDestinationArrayOutput { + return o +} + +func (o ZeroTrustAccessApplicationDestinationArrayOutput) ToZeroTrustAccessApplicationDestinationArrayOutputWithContext(ctx context.Context) ZeroTrustAccessApplicationDestinationArrayOutput { + return o +} + +func (o ZeroTrustAccessApplicationDestinationArrayOutput) Index(i pulumi.IntInput) ZeroTrustAccessApplicationDestinationOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) ZeroTrustAccessApplicationDestination { + return vs[0].([]ZeroTrustAccessApplicationDestination)[vs[1].(int)] + }).(ZeroTrustAccessApplicationDestinationOutput) +} + type ZeroTrustAccessApplicationFooterLink struct { // The name of the footer link. Name *string `pulumi:"name"` @@ -50509,12 +50951,18 @@ func (o ZeroTrustAccessIdentityProviderConfigArrayOutput) Index(i pulumi.IntInpu } type ZeroTrustAccessIdentityProviderScimConfig struct { - Enabled *bool `pulumi:"enabled"` - GroupMemberDeprovision *bool `pulumi:"groupMemberDeprovision"` + // A flag to enable or disable SCIM for the identity provider. + Enabled *bool `pulumi:"enabled"` + // Deprecated. Use `identityUpdateBehavior`. + GroupMemberDeprovision *bool `pulumi:"groupMemberDeprovision"` + // Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "noAction" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. IdentityUpdateBehavior *string `pulumi:"identityUpdateBehavior"` - SeatDeprovision *bool `pulumi:"seatDeprovision"` - Secret *string `pulumi:"secret"` - UserDeprovision *bool `pulumi:"userDeprovision"` + // A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless userDeprovision is also enabled. + SeatDeprovision *bool `pulumi:"seatDeprovision"` + // A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret. + Secret *string `pulumi:"secret"` + // A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. + UserDeprovision *bool `pulumi:"userDeprovision"` } // ZeroTrustAccessIdentityProviderScimConfigInput is an input type that accepts ZeroTrustAccessIdentityProviderScimConfigArgs and ZeroTrustAccessIdentityProviderScimConfigOutput values. @@ -50529,12 +50977,18 @@ type ZeroTrustAccessIdentityProviderScimConfigInput interface { } type ZeroTrustAccessIdentityProviderScimConfigArgs struct { - Enabled pulumi.BoolPtrInput `pulumi:"enabled"` - GroupMemberDeprovision pulumi.BoolPtrInput `pulumi:"groupMemberDeprovision"` + // A flag to enable or disable SCIM for the identity provider. + Enabled pulumi.BoolPtrInput `pulumi:"enabled"` + // Deprecated. Use `identityUpdateBehavior`. + GroupMemberDeprovision pulumi.BoolPtrInput `pulumi:"groupMemberDeprovision"` + // Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "noAction" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. IdentityUpdateBehavior pulumi.StringPtrInput `pulumi:"identityUpdateBehavior"` - SeatDeprovision pulumi.BoolPtrInput `pulumi:"seatDeprovision"` - Secret pulumi.StringPtrInput `pulumi:"secret"` - UserDeprovision pulumi.BoolPtrInput `pulumi:"userDeprovision"` + // A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless userDeprovision is also enabled. + SeatDeprovision pulumi.BoolPtrInput `pulumi:"seatDeprovision"` + // A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret. + Secret pulumi.StringPtrInput `pulumi:"secret"` + // A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. + UserDeprovision pulumi.BoolPtrInput `pulumi:"userDeprovision"` } func (ZeroTrustAccessIdentityProviderScimConfigArgs) ElementType() reflect.Type { @@ -50588,26 +51042,32 @@ func (o ZeroTrustAccessIdentityProviderScimConfigOutput) ToZeroTrustAccessIdenti return o } +// A flag to enable or disable SCIM for the identity provider. func (o ZeroTrustAccessIdentityProviderScimConfigOutput) Enabled() pulumi.BoolPtrOutput { return o.ApplyT(func(v ZeroTrustAccessIdentityProviderScimConfig) *bool { return v.Enabled }).(pulumi.BoolPtrOutput) } +// Deprecated. Use `identityUpdateBehavior`. func (o ZeroTrustAccessIdentityProviderScimConfigOutput) GroupMemberDeprovision() pulumi.BoolPtrOutput { return o.ApplyT(func(v ZeroTrustAccessIdentityProviderScimConfig) *bool { return v.GroupMemberDeprovision }).(pulumi.BoolPtrOutput) } +// Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "noAction" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate. func (o ZeroTrustAccessIdentityProviderScimConfigOutput) IdentityUpdateBehavior() pulumi.StringPtrOutput { return o.ApplyT(func(v ZeroTrustAccessIdentityProviderScimConfig) *string { return v.IdentityUpdateBehavior }).(pulumi.StringPtrOutput) } +// A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider. This cannot be enabled unless userDeprovision is also enabled. func (o ZeroTrustAccessIdentityProviderScimConfigOutput) SeatDeprovision() pulumi.BoolPtrOutput { return o.ApplyT(func(v ZeroTrustAccessIdentityProviderScimConfig) *bool { return v.SeatDeprovision }).(pulumi.BoolPtrOutput) } +// A read-only token generated when the SCIM integration is enabled for the first time. It is redacted on subsequent requests. If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret. func (o ZeroTrustAccessIdentityProviderScimConfigOutput) Secret() pulumi.StringPtrOutput { return o.ApplyT(func(v ZeroTrustAccessIdentityProviderScimConfig) *string { return v.Secret }).(pulumi.StringPtrOutput) } +// A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider. func (o ZeroTrustAccessIdentityProviderScimConfigOutput) UserDeprovision() pulumi.BoolPtrOutput { return o.ApplyT(func(v ZeroTrustAccessIdentityProviderScimConfig) *bool { return v.UserDeprovision }).(pulumi.BoolPtrOutput) } @@ -51236,6 +51696,8 @@ func (o ZeroTrustAccessPolicyConnectionRulesPtrOutput) Ssh() ZeroTrustAccessPoli } type ZeroTrustAccessPolicyConnectionRulesSsh struct { + // Allows connecting to Unix username that matches the authenticating email prefix. + AllowEmailAlias *bool `pulumi:"allowEmailAlias"` // Contains the Unix usernames that may be used when connecting over SSH. Usernames []string `pulumi:"usernames"` } @@ -51252,6 +51714,8 @@ type ZeroTrustAccessPolicyConnectionRulesSshInput interface { } type ZeroTrustAccessPolicyConnectionRulesSshArgs struct { + // Allows connecting to Unix username that matches the authenticating email prefix. + AllowEmailAlias pulumi.BoolPtrInput `pulumi:"allowEmailAlias"` // Contains the Unix usernames that may be used when connecting over SSH. Usernames pulumi.StringArrayInput `pulumi:"usernames"` } @@ -51333,6 +51797,11 @@ func (o ZeroTrustAccessPolicyConnectionRulesSshOutput) ToZeroTrustAccessPolicyCo }).(ZeroTrustAccessPolicyConnectionRulesSshPtrOutput) } +// Allows connecting to Unix username that matches the authenticating email prefix. +func (o ZeroTrustAccessPolicyConnectionRulesSshOutput) AllowEmailAlias() pulumi.BoolPtrOutput { + return o.ApplyT(func(v ZeroTrustAccessPolicyConnectionRulesSsh) *bool { return v.AllowEmailAlias }).(pulumi.BoolPtrOutput) +} + // Contains the Unix usernames that may be used when connecting over SSH. func (o ZeroTrustAccessPolicyConnectionRulesSshOutput) Usernames() pulumi.StringArrayOutput { return o.ApplyT(func(v ZeroTrustAccessPolicyConnectionRulesSsh) []string { return v.Usernames }).(pulumi.StringArrayOutput) @@ -51362,6 +51831,16 @@ func (o ZeroTrustAccessPolicyConnectionRulesSshPtrOutput) Elem() ZeroTrustAccess }).(ZeroTrustAccessPolicyConnectionRulesSshOutput) } +// Allows connecting to Unix username that matches the authenticating email prefix. +func (o ZeroTrustAccessPolicyConnectionRulesSshPtrOutput) AllowEmailAlias() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *ZeroTrustAccessPolicyConnectionRulesSsh) *bool { + if v == nil { + return nil + } + return v.AllowEmailAlias + }).(pulumi.BoolPtrOutput) +} + // Contains the Unix usernames that may be used when connecting over SSH. func (o ZeroTrustAccessPolicyConnectionRulesSshPtrOutput) Usernames() pulumi.StringArrayOutput { return o.ApplyT(func(v *ZeroTrustAccessPolicyConnectionRulesSsh) []string { @@ -76920,6 +77399,8 @@ func (o GetZonesZoneArrayOutput) Index(i pulumi.IntInput) GetZonesZoneOutput { func init() { pulumi.RegisterInputType(reflect.TypeOf((*AccessApplicationCorsHeaderInput)(nil)).Elem(), AccessApplicationCorsHeaderArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*AccessApplicationCorsHeaderArrayInput)(nil)).Elem(), AccessApplicationCorsHeaderArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*AccessApplicationDestinationInput)(nil)).Elem(), AccessApplicationDestinationArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AccessApplicationDestinationArrayInput)(nil)).Elem(), AccessApplicationDestinationArray{}) pulumi.RegisterInputType(reflect.TypeOf((*AccessApplicationFooterLinkInput)(nil)).Elem(), AccessApplicationFooterLinkArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*AccessApplicationFooterLinkArrayInput)(nil)).Elem(), AccessApplicationFooterLinkArray{}) pulumi.RegisterInputType(reflect.TypeOf((*AccessApplicationLandingPageDesignInput)(nil)).Elem(), AccessApplicationLandingPageDesignArgs{}) @@ -77330,6 +77811,10 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*RulesetRuleLoggingPtrInput)(nil)).Elem(), RulesetRuleLoggingArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*RulesetRuleRatelimitInput)(nil)).Elem(), RulesetRuleRatelimitArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*RulesetRuleRatelimitPtrInput)(nil)).Elem(), RulesetRuleRatelimitArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*SnippetFileInput)(nil)).Elem(), SnippetFileArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*SnippetFileArrayInput)(nil)).Elem(), SnippetFileArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*SnippetRulesRuleInput)(nil)).Elem(), SnippetRulesRuleArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*SnippetRulesRuleArrayInput)(nil)).Elem(), SnippetRulesRuleArray{}) pulumi.RegisterInputType(reflect.TypeOf((*SpectrumApplicationDnsInput)(nil)).Elem(), SpectrumApplicationDnsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*SpectrumApplicationDnsPtrInput)(nil)).Elem(), SpectrumApplicationDnsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*SpectrumApplicationEdgeIpsInput)(nil)).Elem(), SpectrumApplicationEdgeIpsArgs{}) @@ -77470,6 +77955,8 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*WorkersScriptWebassemblyBindingArrayInput)(nil)).Elem(), WorkersScriptWebassemblyBindingArray{}) pulumi.RegisterInputType(reflect.TypeOf((*ZeroTrustAccessApplicationCorsHeaderInput)(nil)).Elem(), ZeroTrustAccessApplicationCorsHeaderArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ZeroTrustAccessApplicationCorsHeaderArrayInput)(nil)).Elem(), ZeroTrustAccessApplicationCorsHeaderArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*ZeroTrustAccessApplicationDestinationInput)(nil)).Elem(), ZeroTrustAccessApplicationDestinationArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*ZeroTrustAccessApplicationDestinationArrayInput)(nil)).Elem(), ZeroTrustAccessApplicationDestinationArray{}) pulumi.RegisterInputType(reflect.TypeOf((*ZeroTrustAccessApplicationFooterLinkInput)(nil)).Elem(), ZeroTrustAccessApplicationFooterLinkArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ZeroTrustAccessApplicationFooterLinkArrayInput)(nil)).Elem(), ZeroTrustAccessApplicationFooterLinkArray{}) pulumi.RegisterInputType(reflect.TypeOf((*ZeroTrustAccessApplicationLandingPageDesignInput)(nil)).Elem(), ZeroTrustAccessApplicationLandingPageDesignArgs{}) @@ -77859,6 +78346,8 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*GetZonesZoneArrayInput)(nil)).Elem(), GetZonesZoneArray{}) pulumi.RegisterOutputType(AccessApplicationCorsHeaderOutput{}) pulumi.RegisterOutputType(AccessApplicationCorsHeaderArrayOutput{}) + pulumi.RegisterOutputType(AccessApplicationDestinationOutput{}) + pulumi.RegisterOutputType(AccessApplicationDestinationArrayOutput{}) pulumi.RegisterOutputType(AccessApplicationFooterLinkOutput{}) pulumi.RegisterOutputType(AccessApplicationFooterLinkArrayOutput{}) pulumi.RegisterOutputType(AccessApplicationLandingPageDesignOutput{}) @@ -78269,6 +78758,10 @@ func init() { pulumi.RegisterOutputType(RulesetRuleLoggingPtrOutput{}) pulumi.RegisterOutputType(RulesetRuleRatelimitOutput{}) pulumi.RegisterOutputType(RulesetRuleRatelimitPtrOutput{}) + pulumi.RegisterOutputType(SnippetFileOutput{}) + pulumi.RegisterOutputType(SnippetFileArrayOutput{}) + pulumi.RegisterOutputType(SnippetRulesRuleOutput{}) + pulumi.RegisterOutputType(SnippetRulesRuleArrayOutput{}) pulumi.RegisterOutputType(SpectrumApplicationDnsOutput{}) pulumi.RegisterOutputType(SpectrumApplicationDnsPtrOutput{}) pulumi.RegisterOutputType(SpectrumApplicationEdgeIpsOutput{}) @@ -78409,6 +78902,8 @@ func init() { pulumi.RegisterOutputType(WorkersScriptWebassemblyBindingArrayOutput{}) pulumi.RegisterOutputType(ZeroTrustAccessApplicationCorsHeaderOutput{}) pulumi.RegisterOutputType(ZeroTrustAccessApplicationCorsHeaderArrayOutput{}) + pulumi.RegisterOutputType(ZeroTrustAccessApplicationDestinationOutput{}) + pulumi.RegisterOutputType(ZeroTrustAccessApplicationDestinationArrayOutput{}) pulumi.RegisterOutputType(ZeroTrustAccessApplicationFooterLinkOutput{}) pulumi.RegisterOutputType(ZeroTrustAccessApplicationFooterLinkArrayOutput{}) pulumi.RegisterOutputType(ZeroTrustAccessApplicationLandingPageDesignOutput{}) diff --git a/sdk/go/cloudflare/snippet.go b/sdk/go/cloudflare/snippet.go new file mode 100644 index 00000000..6e724d1e --- /dev/null +++ b/sdk/go/cloudflare/snippet.go @@ -0,0 +1,269 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package cloudflare + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +type Snippet struct { + pulumi.CustomResourceState + + // List of Snippet Files + Files SnippetFileArrayOutput `pulumi:"files"` + // Main module file name of the snippet. + MainModule pulumi.StringOutput `pulumi:"mainModule"` + // Name of the snippet. + Name pulumi.StringOutput `pulumi:"name"` + // The zone identifier to target for the resource. + ZoneId pulumi.StringOutput `pulumi:"zoneId"` +} + +// NewSnippet registers a new resource with the given unique name, arguments, and options. +func NewSnippet(ctx *pulumi.Context, + name string, args *SnippetArgs, opts ...pulumi.ResourceOption) (*Snippet, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.MainModule == nil { + return nil, errors.New("invalid value for required argument 'MainModule'") + } + if args.Name == nil { + return nil, errors.New("invalid value for required argument 'Name'") + } + if args.ZoneId == nil { + return nil, errors.New("invalid value for required argument 'ZoneId'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource Snippet + err := ctx.RegisterResource("cloudflare:index/snippet:Snippet", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetSnippet gets an existing Snippet resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetSnippet(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *SnippetState, opts ...pulumi.ResourceOption) (*Snippet, error) { + var resource Snippet + err := ctx.ReadResource("cloudflare:index/snippet:Snippet", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering Snippet resources. +type snippetState struct { + // List of Snippet Files + Files []SnippetFile `pulumi:"files"` + // Main module file name of the snippet. + MainModule *string `pulumi:"mainModule"` + // Name of the snippet. + Name *string `pulumi:"name"` + // The zone identifier to target for the resource. + ZoneId *string `pulumi:"zoneId"` +} + +type SnippetState struct { + // List of Snippet Files + Files SnippetFileArrayInput + // Main module file name of the snippet. + MainModule pulumi.StringPtrInput + // Name of the snippet. + Name pulumi.StringPtrInput + // The zone identifier to target for the resource. + ZoneId pulumi.StringPtrInput +} + +func (SnippetState) ElementType() reflect.Type { + return reflect.TypeOf((*snippetState)(nil)).Elem() +} + +type snippetArgs struct { + // List of Snippet Files + Files []SnippetFile `pulumi:"files"` + // Main module file name of the snippet. + MainModule string `pulumi:"mainModule"` + // Name of the snippet. + Name string `pulumi:"name"` + // The zone identifier to target for the resource. + ZoneId string `pulumi:"zoneId"` +} + +// The set of arguments for constructing a Snippet resource. +type SnippetArgs struct { + // List of Snippet Files + Files SnippetFileArrayInput + // Main module file name of the snippet. + MainModule pulumi.StringInput + // Name of the snippet. + Name pulumi.StringInput + // The zone identifier to target for the resource. + ZoneId pulumi.StringInput +} + +func (SnippetArgs) ElementType() reflect.Type { + return reflect.TypeOf((*snippetArgs)(nil)).Elem() +} + +type SnippetInput interface { + pulumi.Input + + ToSnippetOutput() SnippetOutput + ToSnippetOutputWithContext(ctx context.Context) SnippetOutput +} + +func (*Snippet) ElementType() reflect.Type { + return reflect.TypeOf((**Snippet)(nil)).Elem() +} + +func (i *Snippet) ToSnippetOutput() SnippetOutput { + return i.ToSnippetOutputWithContext(context.Background()) +} + +func (i *Snippet) ToSnippetOutputWithContext(ctx context.Context) SnippetOutput { + return pulumi.ToOutputWithContext(ctx, i).(SnippetOutput) +} + +// SnippetArrayInput is an input type that accepts SnippetArray and SnippetArrayOutput values. +// You can construct a concrete instance of `SnippetArrayInput` via: +// +// SnippetArray{ SnippetArgs{...} } +type SnippetArrayInput interface { + pulumi.Input + + ToSnippetArrayOutput() SnippetArrayOutput + ToSnippetArrayOutputWithContext(context.Context) SnippetArrayOutput +} + +type SnippetArray []SnippetInput + +func (SnippetArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*Snippet)(nil)).Elem() +} + +func (i SnippetArray) ToSnippetArrayOutput() SnippetArrayOutput { + return i.ToSnippetArrayOutputWithContext(context.Background()) +} + +func (i SnippetArray) ToSnippetArrayOutputWithContext(ctx context.Context) SnippetArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SnippetArrayOutput) +} + +// SnippetMapInput is an input type that accepts SnippetMap and SnippetMapOutput values. +// You can construct a concrete instance of `SnippetMapInput` via: +// +// SnippetMap{ "key": SnippetArgs{...} } +type SnippetMapInput interface { + pulumi.Input + + ToSnippetMapOutput() SnippetMapOutput + ToSnippetMapOutputWithContext(context.Context) SnippetMapOutput +} + +type SnippetMap map[string]SnippetInput + +func (SnippetMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*Snippet)(nil)).Elem() +} + +func (i SnippetMap) ToSnippetMapOutput() SnippetMapOutput { + return i.ToSnippetMapOutputWithContext(context.Background()) +} + +func (i SnippetMap) ToSnippetMapOutputWithContext(ctx context.Context) SnippetMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(SnippetMapOutput) +} + +type SnippetOutput struct{ *pulumi.OutputState } + +func (SnippetOutput) ElementType() reflect.Type { + return reflect.TypeOf((**Snippet)(nil)).Elem() +} + +func (o SnippetOutput) ToSnippetOutput() SnippetOutput { + return o +} + +func (o SnippetOutput) ToSnippetOutputWithContext(ctx context.Context) SnippetOutput { + return o +} + +// List of Snippet Files +func (o SnippetOutput) Files() SnippetFileArrayOutput { + return o.ApplyT(func(v *Snippet) SnippetFileArrayOutput { return v.Files }).(SnippetFileArrayOutput) +} + +// Main module file name of the snippet. +func (o SnippetOutput) MainModule() pulumi.StringOutput { + return o.ApplyT(func(v *Snippet) pulumi.StringOutput { return v.MainModule }).(pulumi.StringOutput) +} + +// Name of the snippet. +func (o SnippetOutput) Name() pulumi.StringOutput { + return o.ApplyT(func(v *Snippet) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) +} + +// The zone identifier to target for the resource. +func (o SnippetOutput) ZoneId() pulumi.StringOutput { + return o.ApplyT(func(v *Snippet) pulumi.StringOutput { return v.ZoneId }).(pulumi.StringOutput) +} + +type SnippetArrayOutput struct{ *pulumi.OutputState } + +func (SnippetArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*Snippet)(nil)).Elem() +} + +func (o SnippetArrayOutput) ToSnippetArrayOutput() SnippetArrayOutput { + return o +} + +func (o SnippetArrayOutput) ToSnippetArrayOutputWithContext(ctx context.Context) SnippetArrayOutput { + return o +} + +func (o SnippetArrayOutput) Index(i pulumi.IntInput) SnippetOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *Snippet { + return vs[0].([]*Snippet)[vs[1].(int)] + }).(SnippetOutput) +} + +type SnippetMapOutput struct{ *pulumi.OutputState } + +func (SnippetMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*Snippet)(nil)).Elem() +} + +func (o SnippetMapOutput) ToSnippetMapOutput() SnippetMapOutput { + return o +} + +func (o SnippetMapOutput) ToSnippetMapOutputWithContext(ctx context.Context) SnippetMapOutput { + return o +} + +func (o SnippetMapOutput) MapIndex(k pulumi.StringInput) SnippetOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *Snippet { + return vs[0].(map[string]*Snippet)[vs[1].(string)] + }).(SnippetOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*SnippetInput)(nil)).Elem(), &Snippet{}) + pulumi.RegisterInputType(reflect.TypeOf((*SnippetArrayInput)(nil)).Elem(), SnippetArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*SnippetMapInput)(nil)).Elem(), SnippetMap{}) + pulumi.RegisterOutputType(SnippetOutput{}) + pulumi.RegisterOutputType(SnippetArrayOutput{}) + pulumi.RegisterOutputType(SnippetMapOutput{}) +} diff --git a/sdk/go/cloudflare/snippetRules.go b/sdk/go/cloudflare/snippetRules.go new file mode 100644 index 00000000..90deb2a9 --- /dev/null +++ b/sdk/go/cloudflare/snippetRules.go @@ -0,0 +1,233 @@ +// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package cloudflare + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-cloudflare/sdk/v5/go/cloudflare/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +type SnippetRules struct { + pulumi.CustomResourceState + + // List of Snippet Rules + Rules SnippetRulesRuleArrayOutput `pulumi:"rules"` + // The zone identifier to target for the resource. + ZoneId pulumi.StringOutput `pulumi:"zoneId"` +} + +// NewSnippetRules registers a new resource with the given unique name, arguments, and options. +func NewSnippetRules(ctx *pulumi.Context, + name string, args *SnippetRulesArgs, opts ...pulumi.ResourceOption) (*SnippetRules, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.ZoneId == nil { + return nil, errors.New("invalid value for required argument 'ZoneId'") + } + opts = internal.PkgResourceDefaultOpts(opts) + var resource SnippetRules + err := ctx.RegisterResource("cloudflare:index/snippetRules:SnippetRules", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetSnippetRules gets an existing SnippetRules resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetSnippetRules(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *SnippetRulesState, opts ...pulumi.ResourceOption) (*SnippetRules, error) { + var resource SnippetRules + err := ctx.ReadResource("cloudflare:index/snippetRules:SnippetRules", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering SnippetRules resources. +type snippetRulesState struct { + // List of Snippet Rules + Rules []SnippetRulesRule `pulumi:"rules"` + // The zone identifier to target for the resource. + ZoneId *string `pulumi:"zoneId"` +} + +type SnippetRulesState struct { + // List of Snippet Rules + Rules SnippetRulesRuleArrayInput + // The zone identifier to target for the resource. + ZoneId pulumi.StringPtrInput +} + +func (SnippetRulesState) ElementType() reflect.Type { + return reflect.TypeOf((*snippetRulesState)(nil)).Elem() +} + +type snippetRulesArgs struct { + // List of Snippet Rules + Rules []SnippetRulesRule `pulumi:"rules"` + // The zone identifier to target for the resource. + ZoneId string `pulumi:"zoneId"` +} + +// The set of arguments for constructing a SnippetRules resource. +type SnippetRulesArgs struct { + // List of Snippet Rules + Rules SnippetRulesRuleArrayInput + // The zone identifier to target for the resource. + ZoneId pulumi.StringInput +} + +func (SnippetRulesArgs) ElementType() reflect.Type { + return reflect.TypeOf((*snippetRulesArgs)(nil)).Elem() +} + +type SnippetRulesInput interface { + pulumi.Input + + ToSnippetRulesOutput() SnippetRulesOutput + ToSnippetRulesOutputWithContext(ctx context.Context) SnippetRulesOutput +} + +func (*SnippetRules) ElementType() reflect.Type { + return reflect.TypeOf((**SnippetRules)(nil)).Elem() +} + +func (i *SnippetRules) ToSnippetRulesOutput() SnippetRulesOutput { + return i.ToSnippetRulesOutputWithContext(context.Background()) +} + +func (i *SnippetRules) ToSnippetRulesOutputWithContext(ctx context.Context) SnippetRulesOutput { + return pulumi.ToOutputWithContext(ctx, i).(SnippetRulesOutput) +} + +// SnippetRulesArrayInput is an input type that accepts SnippetRulesArray and SnippetRulesArrayOutput values. +// You can construct a concrete instance of `SnippetRulesArrayInput` via: +// +// SnippetRulesArray{ SnippetRulesArgs{...} } +type SnippetRulesArrayInput interface { + pulumi.Input + + ToSnippetRulesArrayOutput() SnippetRulesArrayOutput + ToSnippetRulesArrayOutputWithContext(context.Context) SnippetRulesArrayOutput +} + +type SnippetRulesArray []SnippetRulesInput + +func (SnippetRulesArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SnippetRules)(nil)).Elem() +} + +func (i SnippetRulesArray) ToSnippetRulesArrayOutput() SnippetRulesArrayOutput { + return i.ToSnippetRulesArrayOutputWithContext(context.Background()) +} + +func (i SnippetRulesArray) ToSnippetRulesArrayOutputWithContext(ctx context.Context) SnippetRulesArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(SnippetRulesArrayOutput) +} + +// SnippetRulesMapInput is an input type that accepts SnippetRulesMap and SnippetRulesMapOutput values. +// You can construct a concrete instance of `SnippetRulesMapInput` via: +// +// SnippetRulesMap{ "key": SnippetRulesArgs{...} } +type SnippetRulesMapInput interface { + pulumi.Input + + ToSnippetRulesMapOutput() SnippetRulesMapOutput + ToSnippetRulesMapOutputWithContext(context.Context) SnippetRulesMapOutput +} + +type SnippetRulesMap map[string]SnippetRulesInput + +func (SnippetRulesMap) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SnippetRules)(nil)).Elem() +} + +func (i SnippetRulesMap) ToSnippetRulesMapOutput() SnippetRulesMapOutput { + return i.ToSnippetRulesMapOutputWithContext(context.Background()) +} + +func (i SnippetRulesMap) ToSnippetRulesMapOutputWithContext(ctx context.Context) SnippetRulesMapOutput { + return pulumi.ToOutputWithContext(ctx, i).(SnippetRulesMapOutput) +} + +type SnippetRulesOutput struct{ *pulumi.OutputState } + +func (SnippetRulesOutput) ElementType() reflect.Type { + return reflect.TypeOf((**SnippetRules)(nil)).Elem() +} + +func (o SnippetRulesOutput) ToSnippetRulesOutput() SnippetRulesOutput { + return o +} + +func (o SnippetRulesOutput) ToSnippetRulesOutputWithContext(ctx context.Context) SnippetRulesOutput { + return o +} + +// List of Snippet Rules +func (o SnippetRulesOutput) Rules() SnippetRulesRuleArrayOutput { + return o.ApplyT(func(v *SnippetRules) SnippetRulesRuleArrayOutput { return v.Rules }).(SnippetRulesRuleArrayOutput) +} + +// The zone identifier to target for the resource. +func (o SnippetRulesOutput) ZoneId() pulumi.StringOutput { + return o.ApplyT(func(v *SnippetRules) pulumi.StringOutput { return v.ZoneId }).(pulumi.StringOutput) +} + +type SnippetRulesArrayOutput struct{ *pulumi.OutputState } + +func (SnippetRulesArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]*SnippetRules)(nil)).Elem() +} + +func (o SnippetRulesArrayOutput) ToSnippetRulesArrayOutput() SnippetRulesArrayOutput { + return o +} + +func (o SnippetRulesArrayOutput) ToSnippetRulesArrayOutputWithContext(ctx context.Context) SnippetRulesArrayOutput { + return o +} + +func (o SnippetRulesArrayOutput) Index(i pulumi.IntInput) SnippetRulesOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) *SnippetRules { + return vs[0].([]*SnippetRules)[vs[1].(int)] + }).(SnippetRulesOutput) +} + +type SnippetRulesMapOutput struct{ *pulumi.OutputState } + +func (SnippetRulesMapOutput) ElementType() reflect.Type { + return reflect.TypeOf((*map[string]*SnippetRules)(nil)).Elem() +} + +func (o SnippetRulesMapOutput) ToSnippetRulesMapOutput() SnippetRulesMapOutput { + return o +} + +func (o SnippetRulesMapOutput) ToSnippetRulesMapOutputWithContext(ctx context.Context) SnippetRulesMapOutput { + return o +} + +func (o SnippetRulesMapOutput) MapIndex(k pulumi.StringInput) SnippetRulesOutput { + return pulumi.All(o, k).ApplyT(func(vs []interface{}) *SnippetRules { + return vs[0].(map[string]*SnippetRules)[vs[1].(string)] + }).(SnippetRulesOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*SnippetRulesInput)(nil)).Elem(), &SnippetRules{}) + pulumi.RegisterInputType(reflect.TypeOf((*SnippetRulesArrayInput)(nil)).Elem(), SnippetRulesArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*SnippetRulesMapInput)(nil)).Elem(), SnippetRulesMap{}) + pulumi.RegisterOutputType(SnippetRulesOutput{}) + pulumi.RegisterOutputType(SnippetRulesArrayOutput{}) + pulumi.RegisterOutputType(SnippetRulesMapOutput{}) +} diff --git a/sdk/go/cloudflare/zeroTrustAccessApplication.go b/sdk/go/cloudflare/zeroTrustAccessApplication.go index ce9ade5f..b47b061b 100644 --- a/sdk/go/cloudflare/zeroTrustAccessApplication.go +++ b/sdk/go/cloudflare/zeroTrustAccessApplication.go @@ -56,8 +56,12 @@ type ZeroTrustAccessApplication struct { CustomNonIdentityDenyUrl pulumi.StringPtrOutput `pulumi:"customNonIdentityDenyUrl"` // The custom pages selected for the application. CustomPages pulumi.StringArrayOutput `pulumi:"customPages"` + // A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `selfHostedDomains` to allow for more flexibility in defining different types of destinations. Conflicts with `selfHostedDomains`. + Destinations ZeroTrustAccessApplicationDestinationArrayOutput `pulumi:"destinations"` // The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. Domain pulumi.StringOutput `pulumi:"domain"` + // The type of the primary domain. Available values: `public`, `private`. + DomainType pulumi.StringOutput `pulumi:"domainType"` // Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. EnableBindingCookie pulumi.BoolPtrOutput `pulumi:"enableBindingCookie"` // The footer links of the app launcher. @@ -82,7 +86,9 @@ type ZeroTrustAccessApplication struct { SameSiteCookieAttribute pulumi.StringPtrOutput `pulumi:"sameSiteCookieAttribute"` // Configuration for provisioning to this application via SCIM. This is currently in closed beta. ScimConfig ZeroTrustAccessApplicationScimConfigPtrOutput `pulumi:"scimConfig"` - // List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + // List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. + // + // Deprecated: Use `destinations` instead SelfHostedDomains pulumi.StringArrayOutput `pulumi:"selfHostedDomains"` // Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`. ServiceAuth401Redirect pulumi.BoolPtrOutput `pulumi:"serviceAuth401Redirect"` @@ -158,8 +164,12 @@ type zeroTrustAccessApplicationState struct { CustomNonIdentityDenyUrl *string `pulumi:"customNonIdentityDenyUrl"` // The custom pages selected for the application. CustomPages []string `pulumi:"customPages"` + // A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `selfHostedDomains` to allow for more flexibility in defining different types of destinations. Conflicts with `selfHostedDomains`. + Destinations []ZeroTrustAccessApplicationDestination `pulumi:"destinations"` // The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. Domain *string `pulumi:"domain"` + // The type of the primary domain. Available values: `public`, `private`. + DomainType *string `pulumi:"domainType"` // Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. EnableBindingCookie *bool `pulumi:"enableBindingCookie"` // The footer links of the app launcher. @@ -184,7 +194,9 @@ type zeroTrustAccessApplicationState struct { SameSiteCookieAttribute *string `pulumi:"sameSiteCookieAttribute"` // Configuration for provisioning to this application via SCIM. This is currently in closed beta. ScimConfig *ZeroTrustAccessApplicationScimConfig `pulumi:"scimConfig"` - // List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + // List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. + // + // Deprecated: Use `destinations` instead SelfHostedDomains []string `pulumi:"selfHostedDomains"` // Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`. ServiceAuth401Redirect *bool `pulumi:"serviceAuth401Redirect"` @@ -231,8 +243,12 @@ type ZeroTrustAccessApplicationState struct { CustomNonIdentityDenyUrl pulumi.StringPtrInput // The custom pages selected for the application. CustomPages pulumi.StringArrayInput + // A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `selfHostedDomains` to allow for more flexibility in defining different types of destinations. Conflicts with `selfHostedDomains`. + Destinations ZeroTrustAccessApplicationDestinationArrayInput // The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. Domain pulumi.StringPtrInput + // The type of the primary domain. Available values: `public`, `private`. + DomainType pulumi.StringPtrInput // Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. EnableBindingCookie pulumi.BoolPtrInput // The footer links of the app launcher. @@ -257,7 +273,9 @@ type ZeroTrustAccessApplicationState struct { SameSiteCookieAttribute pulumi.StringPtrInput // Configuration for provisioning to this application via SCIM. This is currently in closed beta. ScimConfig ZeroTrustAccessApplicationScimConfigPtrInput - // List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + // List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. + // + // Deprecated: Use `destinations` instead SelfHostedDomains pulumi.StringArrayInput // Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`. ServiceAuth401Redirect pulumi.BoolPtrInput @@ -306,8 +324,12 @@ type zeroTrustAccessApplicationArgs struct { CustomNonIdentityDenyUrl *string `pulumi:"customNonIdentityDenyUrl"` // The custom pages selected for the application. CustomPages []string `pulumi:"customPages"` + // A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `selfHostedDomains` to allow for more flexibility in defining different types of destinations. Conflicts with `selfHostedDomains`. + Destinations []ZeroTrustAccessApplicationDestination `pulumi:"destinations"` // The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. Domain *string `pulumi:"domain"` + // The type of the primary domain. Available values: `public`, `private`. + DomainType *string `pulumi:"domainType"` // Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. EnableBindingCookie *bool `pulumi:"enableBindingCookie"` // The footer links of the app launcher. @@ -332,7 +354,9 @@ type zeroTrustAccessApplicationArgs struct { SameSiteCookieAttribute *string `pulumi:"sameSiteCookieAttribute"` // Configuration for provisioning to this application via SCIM. This is currently in closed beta. ScimConfig *ZeroTrustAccessApplicationScimConfig `pulumi:"scimConfig"` - // List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + // List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. + // + // Deprecated: Use `destinations` instead SelfHostedDomains []string `pulumi:"selfHostedDomains"` // Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`. ServiceAuth401Redirect *bool `pulumi:"serviceAuth401Redirect"` @@ -378,8 +402,12 @@ type ZeroTrustAccessApplicationArgs struct { CustomNonIdentityDenyUrl pulumi.StringPtrInput // The custom pages selected for the application. CustomPages pulumi.StringArrayInput + // A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `selfHostedDomains` to allow for more flexibility in defining different types of destinations. Conflicts with `selfHostedDomains`. + Destinations ZeroTrustAccessApplicationDestinationArrayInput // The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. Domain pulumi.StringPtrInput + // The type of the primary domain. Available values: `public`, `private`. + DomainType pulumi.StringPtrInput // Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. EnableBindingCookie pulumi.BoolPtrInput // The footer links of the app launcher. @@ -404,7 +432,9 @@ type ZeroTrustAccessApplicationArgs struct { SameSiteCookieAttribute pulumi.StringPtrInput // Configuration for provisioning to this application via SCIM. This is currently in closed beta. ScimConfig ZeroTrustAccessApplicationScimConfigPtrInput - // List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + // List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. + // + // Deprecated: Use `destinations` instead SelfHostedDomains pulumi.StringArrayInput // Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`. ServiceAuth401Redirect pulumi.BoolPtrInput @@ -578,11 +608,23 @@ func (o ZeroTrustAccessApplicationOutput) CustomPages() pulumi.StringArrayOutput return o.ApplyT(func(v *ZeroTrustAccessApplication) pulumi.StringArrayOutput { return v.CustomPages }).(pulumi.StringArrayOutput) } +// A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `selfHostedDomains` to allow for more flexibility in defining different types of destinations. Conflicts with `selfHostedDomains`. +func (o ZeroTrustAccessApplicationOutput) Destinations() ZeroTrustAccessApplicationDestinationArrayOutput { + return o.ApplyT(func(v *ZeroTrustAccessApplication) ZeroTrustAccessApplicationDestinationArrayOutput { + return v.Destinations + }).(ZeroTrustAccessApplicationDestinationArrayOutput) +} + // The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. func (o ZeroTrustAccessApplicationOutput) Domain() pulumi.StringOutput { return o.ApplyT(func(v *ZeroTrustAccessApplication) pulumi.StringOutput { return v.Domain }).(pulumi.StringOutput) } +// The type of the primary domain. Available values: `public`, `private`. +func (o ZeroTrustAccessApplicationOutput) DomainType() pulumi.StringOutput { + return o.ApplyT(func(v *ZeroTrustAccessApplication) pulumi.StringOutput { return v.DomainType }).(pulumi.StringOutput) +} + // Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. func (o ZeroTrustAccessApplicationOutput) EnableBindingCookie() pulumi.BoolPtrOutput { return o.ApplyT(func(v *ZeroTrustAccessApplication) pulumi.BoolPtrOutput { return v.EnableBindingCookie }).(pulumi.BoolPtrOutput) @@ -647,7 +689,9 @@ func (o ZeroTrustAccessApplicationOutput) ScimConfig() ZeroTrustAccessApplicatio return o.ApplyT(func(v *ZeroTrustAccessApplication) ZeroTrustAccessApplicationScimConfigPtrOutput { return v.ScimConfig }).(ZeroTrustAccessApplicationScimConfigPtrOutput) } -// List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. +// List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. +// +// Deprecated: Use `destinations` instead func (o ZeroTrustAccessApplicationOutput) SelfHostedDomains() pulumi.StringArrayOutput { return o.ApplyT(func(v *ZeroTrustAccessApplication) pulumi.StringArrayOutput { return v.SelfHostedDomains }).(pulumi.StringArrayOutput) } diff --git a/sdk/java/build.gradle b/sdk/java/build.gradle index 42cc6bf5..72c69973 100644 --- a/sdk/java/build.gradle +++ b/sdk/java/build.gradle @@ -44,7 +44,7 @@ repositories { dependencies { implementation("com.google.code.findbugs:jsr305:3.0.2") implementation("com.google.code.gson:gson:2.8.9") - implementation("com.pulumi:pulumi:0.18.0") + implementation("com.pulumi:pulumi:0.19.0") } task sourcesJar(type: Jar) { diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/AccessApplication.java b/sdk/java/src/main/java/com/pulumi/cloudflare/AccessApplication.java index 416edec0..69f45410 100644 --- a/sdk/java/src/main/java/com/pulumi/cloudflare/AccessApplication.java +++ b/sdk/java/src/main/java/com/pulumi/cloudflare/AccessApplication.java @@ -7,6 +7,7 @@ import com.pulumi.cloudflare.Utilities; import com.pulumi.cloudflare.inputs.AccessApplicationState; import com.pulumi.cloudflare.outputs.AccessApplicationCorsHeader; +import com.pulumi.cloudflare.outputs.AccessApplicationDestination; import com.pulumi.cloudflare.outputs.AccessApplicationFooterLink; import com.pulumi.cloudflare.outputs.AccessApplicationLandingPageDesign; import com.pulumi.cloudflare.outputs.AccessApplicationSaasApp; @@ -224,6 +225,20 @@ public Output> customNonIdentityDenyUrl() { public Output>> customPages() { return Codegen.optional(this.customPages); } + /** + * A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`. + * + */ + @Export(name="destinations", refs={List.class,AccessApplicationDestination.class}, tree="[0,1]") + private Output> destinations; + + /** + * @return A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`. + * + */ + public Output>> destinations() { + return Codegen.optional(this.destinations); + } /** * The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. * @@ -238,6 +253,20 @@ public Output>> customPages() { public Output domain() { return this.domain; } + /** + * The type of the primary domain. Available values: `public`, `private`. + * + */ + @Export(name="domainType", refs={String.class}, tree="[0]") + private Output domainType; + + /** + * @return The type of the primary domain. Available values: `public`, `private`. + * + */ + public Output domainType() { + return this.domainType; + } /** * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. * @@ -407,14 +436,18 @@ public Output> scimConfig() { return Codegen.optional(this.scimConfig); } /** - * List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + * List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. + * + * @deprecated + * Use `destinations` instead * */ + @Deprecated /* Use `destinations` instead */ @Export(name="selfHostedDomains", refs={List.class,String.class}, tree="[0,1]") private Output> selfHostedDomains; /** - * @return List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + * @return List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. * */ public Output>> selfHostedDomains() { diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/AccessApplicationArgs.java b/sdk/java/src/main/java/com/pulumi/cloudflare/AccessApplicationArgs.java index 65d9b22b..646ba8b4 100644 --- a/sdk/java/src/main/java/com/pulumi/cloudflare/AccessApplicationArgs.java +++ b/sdk/java/src/main/java/com/pulumi/cloudflare/AccessApplicationArgs.java @@ -4,6 +4,7 @@ package com.pulumi.cloudflare; import com.pulumi.cloudflare.inputs.AccessApplicationCorsHeaderArgs; +import com.pulumi.cloudflare.inputs.AccessApplicationDestinationArgs; import com.pulumi.cloudflare.inputs.AccessApplicationFooterLinkArgs; import com.pulumi.cloudflare.inputs.AccessApplicationLandingPageDesignArgs; import com.pulumi.cloudflare.inputs.AccessApplicationSaasAppArgs; @@ -203,6 +204,21 @@ public Optional>> customPages() { return Optional.ofNullable(this.customPages); } + /** + * A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`. + * + */ + @Import(name="destinations") + private @Nullable Output> destinations; + + /** + * @return A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`. + * + */ + public Optional>> destinations() { + return Optional.ofNullable(this.destinations); + } + /** * The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. * @@ -218,6 +234,21 @@ public Optional> domain() { return Optional.ofNullable(this.domain); } + /** + * The type of the primary domain. Available values: `public`, `private`. + * + */ + @Import(name="domainType") + private @Nullable Output domainType; + + /** + * @return The type of the primary domain. Available values: `public`, `private`. + * + */ + public Optional> domainType() { + return Optional.ofNullable(this.domainType); + } + /** * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. * @@ -399,16 +430,24 @@ public Optional> scimConfig() { } /** - * List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + * List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. + * + * @deprecated + * Use `destinations` instead * */ + @Deprecated /* Use `destinations` instead */ @Import(name="selfHostedDomains") private @Nullable Output> selfHostedDomains; /** - * @return List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + * @return List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. + * + * @deprecated + * Use `destinations` instead * */ + @Deprecated /* Use `destinations` instead */ public Optional>> selfHostedDomains() { return Optional.ofNullable(this.selfHostedDomains); } @@ -548,7 +587,9 @@ private AccessApplicationArgs(AccessApplicationArgs $) { this.customDenyUrl = $.customDenyUrl; this.customNonIdentityDenyUrl = $.customNonIdentityDenyUrl; this.customPages = $.customPages; + this.destinations = $.destinations; this.domain = $.domain; + this.domainType = $.domainType; this.enableBindingCookie = $.enableBindingCookie; this.footerLinks = $.footerLinks; this.headerBgColor = $.headerBgColor; @@ -872,6 +913,37 @@ public Builder customPages(String... customPages) { return customPages(List.of(customPages)); } + /** + * @param destinations A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`. + * + * @return builder + * + */ + public Builder destinations(@Nullable Output> destinations) { + $.destinations = destinations; + return this; + } + + /** + * @param destinations A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`. + * + * @return builder + * + */ + public Builder destinations(List destinations) { + return destinations(Output.of(destinations)); + } + + /** + * @param destinations A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`. + * + * @return builder + * + */ + public Builder destinations(AccessApplicationDestinationArgs... destinations) { + return destinations(List.of(destinations)); + } + /** * @param domain The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed. * @@ -893,6 +965,27 @@ public Builder domain(String domain) { return domain(Output.of(domain)); } + /** + * @param domainType The type of the primary domain. Available values: `public`, `private`. + * + * @return builder + * + */ + public Builder domainType(@Nullable Output domainType) { + $.domainType = domainType; + return this; + } + + /** + * @param domainType The type of the primary domain. Available values: `public`, `private`. + * + * @return builder + * + */ + public Builder domainType(String domainType) { + return domainType(Output.of(domainType)); + } + /** * @param enableBindingCookie Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`. * @@ -1166,32 +1259,44 @@ public Builder scimConfig(AccessApplicationScimConfigArgs scimConfig) { } /** - * @param selfHostedDomains List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + * @param selfHostedDomains List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. * * @return builder * + * @deprecated + * Use `destinations` instead + * */ + @Deprecated /* Use `destinations` instead */ public Builder selfHostedDomains(@Nullable Output> selfHostedDomains) { $.selfHostedDomains = selfHostedDomains; return this; } /** - * @param selfHostedDomains List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + * @param selfHostedDomains List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. * * @return builder * + * @deprecated + * Use `destinations` instead + * */ + @Deprecated /* Use `destinations` instead */ public Builder selfHostedDomains(List selfHostedDomains) { return selfHostedDomains(Output.of(selfHostedDomains)); } /** - * @param selfHostedDomains List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. + * @param selfHostedDomains List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`. * * @return builder * + * @deprecated + * Use `destinations` instead + * */ + @Deprecated /* Use `destinations` instead */ public Builder selfHostedDomains(String... selfHostedDomains) { return selfHostedDomains(List.of(selfHostedDomains)); } diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/CloudflareFunctions.java b/sdk/java/src/main/java/com/pulumi/cloudflare/CloudflareFunctions.java index 66af9831..e2321648 100644 --- a/sdk/java/src/main/java/com/pulumi/cloudflare/CloudflareFunctions.java +++ b/sdk/java/src/main/java/com/pulumi/cloudflare/CloudflareFunctions.java @@ -98,6 +98,7 @@ import com.pulumi.core.TypeShape; import com.pulumi.deployment.Deployment; import com.pulumi.deployment.InvokeOptions; +import com.pulumi.deployment.InvokeOutputOptions; import com.pulumi.resources.InvokeArgs; import java.util.concurrent.CompletableFuture; @@ -137,6 +138,13 @@ public static CompletableFuture getAccessApplication public static Output getAccessApplication(GetAccessApplicationArgs args, InvokeOptions options) { return Deployment.getInstance().invoke("cloudflare:index/getAccessApplication:getAccessApplication", TypeShape.of(GetAccessApplicationResult.class), args, Utilities.withVersion(options)); } + /** + * Use this data source to lookup a single [Access Application](https://developers.cloudflare.com/cloudflare-one/applications/) + * + */ + public static Output getAccessApplication(GetAccessApplicationArgs args, InvokeOutputOptions options) { + return Deployment.getInstance().invoke("cloudflare:index/getAccessApplication:getAccessApplication", TypeShape.of(GetAccessApplicationResult.class), args, Utilities.withVersion(options)); + } /** * Use this data source to lookup a single [Access Application](https://developers.cloudflare.com/cloudflare-one/applications/) * @@ -309,6 +317,61 @@ public static CompletableFuture getAccessIdenti public static Output getAccessIdentityProvider(GetAccessIdentityProviderArgs args, InvokeOptions options) { return Deployment.getInstance().invoke("cloudflare:index/getAccessIdentityProvider:getAccessIdentityProvider", TypeShape.of(GetAccessIdentityProviderResult.class), args, Utilities.withVersion(options)); } + /** + * Use this data source to lookup a single [Access Identity Provider](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration) by name. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.cloudflare.inputs.GetAccessIdentityProviderArgs;
+     * import com.pulumi.cloudflare.AccessApplication;
+     * import com.pulumi.cloudflare.AccessApplicationArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var example = CloudflareFunctions.getAccessIdentityProvider(GetAccessIdentityProviderArgs.builder()
+     *             .name("Google SSO")
+     *             .accountId("f037e56e89293a057740de681ac9abbe")
+     *             .build());
+     * 
+     *         var exampleAccessApplication = new AccessApplication("exampleAccessApplication", AccessApplicationArgs.builder()
+     *             .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
+     *             .name("name")
+     *             .domain("name.example.com")
+     *             .type("self_hosted")
+     *             .sessionDuration("24h")
+     *             .allowedIdps(example.applyValue(getAccessIdentityProviderResult -> getAccessIdentityProviderResult.id()))
+     *             .autoRedirectToIdentity(true)
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ + public static Output getAccessIdentityProvider(GetAccessIdentityProviderArgs args, InvokeOutputOptions options) { + return Deployment.getInstance().invoke("cloudflare:index/getAccessIdentityProvider:getAccessIdentityProvider", TypeShape.of(GetAccessIdentityProviderResult.class), args, Utilities.withVersion(options)); + } /** * Use this data source to lookup a single [Access Identity Provider](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration) by name. * @@ -400,6 +463,18 @@ public static CompletableFuture getAccountRolesPlain(GetA public static Output getAccountRoles(GetAccountRolesArgs args, InvokeOptions options) { return Deployment.getInstance().invoke("cloudflare:index/getAccountRoles:getAccountRoles", TypeShape.of(GetAccountRolesResult.class), args, Utilities.withVersion(options)); } + /** + * Use this data source to lookup [Account Roles](https://api.cloudflare.com/#account-roles-properties). + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + * <!--End PulumiCodeChooser --> + * + */ + public static Output getAccountRoles(GetAccountRolesArgs args, InvokeOutputOptions options) { + return Deployment.getInstance().invoke("cloudflare:index/getAccountRoles:getAccountRoles", TypeShape.of(GetAccountRolesResult.class), args, Utilities.withVersion(options)); + } /** * Use this data source to lookup [Account Roles](https://api.cloudflare.com/#account-roles-properties). * @@ -622,6 +697,48 @@ public static CompletableFuture getAccountsPlain(GetAccountsP public static Output getAccounts(GetAccountsArgs args, InvokeOptions options) { return Deployment.getInstance().invoke("cloudflare:index/getAccounts:getAccounts", TypeShape.of(GetAccountsResult.class), args, Utilities.withVersion(options)); } + /** + * Data source for looking up Cloudflare Accounts. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.cloudflare.inputs.GetAccountsArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var example = CloudflareFunctions.getAccounts(GetAccountsArgs.builder()
+     *             .name("example account")
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ + public static Output getAccounts(GetAccountsArgs args, InvokeOutputOptions options) { + return Deployment.getInstance().invoke("cloudflare:index/getAccounts:getAccounts", TypeShape.of(GetAccountsResult.class), args, Utilities.withVersion(options)); + } /** * Data source for looking up Cloudflare Accounts. * @@ -879,6 +996,49 @@ public static CompletableFuture getApiTokenPe public static Output getApiTokenPermissionGroups(InvokeArgs args, InvokeOptions options) { return Deployment.getInstance().invoke("cloudflare:index/getApiTokenPermissionGroups:getApiTokenPermissionGroups", TypeShape.of(GetApiTokenPermissionGroupsResult.class), args, Utilities.withVersion(options)); } + /** + * Use this data source to look up [API Token Permission Groups](https://developers.cloudflare.com/api/tokens/create/permissions). + * Commonly used as references within [`cloudflare_token`](https://www.terraform.io/docs/providers/cloudflare/r/api_token.html) resources. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var all = CloudflareFunctions.getApiTokenPermissionGroups();
+     * 
+     *         ctx.export("dnsReadPermissionId", all.applyValue(getApiTokenPermissionGroupsResult -> getApiTokenPermissionGroupsResult.zone().DNS Read()));
+     *         ctx.export("accountLbMonitorsAndReadId", all.applyValue(getApiTokenPermissionGroupsResult -> getApiTokenPermissionGroupsResult.account().Load Balancing: Monitors and Pools Read()));
+     *         ctx.export("userMembershipsReadId", all.applyValue(getApiTokenPermissionGroupsResult -> getApiTokenPermissionGroupsResult.user().Memberships Read()));
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ + public static Output getApiTokenPermissionGroups(InvokeArgs args, InvokeOutputOptions options) { + return Deployment.getInstance().invoke("cloudflare:index/getApiTokenPermissionGroups:getApiTokenPermissionGroups", TypeShape.of(GetApiTokenPermissionGroupsResult.class), args, Utilities.withVersion(options)); + } /** * Use this data source to look up [API Token Permission Groups](https://developers.cloudflare.com/api/tokens/create/permissions). * Commonly used as references within [`cloudflare_token`](https://www.terraform.io/docs/providers/cloudflare/r/api_token.html) resources. @@ -943,6 +1103,13 @@ public static CompletableFuture getDcvDelegationPlain(Ge public static Output getDcvDelegation(GetDcvDelegationArgs args, InvokeOptions options) { return Deployment.getInstance().invoke("cloudflare:index/getDcvDelegation:getDcvDelegation", TypeShape.of(GetDcvDelegationResult.class), args, Utilities.withVersion(options)); } + /** + * Use this data source to retrieve the DCV Delegation unique identifier for a zone. + * + */ + public static Output getDcvDelegation(GetDcvDelegationArgs args, InvokeOutputOptions options) { + return Deployment.getInstance().invoke("cloudflare:index/getDcvDelegation:getDcvDelegation", TypeShape.of(GetDcvDelegationResult.class), args, Utilities.withVersion(options)); + } /** * Use this data source to retrieve the DCV Delegation unique identifier for a zone. * @@ -1123,11 +1290,11 @@ public static Output getDevicePostureRules(GetDevic * <!--End PulumiCodeChooser --> * */ - public static CompletableFuture getDevicePostureRulesPlain(GetDevicePostureRulesPlainArgs args, InvokeOptions options) { - return Deployment.getInstance().invokeAsync("cloudflare:index/getDevicePostureRules:getDevicePostureRules", TypeShape.of(GetDevicePostureRulesResult.class), args, Utilities.withVersion(options)); + public static Output getDevicePostureRules(GetDevicePostureRulesArgs args, InvokeOutputOptions options) { + return Deployment.getInstance().invoke("cloudflare:index/getDevicePostureRules:getDevicePostureRules", TypeShape.of(GetDevicePostureRulesResult.class), args, Utilities.withVersion(options)); } /** - * Use this data source to lookup [Devices](https://api.cloudflare.com/#devices-list-devices). + * Use this data source to lookup a list of [Device Posture Rule](https://developers.cloudflare.com/cloudflare-one/identity/devices) * * ## Example Usage * @@ -1140,7 +1307,7 @@ public static CompletableFuture getDevicePostureRul * import com.pulumi.Pulumi; * import com.pulumi.core.Output; * import com.pulumi.cloudflare.CloudflareFunctions; - * import com.pulumi.cloudflare.inputs.GetDevicesArgs; + * import com.pulumi.cloudflare.inputs.GetDevicePostureRulesArgs; * import java.util.List; * import java.util.ArrayList; * import java.util.Map; @@ -1154,8 +1321,10 @@ public static CompletableFuture getDevicePostureRul * } * * public static void stack(Context ctx) { - * final var example = CloudflareFunctions.getDevices(GetDevicesArgs.builder() + * final var example = CloudflareFunctions.getDevicePostureRules(GetDevicePostureRulesArgs.builder() * .accountId("f037e56e89293a057740de681ac9abbe") + * .name("check for /dev/random") + * .type("file") * .build()); * * } @@ -1165,8 +1334,8 @@ public static CompletableFuture getDevicePostureRul * <!--End PulumiCodeChooser --> * */ - public static Output getDevices(GetDevicesArgs args) { - return getDevices(args, InvokeOptions.Empty); + public static CompletableFuture getDevicePostureRulesPlain(GetDevicePostureRulesPlainArgs args, InvokeOptions options) { + return Deployment.getInstance().invokeAsync("cloudflare:index/getDevicePostureRules:getDevicePostureRules", TypeShape.of(GetDevicePostureRulesResult.class), args, Utilities.withVersion(options)); } /** * Use this data source to lookup [Devices](https://api.cloudflare.com/#devices-list-devices). @@ -1207,8 +1376,8 @@ public static Output getDevices(GetDevicesArgs args) { * <!--End PulumiCodeChooser --> * */ - public static CompletableFuture getDevicesPlain(GetDevicesPlainArgs args) { - return getDevicesPlain(args, InvokeOptions.Empty); + public static Output getDevices(GetDevicesArgs args) { + return getDevices(args, InvokeOptions.Empty); } /** * Use this data source to lookup [Devices](https://api.cloudflare.com/#devices-list-devices). @@ -1249,8 +1418,8 @@ public static CompletableFuture getDevicesPlain(GetDevicesPlai * <!--End PulumiCodeChooser --> * */ - public static Output getDevices(GetDevicesArgs args, InvokeOptions options) { - return Deployment.getInstance().invoke("cloudflare:index/getDevices:getDevices", TypeShape.of(GetDevicesResult.class), args, Utilities.withVersion(options)); + public static CompletableFuture getDevicesPlain(GetDevicesPlainArgs args) { + return getDevicesPlain(args, InvokeOptions.Empty); } /** * Use this data source to lookup [Devices](https://api.cloudflare.com/#devices-list-devices). @@ -1291,11 +1460,11 @@ public static Output getDevices(GetDevicesArgs args, InvokeOpt * <!--End PulumiCodeChooser --> * */ - public static CompletableFuture getDevicesPlain(GetDevicesPlainArgs args, InvokeOptions options) { - return Deployment.getInstance().invokeAsync("cloudflare:index/getDevices:getDevices", TypeShape.of(GetDevicesResult.class), args, Utilities.withVersion(options)); + public static Output getDevices(GetDevicesArgs args, InvokeOptions options) { + return Deployment.getInstance().invoke("cloudflare:index/getDevices:getDevices", TypeShape.of(GetDevicesResult.class), args, Utilities.withVersion(options)); } /** - * Use this data source to retrieve all DLP datasets for an account. + * Use this data source to lookup [Devices](https://api.cloudflare.com/#devices-list-devices). * * ## Example Usage * @@ -1308,7 +1477,7 @@ public static CompletableFuture getDevicesPlain(GetDevicesPlai * import com.pulumi.Pulumi; * import com.pulumi.core.Output; * import com.pulumi.cloudflare.CloudflareFunctions; - * import com.pulumi.cloudflare.inputs.GetDlpDatasetsArgs; + * import com.pulumi.cloudflare.inputs.GetDevicesArgs; * import java.util.List; * import java.util.ArrayList; * import java.util.Map; @@ -1322,7 +1491,7 @@ public static CompletableFuture getDevicesPlain(GetDevicesPlai * } * * public static void stack(Context ctx) { - * final var example = CloudflareFunctions.getDlpDatasets(GetDlpDatasetsArgs.builder() + * final var example = CloudflareFunctions.getDevices(GetDevicesArgs.builder() * .accountId("f037e56e89293a057740de681ac9abbe") * .build()); * @@ -1333,11 +1502,11 @@ public static CompletableFuture getDevicesPlain(GetDevicesPlai * <!--End PulumiCodeChooser --> * */ - public static Output getDlpDatasets(GetDlpDatasetsArgs args) { - return getDlpDatasets(args, InvokeOptions.Empty); + public static Output getDevices(GetDevicesArgs args, InvokeOutputOptions options) { + return Deployment.getInstance().invoke("cloudflare:index/getDevices:getDevices", TypeShape.of(GetDevicesResult.class), args, Utilities.withVersion(options)); } /** - * Use this data source to retrieve all DLP datasets for an account. + * Use this data source to lookup [Devices](https://api.cloudflare.com/#devices-list-devices). * * ## Example Usage * @@ -1350,7 +1519,7 @@ public static Output getDlpDatasets(GetDlpDatasetsArgs arg * import com.pulumi.Pulumi; * import com.pulumi.core.Output; * import com.pulumi.cloudflare.CloudflareFunctions; - * import com.pulumi.cloudflare.inputs.GetDlpDatasetsArgs; + * import com.pulumi.cloudflare.inputs.GetDevicesArgs; * import java.util.List; * import java.util.ArrayList; * import java.util.Map; @@ -1364,7 +1533,7 @@ public static Output getDlpDatasets(GetDlpDatasetsArgs arg * } * * public static void stack(Context ctx) { - * final var example = CloudflareFunctions.getDlpDatasets(GetDlpDatasetsArgs.builder() + * final var example = CloudflareFunctions.getDevices(GetDevicesArgs.builder() * .accountId("f037e56e89293a057740de681ac9abbe") * .build()); * @@ -1375,8 +1544,8 @@ public static Output getDlpDatasets(GetDlpDatasetsArgs arg * <!--End PulumiCodeChooser --> * */ - public static CompletableFuture getDlpDatasetsPlain(GetDlpDatasetsPlainArgs args) { - return getDlpDatasetsPlain(args, InvokeOptions.Empty); + public static CompletableFuture getDevicesPlain(GetDevicesPlainArgs args, InvokeOptions options) { + return Deployment.getInstance().invokeAsync("cloudflare:index/getDevices:getDevices", TypeShape.of(GetDevicesResult.class), args, Utilities.withVersion(options)); } /** * Use this data source to retrieve all DLP datasets for an account. @@ -1417,8 +1586,8 @@ public static CompletableFuture getDlpDatasetsPlain(GetDlp * <!--End PulumiCodeChooser --> * */ - public static Output getDlpDatasets(GetDlpDatasetsArgs args, InvokeOptions options) { - return Deployment.getInstance().invoke("cloudflare:index/getDlpDatasets:getDlpDatasets", TypeShape.of(GetDlpDatasetsResult.class), args, Utilities.withVersion(options)); + public static Output getDlpDatasets(GetDlpDatasetsArgs args) { + return getDlpDatasets(args, InvokeOptions.Empty); } /** * Use this data source to retrieve all DLP datasets for an account. @@ -1459,11 +1628,11 @@ public static Output getDlpDatasets(GetDlpDatasetsArgs arg * <!--End PulumiCodeChooser --> * */ - public static CompletableFuture getDlpDatasetsPlain(GetDlpDatasetsPlainArgs args, InvokeOptions options) { - return Deployment.getInstance().invokeAsync("cloudflare:index/getDlpDatasets:getDlpDatasets", TypeShape.of(GetDlpDatasetsResult.class), args, Utilities.withVersion(options)); + public static CompletableFuture getDlpDatasetsPlain(GetDlpDatasetsPlainArgs args) { + return getDlpDatasetsPlain(args, InvokeOptions.Empty); } /** - * Use this data source to retrieve all Gateway application types for an account. + * Use this data source to retrieve all DLP datasets for an account. * * ## Example Usage * @@ -1476,7 +1645,7 @@ public static CompletableFuture getDlpDatasetsPlain(GetDlp * import com.pulumi.Pulumi; * import com.pulumi.core.Output; * import com.pulumi.cloudflare.CloudflareFunctions; - * import com.pulumi.cloudflare.inputs.GetGatewayAppTypesArgs; + * import com.pulumi.cloudflare.inputs.GetDlpDatasetsArgs; * import java.util.List; * import java.util.ArrayList; * import java.util.Map; @@ -1490,7 +1659,7 @@ public static CompletableFuture getDlpDatasetsPlain(GetDlp * } * * public static void stack(Context ctx) { - * final var example = CloudflareFunctions.getGatewayAppTypes(GetGatewayAppTypesArgs.builder() + * final var example = CloudflareFunctions.getDlpDatasets(GetDlpDatasetsArgs.builder() * .accountId("f037e56e89293a057740de681ac9abbe") * .build()); * @@ -1501,11 +1670,11 @@ public static CompletableFuture getDlpDatasetsPlain(GetDlp * <!--End PulumiCodeChooser --> * */ - public static Output getGatewayAppTypes(GetGatewayAppTypesArgs args) { - return getGatewayAppTypes(args, InvokeOptions.Empty); + public static Output getDlpDatasets(GetDlpDatasetsArgs args, InvokeOptions options) { + return Deployment.getInstance().invoke("cloudflare:index/getDlpDatasets:getDlpDatasets", TypeShape.of(GetDlpDatasetsResult.class), args, Utilities.withVersion(options)); } /** - * Use this data source to retrieve all Gateway application types for an account. + * Use this data source to retrieve all DLP datasets for an account. * * ## Example Usage * @@ -1518,7 +1687,7 @@ public static Output getGatewayAppTypes(GetGatewayAppT * import com.pulumi.Pulumi; * import com.pulumi.core.Output; * import com.pulumi.cloudflare.CloudflareFunctions; - * import com.pulumi.cloudflare.inputs.GetGatewayAppTypesArgs; + * import com.pulumi.cloudflare.inputs.GetDlpDatasetsArgs; * import java.util.List; * import java.util.ArrayList; * import java.util.Map; @@ -1532,7 +1701,7 @@ public static Output getGatewayAppTypes(GetGatewayAppT * } * * public static void stack(Context ctx) { - * final var example = CloudflareFunctions.getGatewayAppTypes(GetGatewayAppTypesArgs.builder() + * final var example = CloudflareFunctions.getDlpDatasets(GetDlpDatasetsArgs.builder() * .accountId("f037e56e89293a057740de681ac9abbe") * .build()); * @@ -1543,11 +1712,11 @@ public static Output getGatewayAppTypes(GetGatewayAppT * <!--End PulumiCodeChooser --> * */ - public static CompletableFuture getGatewayAppTypesPlain(GetGatewayAppTypesPlainArgs args) { - return getGatewayAppTypesPlain(args, InvokeOptions.Empty); + public static Output getDlpDatasets(GetDlpDatasetsArgs args, InvokeOutputOptions options) { + return Deployment.getInstance().invoke("cloudflare:index/getDlpDatasets:getDlpDatasets", TypeShape.of(GetDlpDatasetsResult.class), args, Utilities.withVersion(options)); } /** - * Use this data source to retrieve all Gateway application types for an account. + * Use this data source to retrieve all DLP datasets for an account. * * ## Example Usage * @@ -1560,7 +1729,7 @@ public static CompletableFuture getGatewayAppTypesPlai * import com.pulumi.Pulumi; * import com.pulumi.core.Output; * import com.pulumi.cloudflare.CloudflareFunctions; - * import com.pulumi.cloudflare.inputs.GetGatewayAppTypesArgs; + * import com.pulumi.cloudflare.inputs.GetDlpDatasetsArgs; * import java.util.List; * import java.util.ArrayList; * import java.util.Map; @@ -1574,7 +1743,7 @@ public static CompletableFuture getGatewayAppTypesPlai * } * * public static void stack(Context ctx) { - * final var example = CloudflareFunctions.getGatewayAppTypes(GetGatewayAppTypesArgs.builder() + * final var example = CloudflareFunctions.getDlpDatasets(GetDlpDatasetsArgs.builder() * .accountId("f037e56e89293a057740de681ac9abbe") * .build()); * @@ -1585,8 +1754,8 @@ public static CompletableFuture getGatewayAppTypesPlai * <!--End PulumiCodeChooser --> * */ - public static Output getGatewayAppTypes(GetGatewayAppTypesArgs args, InvokeOptions options) { - return Deployment.getInstance().invoke("cloudflare:index/getGatewayAppTypes:getGatewayAppTypes", TypeShape.of(GetGatewayAppTypesResult.class), args, Utilities.withVersion(options)); + public static CompletableFuture getDlpDatasetsPlain(GetDlpDatasetsPlainArgs args, InvokeOptions options) { + return Deployment.getInstance().invokeAsync("cloudflare:index/getDlpDatasets:getDlpDatasets", TypeShape.of(GetDlpDatasetsResult.class), args, Utilities.withVersion(options)); } /** * Use this data source to retrieve all Gateway application types for an account. @@ -1627,11 +1796,11 @@ public static Output getGatewayAppTypes(GetGatewayAppT * <!--End PulumiCodeChooser --> * */ - public static CompletableFuture getGatewayAppTypesPlain(GetGatewayAppTypesPlainArgs args, InvokeOptions options) { - return Deployment.getInstance().invokeAsync("cloudflare:index/getGatewayAppTypes:getGatewayAppTypes", TypeShape.of(GetGatewayAppTypesResult.class), args, Utilities.withVersion(options)); + public static Output getGatewayAppTypes(GetGatewayAppTypesArgs args) { + return getGatewayAppTypes(args, InvokeOptions.Empty); } /** - * Use this data source to retrieve all Gateway categories for an account. + * Use this data source to retrieve all Gateway application types for an account. * * ## Example Usage * @@ -1644,7 +1813,7 @@ public static CompletableFuture getGatewayAppTypesPlai * import com.pulumi.Pulumi; * import com.pulumi.core.Output; * import com.pulumi.cloudflare.CloudflareFunctions; - * import com.pulumi.cloudflare.inputs.GetGatewayCategoriesArgs; + * import com.pulumi.cloudflare.inputs.GetGatewayAppTypesArgs; * import java.util.List; * import java.util.ArrayList; * import java.util.Map; @@ -1658,7 +1827,7 @@ public static CompletableFuture getGatewayAppTypesPlai * } * * public static void stack(Context ctx) { - * final var example = CloudflareFunctions.getGatewayCategories(GetGatewayCategoriesArgs.builder() + * final var example = CloudflareFunctions.getGatewayAppTypes(GetGatewayAppTypesArgs.builder() * .accountId("f037e56e89293a057740de681ac9abbe") * .build()); * @@ -1669,9 +1838,177 @@ public static CompletableFuture getGatewayAppTypesPlai * <!--End PulumiCodeChooser --> * */ - public static Output getGatewayCategories(GetGatewayCategoriesArgs args) { - return getGatewayCategories(args, InvokeOptions.Empty); - } + public static CompletableFuture getGatewayAppTypesPlain(GetGatewayAppTypesPlainArgs args) { + return getGatewayAppTypesPlain(args, InvokeOptions.Empty); + } + /** + * Use this data source to retrieve all Gateway application types for an account. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.cloudflare.inputs.GetGatewayAppTypesArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var example = CloudflareFunctions.getGatewayAppTypes(GetGatewayAppTypesArgs.builder()
+     *             .accountId("f037e56e89293a057740de681ac9abbe")
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ + public static Output getGatewayAppTypes(GetGatewayAppTypesArgs args, InvokeOptions options) { + return Deployment.getInstance().invoke("cloudflare:index/getGatewayAppTypes:getGatewayAppTypes", TypeShape.of(GetGatewayAppTypesResult.class), args, Utilities.withVersion(options)); + } + /** + * Use this data source to retrieve all Gateway application types for an account. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.cloudflare.inputs.GetGatewayAppTypesArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var example = CloudflareFunctions.getGatewayAppTypes(GetGatewayAppTypesArgs.builder()
+     *             .accountId("f037e56e89293a057740de681ac9abbe")
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ + public static Output getGatewayAppTypes(GetGatewayAppTypesArgs args, InvokeOutputOptions options) { + return Deployment.getInstance().invoke("cloudflare:index/getGatewayAppTypes:getGatewayAppTypes", TypeShape.of(GetGatewayAppTypesResult.class), args, Utilities.withVersion(options)); + } + /** + * Use this data source to retrieve all Gateway application types for an account. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.cloudflare.inputs.GetGatewayAppTypesArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var example = CloudflareFunctions.getGatewayAppTypes(GetGatewayAppTypesArgs.builder()
+     *             .accountId("f037e56e89293a057740de681ac9abbe")
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ + public static CompletableFuture getGatewayAppTypesPlain(GetGatewayAppTypesPlainArgs args, InvokeOptions options) { + return Deployment.getInstance().invokeAsync("cloudflare:index/getGatewayAppTypes:getGatewayAppTypes", TypeShape.of(GetGatewayAppTypesResult.class), args, Utilities.withVersion(options)); + } + /** + * Use this data source to retrieve all Gateway categories for an account. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.cloudflare.inputs.GetGatewayCategoriesArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var example = CloudflareFunctions.getGatewayCategories(GetGatewayCategoriesArgs.builder()
+     *             .accountId("f037e56e89293a057740de681ac9abbe")
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ + public static Output getGatewayCategories(GetGatewayCategoriesArgs args) { + return getGatewayCategories(args, InvokeOptions.Empty); + } /** * Use this data source to retrieve all Gateway categories for an account. * @@ -1756,6 +2093,48 @@ public static CompletableFuture getGatewayCategories public static Output getGatewayCategories(GetGatewayCategoriesArgs args, InvokeOptions options) { return Deployment.getInstance().invoke("cloudflare:index/getGatewayCategories:getGatewayCategories", TypeShape.of(GetGatewayCategoriesResult.class), args, Utilities.withVersion(options)); } + /** + * Use this data source to retrieve all Gateway categories for an account. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.cloudflare.inputs.GetGatewayCategoriesArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var example = CloudflareFunctions.getGatewayCategories(GetGatewayCategoriesArgs.builder()
+     *             .accountId("f037e56e89293a057740de681ac9abbe")
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ + public static Output getGatewayCategories(GetGatewayCategoriesArgs args, InvokeOutputOptions options) { + return Deployment.getInstance().invoke("cloudflare:index/getGatewayCategories:getGatewayCategories", TypeShape.of(GetGatewayCategoriesResult.class), args, Utilities.withVersion(options)); + } /** * Use this data source to retrieve all Gateway categories for an account. * @@ -1967,7 +2346,292 @@ public static Output getInfrastructureAcce * .ipv4("198.51.100.1") * .build()); * - * ctx.export("targets", example.applyValue(getInfrastructureAccessTargetsResult -> getInfrastructureAccessTargetsResult.targets())); + * ctx.export("targets", example.applyValue(getInfrastructureAccessTargetsResult -> getInfrastructureAccessTargetsResult.targets())); + * } + * } + * } + * + * <!--End PulumiCodeChooser --> + * + */ + public static Output getInfrastructureAccessTargets(GetInfrastructureAccessTargetsArgs args, InvokeOutputOptions options) { + return Deployment.getInstance().invoke("cloudflare:index/getInfrastructureAccessTargets:getInfrastructureAccessTargets", TypeShape.of(GetInfrastructureAccessTargetsResult.class), args, Utilities.withVersion(options)); + } + /** + * Use this data source to retrieve all Infrastructure Access Targets. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.cloudflare.inputs.GetInfrastructureAccessTargetsArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var example = CloudflareFunctions.getInfrastructureAccessTargets(GetInfrastructureAccessTargetsArgs.builder()
+     *             .accountId("f037e56e89293a057740de681ac9abbe")
+     *             .hostnameContains("example")
+     *             .ipv4("198.51.100.1")
+     *             .build());
+     * 
+     *         ctx.export("targets", example.applyValue(getInfrastructureAccessTargetsResult -> getInfrastructureAccessTargetsResult.targets()));
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ + public static CompletableFuture getInfrastructureAccessTargetsPlain(GetInfrastructureAccessTargetsPlainArgs args, InvokeOptions options) { + return Deployment.getInstance().invokeAsync("cloudflare:index/getInfrastructureAccessTargets:getInfrastructureAccessTargets", TypeShape.of(GetInfrastructureAccessTargetsResult.class), args, Utilities.withVersion(options)); + } + /** + * Use this data source to get the [IP ranges](https://www.cloudflare.com/ips/) of Cloudflare network. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.example.firewallResource;
+     * import com.pulumi.example.FirewallResourceArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var cloudflare = CloudflareFunctions.getIpRanges();
+     * 
+     *         var example = new FirewallResource("example", FirewallResourceArgs.builder()
+     *             .name("from-cloudflare")
+     *             .network("default")
+     *             .sourceRanges(cloudflare.applyValue(getIpRangesResult -> getIpRangesResult.ipv4CidrBlocks()))
+     *             .allow(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ + public static Output getIpRanges() { + return getIpRanges(InvokeArgs.Empty, InvokeOptions.Empty); + } + /** + * Use this data source to get the [IP ranges](https://www.cloudflare.com/ips/) of Cloudflare network. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.example.firewallResource;
+     * import com.pulumi.example.FirewallResourceArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var cloudflare = CloudflareFunctions.getIpRanges();
+     * 
+     *         var example = new FirewallResource("example", FirewallResourceArgs.builder()
+     *             .name("from-cloudflare")
+     *             .network("default")
+     *             .sourceRanges(cloudflare.applyValue(getIpRangesResult -> getIpRangesResult.ipv4CidrBlocks()))
+     *             .allow(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ + public static CompletableFuture getIpRangesPlain() { + return getIpRangesPlain(InvokeArgs.Empty, InvokeOptions.Empty); + } + /** + * Use this data source to get the [IP ranges](https://www.cloudflare.com/ips/) of Cloudflare network. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.example.firewallResource;
+     * import com.pulumi.example.FirewallResourceArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var cloudflare = CloudflareFunctions.getIpRanges();
+     * 
+     *         var example = new FirewallResource("example", FirewallResourceArgs.builder()
+     *             .name("from-cloudflare")
+     *             .network("default")
+     *             .sourceRanges(cloudflare.applyValue(getIpRangesResult -> getIpRangesResult.ipv4CidrBlocks()))
+     *             .allow(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ + public static Output getIpRanges(InvokeArgs args) { + return getIpRanges(args, InvokeOptions.Empty); + } + /** + * Use this data source to get the [IP ranges](https://www.cloudflare.com/ips/) of Cloudflare network. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.example.firewallResource;
+     * import com.pulumi.example.FirewallResourceArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var cloudflare = CloudflareFunctions.getIpRanges();
+     * 
+     *         var example = new FirewallResource("example", FirewallResourceArgs.builder()
+     *             .name("from-cloudflare")
+     *             .network("default")
+     *             .sourceRanges(cloudflare.applyValue(getIpRangesResult -> getIpRangesResult.ipv4CidrBlocks()))
+     *             .allow(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     *
+ * <!--End PulumiCodeChooser --> + * + */ + public static CompletableFuture getIpRangesPlain(InvokeArgs args) { + return getIpRangesPlain(args, InvokeOptions.Empty); + } + /** + * Use this data source to get the [IP ranges](https://www.cloudflare.com/ips/) of Cloudflare network. + * + * ## Example Usage + * + * <!--Start PulumiCodeChooser --> + * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.example.firewallResource;
+     * import com.pulumi.example.FirewallResourceArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var cloudflare = CloudflareFunctions.getIpRanges();
+     * 
+     *         var example = new FirewallResource("example", FirewallResourceArgs.builder()
+     *             .name("from-cloudflare")
+     *             .network("default")
+     *             .sourceRanges(cloudflare.applyValue(getIpRangesResult -> getIpRangesResult.ipv4CidrBlocks()))
+     *             .allow(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
+     *             .build());
+     * 
      *     }
      * }
      * }
@@ -1975,8 +2639,8 @@ public static Output getInfrastructureAcce
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static CompletableFuture getInfrastructureAccessTargetsPlain(GetInfrastructureAccessTargetsPlainArgs args, InvokeOptions options) {
-        return Deployment.getInstance().invokeAsync("cloudflare:index/getInfrastructureAccessTargets:getInfrastructureAccessTargets", TypeShape.of(GetInfrastructureAccessTargetsResult.class), args, Utilities.withVersion(options));
+    public static Output getIpRanges(InvokeArgs args, InvokeOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getIpRanges:getIpRanges", TypeShape.of(GetIpRangesResult.class), args, Utilities.withVersion(options));
     }
     /**
      * Use this data source to get the [IP ranges](https://www.cloudflare.com/ips/) of Cloudflare network.
@@ -2023,8 +2687,8 @@ public static CompletableFuture getInfrast
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static Output getIpRanges() {
-        return getIpRanges(InvokeArgs.Empty, InvokeOptions.Empty);
+    public static Output getIpRanges(InvokeArgs args, InvokeOutputOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getIpRanges:getIpRanges", TypeShape.of(GetIpRangesResult.class), args, Utilities.withVersion(options));
     }
     /**
      * Use this data source to get the [IP ranges](https://www.cloudflare.com/ips/) of Cloudflare network.
@@ -2071,11 +2735,11 @@ public static Output getIpRanges() {
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static CompletableFuture getIpRangesPlain() {
-        return getIpRangesPlain(InvokeArgs.Empty, InvokeOptions.Empty);
+    public static CompletableFuture getIpRangesPlain(InvokeArgs args, InvokeOptions options) {
+        return Deployment.getInstance().invokeAsync("cloudflare:index/getIpRanges:getIpRanges", TypeShape.of(GetIpRangesResult.class), args, Utilities.withVersion(options));
     }
     /**
-     * Use this data source to get the [IP ranges](https://www.cloudflare.com/ips/) of Cloudflare network.
+     * Use this data source to lookup a [List](https://developers.cloudflare.com/api/operations/lists-get-lists).
      * 
      * ## Example Usage
      * 
@@ -2088,8 +2752,7 @@ public static CompletableFuture getIpRangesPlain() {
      * import com.pulumi.Pulumi;
      * import com.pulumi.core.Output;
      * import com.pulumi.cloudflare.CloudflareFunctions;
-     * import com.pulumi.example.firewallResource;
-     * import com.pulumi.example.FirewallResourceArgs;
+     * import com.pulumi.cloudflare.inputs.GetListArgs;
      * import java.util.List;
      * import java.util.ArrayList;
      * import java.util.Map;
@@ -2103,13 +2766,9 @@ public static CompletableFuture getIpRangesPlain() {
      *     }
      * 
      *     public static void stack(Context ctx) {
-     *         final var cloudflare = CloudflareFunctions.getIpRanges();
-     * 
-     *         var example = new FirewallResource("example", FirewallResourceArgs.builder()
-     *             .name("from-cloudflare")
-     *             .network("default")
-     *             .sourceRanges(cloudflare.applyValue(getIpRangesResult -> getIpRangesResult.ipv4CidrBlocks()))
-     *             .allow(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
+     *         final var example = CloudflareFunctions.getList(GetListArgs.builder()
+     *             .accountId("f037e56e89293a057740de681ac9abbe")
+     *             .name("list_name")
      *             .build());
      * 
      *     }
@@ -2119,11 +2778,11 @@ public static CompletableFuture getIpRangesPlain() {
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static Output getIpRanges(InvokeArgs args) {
-        return getIpRanges(args, InvokeOptions.Empty);
+    public static Output getList(GetListArgs args) {
+        return getList(args, InvokeOptions.Empty);
     }
     /**
-     * Use this data source to get the [IP ranges](https://www.cloudflare.com/ips/) of Cloudflare network.
+     * Use this data source to lookup a [List](https://developers.cloudflare.com/api/operations/lists-get-lists).
      * 
      * ## Example Usage
      * 
@@ -2136,8 +2795,7 @@ public static Output getIpRanges(InvokeArgs args) {
      * import com.pulumi.Pulumi;
      * import com.pulumi.core.Output;
      * import com.pulumi.cloudflare.CloudflareFunctions;
-     * import com.pulumi.example.firewallResource;
-     * import com.pulumi.example.FirewallResourceArgs;
+     * import com.pulumi.cloudflare.inputs.GetListArgs;
      * import java.util.List;
      * import java.util.ArrayList;
      * import java.util.Map;
@@ -2151,13 +2809,9 @@ public static Output getIpRanges(InvokeArgs args) {
      *     }
      * 
      *     public static void stack(Context ctx) {
-     *         final var cloudflare = CloudflareFunctions.getIpRanges();
-     * 
-     *         var example = new FirewallResource("example", FirewallResourceArgs.builder()
-     *             .name("from-cloudflare")
-     *             .network("default")
-     *             .sourceRanges(cloudflare.applyValue(getIpRangesResult -> getIpRangesResult.ipv4CidrBlocks()))
-     *             .allow(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
+     *         final var example = CloudflareFunctions.getList(GetListArgs.builder()
+     *             .accountId("f037e56e89293a057740de681ac9abbe")
+     *             .name("list_name")
      *             .build());
      * 
      *     }
@@ -2167,11 +2821,11 @@ public static Output getIpRanges(InvokeArgs args) {
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static CompletableFuture getIpRangesPlain(InvokeArgs args) {
-        return getIpRangesPlain(args, InvokeOptions.Empty);
+    public static CompletableFuture getListPlain(GetListPlainArgs args) {
+        return getListPlain(args, InvokeOptions.Empty);
     }
     /**
-     * Use this data source to get the [IP ranges](https://www.cloudflare.com/ips/) of Cloudflare network.
+     * Use this data source to lookup a [List](https://developers.cloudflare.com/api/operations/lists-get-lists).
      * 
      * ## Example Usage
      * 
@@ -2184,8 +2838,7 @@ public static CompletableFuture getIpRangesPlain(InvokeArgs a
      * import com.pulumi.Pulumi;
      * import com.pulumi.core.Output;
      * import com.pulumi.cloudflare.CloudflareFunctions;
-     * import com.pulumi.example.firewallResource;
-     * import com.pulumi.example.FirewallResourceArgs;
+     * import com.pulumi.cloudflare.inputs.GetListArgs;
      * import java.util.List;
      * import java.util.ArrayList;
      * import java.util.Map;
@@ -2199,13 +2852,9 @@ public static CompletableFuture getIpRangesPlain(InvokeArgs a
      *     }
      * 
      *     public static void stack(Context ctx) {
-     *         final var cloudflare = CloudflareFunctions.getIpRanges();
-     * 
-     *         var example = new FirewallResource("example", FirewallResourceArgs.builder()
-     *             .name("from-cloudflare")
-     *             .network("default")
-     *             .sourceRanges(cloudflare.applyValue(getIpRangesResult -> getIpRangesResult.ipv4CidrBlocks()))
-     *             .allow(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
+     *         final var example = CloudflareFunctions.getList(GetListArgs.builder()
+     *             .accountId("f037e56e89293a057740de681ac9abbe")
+     *             .name("list_name")
      *             .build());
      * 
      *     }
@@ -2215,11 +2864,11 @@ public static CompletableFuture getIpRangesPlain(InvokeArgs a
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static Output getIpRanges(InvokeArgs args, InvokeOptions options) {
-        return Deployment.getInstance().invoke("cloudflare:index/getIpRanges:getIpRanges", TypeShape.of(GetIpRangesResult.class), args, Utilities.withVersion(options));
+    public static Output getList(GetListArgs args, InvokeOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getList:getList", TypeShape.of(GetListResult.class), args, Utilities.withVersion(options));
     }
     /**
-     * Use this data source to get the [IP ranges](https://www.cloudflare.com/ips/) of Cloudflare network.
+     * Use this data source to lookup a [List](https://developers.cloudflare.com/api/operations/lists-get-lists).
      * 
      * ## Example Usage
      * 
@@ -2232,8 +2881,7 @@ public static Output getIpRanges(InvokeArgs args, InvokeOptio
      * import com.pulumi.Pulumi;
      * import com.pulumi.core.Output;
      * import com.pulumi.cloudflare.CloudflareFunctions;
-     * import com.pulumi.example.firewallResource;
-     * import com.pulumi.example.FirewallResourceArgs;
+     * import com.pulumi.cloudflare.inputs.GetListArgs;
      * import java.util.List;
      * import java.util.ArrayList;
      * import java.util.Map;
@@ -2247,13 +2895,9 @@ public static Output getIpRanges(InvokeArgs args, InvokeOptio
      *     }
      * 
      *     public static void stack(Context ctx) {
-     *         final var cloudflare = CloudflareFunctions.getIpRanges();
-     * 
-     *         var example = new FirewallResource("example", FirewallResourceArgs.builder()
-     *             .name("from-cloudflare")
-     *             .network("default")
-     *             .sourceRanges(cloudflare.applyValue(getIpRangesResult -> getIpRangesResult.ipv4CidrBlocks()))
-     *             .allow(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
+     *         final var example = CloudflareFunctions.getList(GetListArgs.builder()
+     *             .accountId("f037e56e89293a057740de681ac9abbe")
+     *             .name("list_name")
      *             .build());
      * 
      *     }
@@ -2263,8 +2907,8 @@ public static Output getIpRanges(InvokeArgs args, InvokeOptio
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static CompletableFuture getIpRangesPlain(InvokeArgs args, InvokeOptions options) {
-        return Deployment.getInstance().invokeAsync("cloudflare:index/getIpRanges:getIpRanges", TypeShape.of(GetIpRangesResult.class), args, Utilities.withVersion(options));
+    public static Output getList(GetListArgs args, InvokeOutputOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getList:getList", TypeShape.of(GetListResult.class), args, Utilities.withVersion(options));
     }
     /**
      * Use this data source to lookup a [List](https://developers.cloudflare.com/api/operations/lists-get-lists).
@@ -2306,11 +2950,11 @@ public static CompletableFuture getIpRangesPlain(InvokeArgs a
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static Output getList(GetListArgs args) {
-        return getList(args, InvokeOptions.Empty);
+    public static CompletableFuture getListPlain(GetListPlainArgs args, InvokeOptions options) {
+        return Deployment.getInstance().invokeAsync("cloudflare:index/getList:getList", TypeShape.of(GetListResult.class), args, Utilities.withVersion(options));
     }
     /**
-     * Use this data source to lookup a [List](https://developers.cloudflare.com/api/operations/lists-get-lists).
+     * Use this data source to lookup [Lists](https://developers.cloudflare.com/api/operations/lists-get-lists).
      * 
      * ## Example Usage
      * 
@@ -2323,7 +2967,7 @@ public static Output getList(GetListArgs args) {
      * import com.pulumi.Pulumi;
      * import com.pulumi.core.Output;
      * import com.pulumi.cloudflare.CloudflareFunctions;
-     * import com.pulumi.cloudflare.inputs.GetListArgs;
+     * import com.pulumi.cloudflare.inputs.GetListsArgs;
      * import java.util.List;
      * import java.util.ArrayList;
      * import java.util.Map;
@@ -2337,9 +2981,8 @@ public static Output getList(GetListArgs args) {
      *     }
      * 
      *     public static void stack(Context ctx) {
-     *         final var example = CloudflareFunctions.getList(GetListArgs.builder()
+     *         final var example = CloudflareFunctions.getLists(GetListsArgs.builder()
      *             .accountId("f037e56e89293a057740de681ac9abbe")
-     *             .name("list_name")
      *             .build());
      * 
      *     }
@@ -2349,11 +2992,11 @@ public static Output getList(GetListArgs args) {
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static CompletableFuture getListPlain(GetListPlainArgs args) {
-        return getListPlain(args, InvokeOptions.Empty);
+    public static Output getLists(GetListsArgs args) {
+        return getLists(args, InvokeOptions.Empty);
     }
     /**
-     * Use this data source to lookup a [List](https://developers.cloudflare.com/api/operations/lists-get-lists).
+     * Use this data source to lookup [Lists](https://developers.cloudflare.com/api/operations/lists-get-lists).
      * 
      * ## Example Usage
      * 
@@ -2366,7 +3009,7 @@ public static CompletableFuture getListPlain(GetListPlainArgs arg
      * import com.pulumi.Pulumi;
      * import com.pulumi.core.Output;
      * import com.pulumi.cloudflare.CloudflareFunctions;
-     * import com.pulumi.cloudflare.inputs.GetListArgs;
+     * import com.pulumi.cloudflare.inputs.GetListsArgs;
      * import java.util.List;
      * import java.util.ArrayList;
      * import java.util.Map;
@@ -2380,9 +3023,8 @@ public static CompletableFuture getListPlain(GetListPlainArgs arg
      *     }
      * 
      *     public static void stack(Context ctx) {
-     *         final var example = CloudflareFunctions.getList(GetListArgs.builder()
+     *         final var example = CloudflareFunctions.getLists(GetListsArgs.builder()
      *             .accountId("f037e56e89293a057740de681ac9abbe")
-     *             .name("list_name")
      *             .build());
      * 
      *     }
@@ -2392,11 +3034,11 @@ public static CompletableFuture getListPlain(GetListPlainArgs arg
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static Output getList(GetListArgs args, InvokeOptions options) {
-        return Deployment.getInstance().invoke("cloudflare:index/getList:getList", TypeShape.of(GetListResult.class), args, Utilities.withVersion(options));
+    public static CompletableFuture getListsPlain(GetListsPlainArgs args) {
+        return getListsPlain(args, InvokeOptions.Empty);
     }
     /**
-     * Use this data source to lookup a [List](https://developers.cloudflare.com/api/operations/lists-get-lists).
+     * Use this data source to lookup [Lists](https://developers.cloudflare.com/api/operations/lists-get-lists).
      * 
      * ## Example Usage
      * 
@@ -2409,7 +3051,7 @@ public static Output getList(GetListArgs args, InvokeOptions opti
      * import com.pulumi.Pulumi;
      * import com.pulumi.core.Output;
      * import com.pulumi.cloudflare.CloudflareFunctions;
-     * import com.pulumi.cloudflare.inputs.GetListArgs;
+     * import com.pulumi.cloudflare.inputs.GetListsArgs;
      * import java.util.List;
      * import java.util.ArrayList;
      * import java.util.Map;
@@ -2423,9 +3065,8 @@ public static Output getList(GetListArgs args, InvokeOptions opti
      *     }
      * 
      *     public static void stack(Context ctx) {
-     *         final var example = CloudflareFunctions.getList(GetListArgs.builder()
+     *         final var example = CloudflareFunctions.getLists(GetListsArgs.builder()
      *             .accountId("f037e56e89293a057740de681ac9abbe")
-     *             .name("list_name")
      *             .build());
      * 
      *     }
@@ -2435,8 +3076,8 @@ public static Output getList(GetListArgs args, InvokeOptions opti
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static CompletableFuture getListPlain(GetListPlainArgs args, InvokeOptions options) {
-        return Deployment.getInstance().invokeAsync("cloudflare:index/getList:getList", TypeShape.of(GetListResult.class), args, Utilities.withVersion(options));
+    public static Output getLists(GetListsArgs args, InvokeOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getLists:getLists", TypeShape.of(GetListsResult.class), args, Utilities.withVersion(options));
     }
     /**
      * Use this data source to lookup [Lists](https://developers.cloudflare.com/api/operations/lists-get-lists).
@@ -2477,8 +3118,8 @@ public static CompletableFuture getListPlain(GetListPlainArgs arg
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static Output getLists(GetListsArgs args) {
-        return getLists(args, InvokeOptions.Empty);
+    public static Output getLists(GetListsArgs args, InvokeOutputOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getLists:getLists", TypeShape.of(GetListsResult.class), args, Utilities.withVersion(options));
     }
     /**
      * Use this data source to lookup [Lists](https://developers.cloudflare.com/api/operations/lists-get-lists).
@@ -2519,11 +3160,11 @@ public static Output getLists(GetListsArgs args) {
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static CompletableFuture getListsPlain(GetListsPlainArgs args) {
-        return getListsPlain(args, InvokeOptions.Empty);
+    public static CompletableFuture getListsPlain(GetListsPlainArgs args, InvokeOptions options) {
+        return Deployment.getInstance().invokeAsync("cloudflare:index/getLists:getLists", TypeShape.of(GetListsResult.class), args, Utilities.withVersion(options));
     }
     /**
-     * Use this data source to lookup [Lists](https://developers.cloudflare.com/api/operations/lists-get-lists).
+     * A datasource to find Load Balancer Pools.
      * 
      * ## Example Usage
      * 
@@ -2536,7 +3177,8 @@ public static CompletableFuture getListsPlain(GetListsPlainArgs
      * import com.pulumi.Pulumi;
      * import com.pulumi.core.Output;
      * import com.pulumi.cloudflare.CloudflareFunctions;
-     * import com.pulumi.cloudflare.inputs.GetListsArgs;
+     * import com.pulumi.cloudflare.inputs.GetLoadBalancerPoolsArgs;
+     * import com.pulumi.cloudflare.inputs.GetLoadBalancerPoolsFilterArgs;
      * import java.util.List;
      * import java.util.ArrayList;
      * import java.util.Map;
@@ -2550,8 +3192,11 @@ public static CompletableFuture getListsPlain(GetListsPlainArgs
      *     }
      * 
      *     public static void stack(Context ctx) {
-     *         final var example = CloudflareFunctions.getLists(GetListsArgs.builder()
+     *         final var example = CloudflareFunctions.getLoadBalancerPools(GetLoadBalancerPoolsArgs.builder()
      *             .accountId("f037e56e89293a057740de681ac9abbe")
+     *             .filter(GetLoadBalancerPoolsFilterArgs.builder()
+     *                 .name("example-lb-pool")
+     *                 .build())
      *             .build());
      * 
      *     }
@@ -2561,11 +3206,11 @@ public static CompletableFuture getListsPlain(GetListsPlainArgs
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static Output getLists(GetListsArgs args, InvokeOptions options) {
-        return Deployment.getInstance().invoke("cloudflare:index/getLists:getLists", TypeShape.of(GetListsResult.class), args, Utilities.withVersion(options));
+    public static Output getLoadBalancerPools(GetLoadBalancerPoolsArgs args) {
+        return getLoadBalancerPools(args, InvokeOptions.Empty);
     }
     /**
-     * Use this data source to lookup [Lists](https://developers.cloudflare.com/api/operations/lists-get-lists).
+     * A datasource to find Load Balancer Pools.
      * 
      * ## Example Usage
      * 
@@ -2578,7 +3223,8 @@ public static Output getLists(GetListsArgs args, InvokeOptions o
      * import com.pulumi.Pulumi;
      * import com.pulumi.core.Output;
      * import com.pulumi.cloudflare.CloudflareFunctions;
-     * import com.pulumi.cloudflare.inputs.GetListsArgs;
+     * import com.pulumi.cloudflare.inputs.GetLoadBalancerPoolsArgs;
+     * import com.pulumi.cloudflare.inputs.GetLoadBalancerPoolsFilterArgs;
      * import java.util.List;
      * import java.util.ArrayList;
      * import java.util.Map;
@@ -2592,8 +3238,11 @@ public static Output getLists(GetListsArgs args, InvokeOptions o
      *     }
      * 
      *     public static void stack(Context ctx) {
-     *         final var example = CloudflareFunctions.getLists(GetListsArgs.builder()
+     *         final var example = CloudflareFunctions.getLoadBalancerPools(GetLoadBalancerPoolsArgs.builder()
      *             .accountId("f037e56e89293a057740de681ac9abbe")
+     *             .filter(GetLoadBalancerPoolsFilterArgs.builder()
+     *                 .name("example-lb-pool")
+     *                 .build())
      *             .build());
      * 
      *     }
@@ -2603,8 +3252,8 @@ public static Output getLists(GetListsArgs args, InvokeOptions o
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static CompletableFuture getListsPlain(GetListsPlainArgs args, InvokeOptions options) {
-        return Deployment.getInstance().invokeAsync("cloudflare:index/getLists:getLists", TypeShape.of(GetListsResult.class), args, Utilities.withVersion(options));
+    public static CompletableFuture getLoadBalancerPoolsPlain(GetLoadBalancerPoolsPlainArgs args) {
+        return getLoadBalancerPoolsPlain(args, InvokeOptions.Empty);
     }
     /**
      * A datasource to find Load Balancer Pools.
@@ -2649,8 +3298,8 @@ public static CompletableFuture getListsPlain(GetListsPlainArgs
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static Output getLoadBalancerPools(GetLoadBalancerPoolsArgs args) {
-        return getLoadBalancerPools(args, InvokeOptions.Empty);
+    public static Output getLoadBalancerPools(GetLoadBalancerPoolsArgs args, InvokeOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getLoadBalancerPools:getLoadBalancerPools", TypeShape.of(GetLoadBalancerPoolsResult.class), args, Utilities.withVersion(options));
     }
     /**
      * A datasource to find Load Balancer Pools.
@@ -2695,8 +3344,8 @@ public static Output getLoadBalancerPools(GetLoadBal
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static CompletableFuture getLoadBalancerPoolsPlain(GetLoadBalancerPoolsPlainArgs args) {
-        return getLoadBalancerPoolsPlain(args, InvokeOptions.Empty);
+    public static Output getLoadBalancerPools(GetLoadBalancerPoolsArgs args, InvokeOutputOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getLoadBalancerPools:getLoadBalancerPools", TypeShape.of(GetLoadBalancerPoolsResult.class), args, Utilities.withVersion(options));
     }
     /**
      * A datasource to find Load Balancer Pools.
@@ -2741,11 +3390,95 @@ public static CompletableFuture getLoadBalancerPools
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static Output getLoadBalancerPools(GetLoadBalancerPoolsArgs args, InvokeOptions options) {
-        return Deployment.getInstance().invoke("cloudflare:index/getLoadBalancerPools:getLoadBalancerPools", TypeShape.of(GetLoadBalancerPoolsResult.class), args, Utilities.withVersion(options));
+    public static CompletableFuture getLoadBalancerPoolsPlain(GetLoadBalancerPoolsPlainArgs args, InvokeOptions options) {
+        return Deployment.getInstance().invokeAsync("cloudflare:index/getLoadBalancerPools:getLoadBalancerPools", TypeShape.of(GetLoadBalancerPoolsResult.class), args, Utilities.withVersion(options));
+    }
+    /**
+     * Use this data source to retrieve an existing origin ca certificate.
+     * 
+     * ## Example Usage
+     * 
+     * <!--Start PulumiCodeChooser -->
+     * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.cloudflare.inputs.GetOriginCaCertificateArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var example = CloudflareFunctions.getOriginCaCertificate(GetOriginCaCertificateArgs.builder()
+     *             .id("REPLACE_ME")
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     * 

+     * <!--End PulumiCodeChooser -->
+     * 
+     */
+    public static Output getOriginCaCertificate(GetOriginCaCertificateArgs args) {
+        return getOriginCaCertificate(args, InvokeOptions.Empty);
+    }
+    /**
+     * Use this data source to retrieve an existing origin ca certificate.
+     * 
+     * ## Example Usage
+     * 
+     * <!--Start PulumiCodeChooser -->
+     * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.cloudflare.inputs.GetOriginCaCertificateArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var example = CloudflareFunctions.getOriginCaCertificate(GetOriginCaCertificateArgs.builder()
+     *             .id("REPLACE_ME")
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     * 

+     * <!--End PulumiCodeChooser -->
+     * 
+     */
+    public static CompletableFuture getOriginCaCertificatePlain(GetOriginCaCertificatePlainArgs args) {
+        return getOriginCaCertificatePlain(args, InvokeOptions.Empty);
     }
     /**
-     * A datasource to find Load Balancer Pools.
+     * Use this data source to retrieve an existing origin ca certificate.
      * 
      * ## Example Usage
      * 
@@ -2758,8 +3491,7 @@ public static Output getLoadBalancerPools(GetLoadBal
      * import com.pulumi.Pulumi;
      * import com.pulumi.core.Output;
      * import com.pulumi.cloudflare.CloudflareFunctions;
-     * import com.pulumi.cloudflare.inputs.GetLoadBalancerPoolsArgs;
-     * import com.pulumi.cloudflare.inputs.GetLoadBalancerPoolsFilterArgs;
+     * import com.pulumi.cloudflare.inputs.GetOriginCaCertificateArgs;
      * import java.util.List;
      * import java.util.ArrayList;
      * import java.util.Map;
@@ -2773,11 +3505,8 @@ public static Output getLoadBalancerPools(GetLoadBal
      *     }
      * 
      *     public static void stack(Context ctx) {
-     *         final var example = CloudflareFunctions.getLoadBalancerPools(GetLoadBalancerPoolsArgs.builder()
-     *             .accountId("f037e56e89293a057740de681ac9abbe")
-     *             .filter(GetLoadBalancerPoolsFilterArgs.builder()
-     *                 .name("example-lb-pool")
-     *                 .build())
+     *         final var example = CloudflareFunctions.getOriginCaCertificate(GetOriginCaCertificateArgs.builder()
+     *             .id("REPLACE_ME")
      *             .build());
      * 
      *     }
@@ -2787,8 +3516,8 @@ public static Output getLoadBalancerPools(GetLoadBal
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static CompletableFuture getLoadBalancerPoolsPlain(GetLoadBalancerPoolsPlainArgs args, InvokeOptions options) {
-        return Deployment.getInstance().invokeAsync("cloudflare:index/getLoadBalancerPools:getLoadBalancerPools", TypeShape.of(GetLoadBalancerPoolsResult.class), args, Utilities.withVersion(options));
+    public static Output getOriginCaCertificate(GetOriginCaCertificateArgs args, InvokeOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getOriginCaCertificate:getOriginCaCertificate", TypeShape.of(GetOriginCaCertificateResult.class), args, Utilities.withVersion(options));
     }
     /**
      * Use this data source to retrieve an existing origin ca certificate.
@@ -2829,8 +3558,8 @@ public static CompletableFuture getLoadBalancerPools
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static Output getOriginCaCertificate(GetOriginCaCertificateArgs args) {
-        return getOriginCaCertificate(args, InvokeOptions.Empty);
+    public static Output getOriginCaCertificate(GetOriginCaCertificateArgs args, InvokeOutputOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getOriginCaCertificate:getOriginCaCertificate", TypeShape.of(GetOriginCaCertificateResult.class), args, Utilities.withVersion(options));
     }
     /**
      * Use this data source to retrieve an existing origin ca certificate.
@@ -2871,11 +3600,13 @@ public static Output getOriginCaCertificate(GetOri
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static CompletableFuture getOriginCaCertificatePlain(GetOriginCaCertificatePlainArgs args) {
-        return getOriginCaCertificatePlain(args, InvokeOptions.Empty);
+    public static CompletableFuture getOriginCaCertificatePlain(GetOriginCaCertificatePlainArgs args, InvokeOptions options) {
+        return Deployment.getInstance().invokeAsync("cloudflare:index/getOriginCaCertificate:getOriginCaCertificate", TypeShape.of(GetOriginCaCertificateResult.class), args, Utilities.withVersion(options));
     }
     /**
-     * Use this data source to retrieve an existing origin ca certificate.
+     * Use this data source to get the
+     * [Origin CA root certificate](https://developers.cloudflare.com/ssl/origin-configuration/origin-ca#4-required-for-some-add-cloudflare-origin-ca-root-certificates)
+     * for a given algorithm."
      * 
      * ## Example Usage
      * 
@@ -2888,7 +3619,7 @@ public static CompletableFuture getOriginCaCertifi
      * import com.pulumi.Pulumi;
      * import com.pulumi.core.Output;
      * import com.pulumi.cloudflare.CloudflareFunctions;
-     * import com.pulumi.cloudflare.inputs.GetOriginCaCertificateArgs;
+     * import com.pulumi.cloudflare.inputs.GetOriginCaRootCertificateArgs;
      * import java.util.List;
      * import java.util.ArrayList;
      * import java.util.Map;
@@ -2902,8 +3633,8 @@ public static CompletableFuture getOriginCaCertifi
      *     }
      * 
      *     public static void stack(Context ctx) {
-     *         final var example = CloudflareFunctions.getOriginCaCertificate(GetOriginCaCertificateArgs.builder()
-     *             .id("REPLACE_ME")
+     *         final var example = CloudflareFunctions.getOriginCaRootCertificate(GetOriginCaRootCertificateArgs.builder()
+     *             .algorithm("rsa")
      *             .build());
      * 
      *     }
@@ -2913,11 +3644,13 @@ public static CompletableFuture getOriginCaCertifi
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static Output getOriginCaCertificate(GetOriginCaCertificateArgs args, InvokeOptions options) {
-        return Deployment.getInstance().invoke("cloudflare:index/getOriginCaCertificate:getOriginCaCertificate", TypeShape.of(GetOriginCaCertificateResult.class), args, Utilities.withVersion(options));
+    public static Output getOriginCaRootCertificate(GetOriginCaRootCertificateArgs args) {
+        return getOriginCaRootCertificate(args, InvokeOptions.Empty);
     }
     /**
-     * Use this data source to retrieve an existing origin ca certificate.
+     * Use this data source to get the
+     * [Origin CA root certificate](https://developers.cloudflare.com/ssl/origin-configuration/origin-ca#4-required-for-some-add-cloudflare-origin-ca-root-certificates)
+     * for a given algorithm."
      * 
      * ## Example Usage
      * 
@@ -2930,7 +3663,7 @@ public static Output getOriginCaCertificate(GetOri
      * import com.pulumi.Pulumi;
      * import com.pulumi.core.Output;
      * import com.pulumi.cloudflare.CloudflareFunctions;
-     * import com.pulumi.cloudflare.inputs.GetOriginCaCertificateArgs;
+     * import com.pulumi.cloudflare.inputs.GetOriginCaRootCertificateArgs;
      * import java.util.List;
      * import java.util.ArrayList;
      * import java.util.Map;
@@ -2944,8 +3677,8 @@ public static Output getOriginCaCertificate(GetOri
      *     }
      * 
      *     public static void stack(Context ctx) {
-     *         final var example = CloudflareFunctions.getOriginCaCertificate(GetOriginCaCertificateArgs.builder()
-     *             .id("REPLACE_ME")
+     *         final var example = CloudflareFunctions.getOriginCaRootCertificate(GetOriginCaRootCertificateArgs.builder()
+     *             .algorithm("rsa")
      *             .build());
      * 
      *     }
@@ -2955,8 +3688,8 @@ public static Output getOriginCaCertificate(GetOri
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static CompletableFuture getOriginCaCertificatePlain(GetOriginCaCertificatePlainArgs args, InvokeOptions options) {
-        return Deployment.getInstance().invokeAsync("cloudflare:index/getOriginCaCertificate:getOriginCaCertificate", TypeShape.of(GetOriginCaCertificateResult.class), args, Utilities.withVersion(options));
+    public static CompletableFuture getOriginCaRootCertificatePlain(GetOriginCaRootCertificatePlainArgs args) {
+        return getOriginCaRootCertificatePlain(args, InvokeOptions.Empty);
     }
     /**
      * Use this data source to get the
@@ -2999,8 +3732,8 @@ public static CompletableFuture getOriginCaCertifi
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static Output getOriginCaRootCertificate(GetOriginCaRootCertificateArgs args) {
-        return getOriginCaRootCertificate(args, InvokeOptions.Empty);
+    public static Output getOriginCaRootCertificate(GetOriginCaRootCertificateArgs args, InvokeOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getOriginCaRootCertificate:getOriginCaRootCertificate", TypeShape.of(GetOriginCaRootCertificateResult.class), args, Utilities.withVersion(options));
     }
     /**
      * Use this data source to get the
@@ -3043,8 +3776,8 @@ public static Output getOriginCaRootCertificat
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static CompletableFuture getOriginCaRootCertificatePlain(GetOriginCaRootCertificatePlainArgs args) {
-        return getOriginCaRootCertificatePlain(args, InvokeOptions.Empty);
+    public static Output getOriginCaRootCertificate(GetOriginCaRootCertificateArgs args, InvokeOutputOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getOriginCaRootCertificate:getOriginCaRootCertificate", TypeShape.of(GetOriginCaRootCertificateResult.class), args, Utilities.withVersion(options));
     }
     /**
      * Use this data source to get the
@@ -3087,13 +3820,11 @@ public static CompletableFuture getOriginCaRoo
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static Output getOriginCaRootCertificate(GetOriginCaRootCertificateArgs args, InvokeOptions options) {
-        return Deployment.getInstance().invoke("cloudflare:index/getOriginCaRootCertificate:getOriginCaRootCertificate", TypeShape.of(GetOriginCaRootCertificateResult.class), args, Utilities.withVersion(options));
+    public static CompletableFuture getOriginCaRootCertificatePlain(GetOriginCaRootCertificatePlainArgs args, InvokeOptions options) {
+        return Deployment.getInstance().invokeAsync("cloudflare:index/getOriginCaRootCertificate:getOriginCaRootCertificate", TypeShape.of(GetOriginCaRootCertificateResult.class), args, Utilities.withVersion(options));
     }
     /**
-     * Use this data source to get the
-     * [Origin CA root certificate](https://developers.cloudflare.com/ssl/origin-configuration/origin-ca#4-required-for-some-add-cloudflare-origin-ca-root-certificates)
-     * for a given algorithm."
+     * Use this data source to lookup a single [DNS Record](https://api.cloudflare.com/#dns-records-for-a-zone-properties).
      * 
      * ## Example Usage
      * 
@@ -3106,7 +3837,7 @@ public static Output getOriginCaRootCertificat
      * import com.pulumi.Pulumi;
      * import com.pulumi.core.Output;
      * import com.pulumi.cloudflare.CloudflareFunctions;
-     * import com.pulumi.cloudflare.inputs.GetOriginCaRootCertificateArgs;
+     * import com.pulumi.cloudflare.inputs.GetRecordArgs;
      * import java.util.List;
      * import java.util.ArrayList;
      * import java.util.Map;
@@ -3120,8 +3851,9 @@ public static Output getOriginCaRootCertificat
      *     }
      * 
      *     public static void stack(Context ctx) {
-     *         final var example = CloudflareFunctions.getOriginCaRootCertificate(GetOriginCaRootCertificateArgs.builder()
-     *             .algorithm("rsa")
+     *         final var example = CloudflareFunctions.getRecord(GetRecordArgs.builder()
+     *             .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
+     *             .hostname("example.com")
      *             .build());
      * 
      *     }
@@ -3131,8 +3863,8 @@ public static Output getOriginCaRootCertificat
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static CompletableFuture getOriginCaRootCertificatePlain(GetOriginCaRootCertificatePlainArgs args, InvokeOptions options) {
-        return Deployment.getInstance().invokeAsync("cloudflare:index/getOriginCaRootCertificate:getOriginCaRootCertificate", TypeShape.of(GetOriginCaRootCertificateResult.class), args, Utilities.withVersion(options));
+    public static Output getRecord(GetRecordArgs args) {
+        return getRecord(args, InvokeOptions.Empty);
     }
     /**
      * Use this data source to lookup a single [DNS Record](https://api.cloudflare.com/#dns-records-for-a-zone-properties).
@@ -3174,8 +3906,8 @@ public static CompletableFuture getOriginCaRoo
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static Output getRecord(GetRecordArgs args) {
-        return getRecord(args, InvokeOptions.Empty);
+    public static CompletableFuture getRecordPlain(GetRecordPlainArgs args) {
+        return getRecordPlain(args, InvokeOptions.Empty);
     }
     /**
      * Use this data source to lookup a single [DNS Record](https://api.cloudflare.com/#dns-records-for-a-zone-properties).
@@ -3217,8 +3949,8 @@ public static Output getRecord(GetRecordArgs args) {
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static CompletableFuture getRecordPlain(GetRecordPlainArgs args) {
-        return getRecordPlain(args, InvokeOptions.Empty);
+    public static Output getRecord(GetRecordArgs args, InvokeOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getRecord:getRecord", TypeShape.of(GetRecordResult.class), args, Utilities.withVersion(options));
     }
     /**
      * Use this data source to lookup a single [DNS Record](https://api.cloudflare.com/#dns-records-for-a-zone-properties).
@@ -3260,7 +3992,7 @@ public static CompletableFuture getRecordPlain(GetRecordPlainAr
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static Output getRecord(GetRecordArgs args, InvokeOptions options) {
+    public static Output getRecord(GetRecordArgs args, InvokeOutputOptions options) {
         return Deployment.getInstance().invoke("cloudflare:index/getRecord:getRecord", TypeShape.of(GetRecordResult.class), args, Utilities.withVersion(options));
     }
     /**
@@ -3536,6 +4268,52 @@ public static CompletableFuture getRulesetsPlain(GetRulesetsP
     public static Output getRulesets(GetRulesetsArgs args, InvokeOptions options) {
         return Deployment.getInstance().invoke("cloudflare:index/getRulesets:getRulesets", TypeShape.of(GetRulesetsResult.class), args, Utilities.withVersion(options));
     }
+    /**
+     * Use this datasource to lookup Rulesets in an account or zone.
+     * 
+     * ## Example Usage
+     * 
+     * <!--Start PulumiCodeChooser -->
+     * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.cloudflare.inputs.GetRulesetsArgs;
+     * import com.pulumi.cloudflare.inputs.GetRulesetsFilterArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var example = CloudflareFunctions.getRulesets(GetRulesetsArgs.builder()
+     *             .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
+     *             .filter(GetRulesetsFilterArgs.builder()
+     *                 .name(".*OWASP.*")
+     *                 .build())
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     * 

+     * <!--End PulumiCodeChooser -->
+     * 
+     */
+    public static Output getRulesets(GetRulesetsArgs args, InvokeOutputOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getRulesets:getRulesets", TypeShape.of(GetRulesetsResult.class), args, Utilities.withVersion(options));
+    }
     /**
      * Use this datasource to lookup Rulesets in an account or zone.
      * 
@@ -3711,6 +4489,49 @@ public static CompletableFuture getTunnelPlain(GetTunnelPlainAr
     public static Output getTunnel(GetTunnelArgs args, InvokeOptions options) {
         return Deployment.getInstance().invoke("cloudflare:index/getTunnel:getTunnel", TypeShape.of(GetTunnelResult.class), args, Utilities.withVersion(options));
     }
+    /**
+     * Use this datasource to lookup a tunnel in an account.
+     * 
+     * ## Example Usage
+     * 
+     * <!--Start PulumiCodeChooser -->
+     * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.cloudflare.inputs.GetTunnelArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var example = CloudflareFunctions.getTunnel(GetTunnelArgs.builder()
+     *             .accountId("f037e56e89293a057740de681ac9abbe")
+     *             .name("my-tunnel")
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     * 

+     * <!--End PulumiCodeChooser -->
+     * 
+     */
+    public static Output getTunnel(GetTunnelArgs args, InvokeOutputOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getTunnel:getTunnel", TypeShape.of(GetTunnelResult.class), args, Utilities.withVersion(options));
+    }
     /**
      * Use this datasource to lookup a tunnel in an account.
      * 
@@ -3884,7 +4705,93 @@ public static Output getTunnelVirtualNetwork(GetT
         return Deployment.getInstance().invoke("cloudflare:index/getTunnelVirtualNetwork:getTunnelVirtualNetwork", TypeShape.of(GetTunnelVirtualNetworkResult.class), args, Utilities.withVersion(options));
     }
     /**
-     * Use this datasource to lookup a tunnel virtual network in an account.
+     * Use this datasource to lookup a tunnel virtual network in an account.
+     * 
+     * ## Example Usage
+     * 
+     * <!--Start PulumiCodeChooser -->
+     * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.cloudflare.inputs.GetTunnelVirtualNetworkArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var example = CloudflareFunctions.getTunnelVirtualNetwork(GetTunnelVirtualNetworkArgs.builder()
+     *             .accountId("f037e56e89293a057740de681ac9abbe")
+     *             .name("example")
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     * 

+     * <!--End PulumiCodeChooser -->
+     * 
+     */
+    public static Output getTunnelVirtualNetwork(GetTunnelVirtualNetworkArgs args, InvokeOutputOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getTunnelVirtualNetwork:getTunnelVirtualNetwork", TypeShape.of(GetTunnelVirtualNetworkResult.class), args, Utilities.withVersion(options));
+    }
+    /**
+     * Use this datasource to lookup a tunnel virtual network in an account.
+     * 
+     * ## Example Usage
+     * 
+     * <!--Start PulumiCodeChooser -->
+     * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.cloudflare.inputs.GetTunnelVirtualNetworkArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var example = CloudflareFunctions.getTunnelVirtualNetwork(GetTunnelVirtualNetworkArgs.builder()
+     *             .accountId("f037e56e89293a057740de681ac9abbe")
+     *             .name("example")
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     * 

+     * <!--End PulumiCodeChooser -->
+     * 
+     */
+    public static CompletableFuture getTunnelVirtualNetworkPlain(GetTunnelVirtualNetworkPlainArgs args, InvokeOptions options) {
+        return Deployment.getInstance().invokeAsync("cloudflare:index/getTunnelVirtualNetwork:getTunnelVirtualNetwork", TypeShape.of(GetTunnelVirtualNetworkResult.class), args, Utilities.withVersion(options));
+    }
+    /**
+     * Use this data source to retrieve information about the currently authenticated user.
      * 
      * ## Example Usage
      * 
@@ -3897,7 +4804,9 @@ public static Output getTunnelVirtualNetwork(GetT
      * import com.pulumi.Pulumi;
      * import com.pulumi.core.Output;
      * import com.pulumi.cloudflare.CloudflareFunctions;
-     * import com.pulumi.cloudflare.inputs.GetTunnelVirtualNetworkArgs;
+     * import com.pulumi.cloudflare.ApiToken;
+     * import com.pulumi.cloudflare.ApiTokenArgs;
+     * import com.pulumi.cloudflare.inputs.ApiTokenPolicyArgs;
      * import java.util.List;
      * import java.util.ArrayList;
      * import java.util.Map;
@@ -3911,9 +4820,16 @@ public static Output getTunnelVirtualNetwork(GetT
      *     }
      * 
      *     public static void stack(Context ctx) {
-     *         final var example = CloudflareFunctions.getTunnelVirtualNetwork(GetTunnelVirtualNetworkArgs.builder()
-     *             .accountId("f037e56e89293a057740de681ac9abbe")
-     *             .name("example")
+     *         final var me = CloudflareFunctions.getUser();
+     * 
+     *         final var all = CloudflareFunctions.getApiTokenPermissionGroups();
+     * 
+     *         var example = new ApiToken("example", ApiTokenArgs.builder()
+     *             .name("Terraform Cloud (Terraform)")
+     *             .policies(ApiTokenPolicyArgs.builder()
+     *                 .permissionGroups(all.applyValue(getApiTokenPermissionGroupsResult -> getApiTokenPermissionGroupsResult.user().User Details Read()))
+     *                 .resources(Map.of(String.format("com.cloudflare.api.user.%s", me.applyValue(getUserResult -> getUserResult.id())), "*"))
+     *                 .build())
      *             .build());
      * 
      *     }
@@ -3923,8 +4839,8 @@ public static Output getTunnelVirtualNetwork(GetT
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static CompletableFuture getTunnelVirtualNetworkPlain(GetTunnelVirtualNetworkPlainArgs args, InvokeOptions options) {
-        return Deployment.getInstance().invokeAsync("cloudflare:index/getTunnelVirtualNetwork:getTunnelVirtualNetwork", TypeShape.of(GetTunnelVirtualNetworkResult.class), args, Utilities.withVersion(options));
+    public static Output getUser() {
+        return getUser(InvokeArgs.Empty, InvokeOptions.Empty);
     }
     /**
      * Use this data source to retrieve information about the currently authenticated user.
@@ -3975,8 +4891,8 @@ public static CompletableFuture getTunnelVirtualN
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static Output getUser() {
-        return getUser(InvokeArgs.Empty, InvokeOptions.Empty);
+    public static CompletableFuture getUserPlain() {
+        return getUserPlain(InvokeArgs.Empty, InvokeOptions.Empty);
     }
     /**
      * Use this data source to retrieve information about the currently authenticated user.
@@ -4027,8 +4943,8 @@ public static Output getUser() {
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static CompletableFuture getUserPlain() {
-        return getUserPlain(InvokeArgs.Empty, InvokeOptions.Empty);
+    public static Output getUser(InvokeArgs args) {
+        return getUser(args, InvokeOptions.Empty);
     }
     /**
      * Use this data source to retrieve information about the currently authenticated user.
@@ -4079,8 +4995,8 @@ public static CompletableFuture getUserPlain() {
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static Output getUser(InvokeArgs args) {
-        return getUser(args, InvokeOptions.Empty);
+    public static CompletableFuture getUserPlain(InvokeArgs args) {
+        return getUserPlain(args, InvokeOptions.Empty);
     }
     /**
      * Use this data source to retrieve information about the currently authenticated user.
@@ -4131,8 +5047,8 @@ public static Output getUser(InvokeArgs args) {
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static CompletableFuture getUserPlain(InvokeArgs args) {
-        return getUserPlain(args, InvokeOptions.Empty);
+    public static Output getUser(InvokeArgs args, InvokeOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getUser:getUser", TypeShape.of(GetUserResult.class), args, Utilities.withVersion(options));
     }
     /**
      * Use this data source to retrieve information about the currently authenticated user.
@@ -4183,7 +5099,7 @@ public static CompletableFuture getUserPlain(InvokeArgs args) {
      * <!--End PulumiCodeChooser -->
      * 
      */
-    public static Output getUser(InvokeArgs args, InvokeOptions options) {
+    public static Output getUser(InvokeArgs args, InvokeOutputOptions options) {
         return Deployment.getInstance().invoke("cloudflare:index/getUser:getUser", TypeShape.of(GetUserResult.class), args, Utilities.withVersion(options));
     }
     /**
@@ -4273,6 +5189,13 @@ public static CompletableFuture getZeroTrus
     public static Output getZeroTrustAccessApplication(GetZeroTrustAccessApplicationArgs args, InvokeOptions options) {
         return Deployment.getInstance().invoke("cloudflare:index/getZeroTrustAccessApplication:getZeroTrustAccessApplication", TypeShape.of(GetZeroTrustAccessApplicationResult.class), args, Utilities.withVersion(options));
     }
+    /**
+     * Use this data source to lookup a single [Access Application](https://developers.cloudflare.com/cloudflare-one/applications/)
+     * 
+     */
+    public static Output getZeroTrustAccessApplication(GetZeroTrustAccessApplicationArgs args, InvokeOutputOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getZeroTrustAccessApplication:getZeroTrustAccessApplication", TypeShape.of(GetZeroTrustAccessApplicationResult.class), args, Utilities.withVersion(options));
+    }
     /**
      * Use this data source to lookup a single [Access Application](https://developers.cloudflare.com/cloudflare-one/applications/)
      * 
@@ -4301,6 +5224,13 @@ public static CompletableFuture getZer
     public static Output getZeroTrustAccessIdentityProvider(GetZeroTrustAccessIdentityProviderArgs args, InvokeOptions options) {
         return Deployment.getInstance().invoke("cloudflare:index/getZeroTrustAccessIdentityProvider:getZeroTrustAccessIdentityProvider", TypeShape.of(GetZeroTrustAccessIdentityProviderResult.class), args, Utilities.withVersion(options));
     }
+    /**
+     * Use this data source to lookup a single [Access Identity Provider](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration) by name.
+     * 
+     */
+    public static Output getZeroTrustAccessIdentityProvider(GetZeroTrustAccessIdentityProviderArgs args, InvokeOutputOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getZeroTrustAccessIdentityProvider:getZeroTrustAccessIdentityProvider", TypeShape.of(GetZeroTrustAccessIdentityProviderResult.class), args, Utilities.withVersion(options));
+    }
     /**
      * Use this data source to lookup a single [Access Identity Provider](https://developers.cloudflare.com/cloudflare-one/identity/idp-integration) by name.
      * 
@@ -4443,6 +5373,51 @@ public static CompletableFuture g
     public static Output getZeroTrustInfrastructureAccessTargets(GetZeroTrustInfrastructureAccessTargetsArgs args, InvokeOptions options) {
         return Deployment.getInstance().invoke("cloudflare:index/getZeroTrustInfrastructureAccessTargets:getZeroTrustInfrastructureAccessTargets", TypeShape.of(GetZeroTrustInfrastructureAccessTargetsResult.class), args, Utilities.withVersion(options));
     }
+    /**
+     * Use this data source to retrieve all Infrastructure Access Targets.
+     * 
+     * ## Example Usage
+     * 
+     * <!--Start PulumiCodeChooser -->
+     * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.cloudflare.inputs.GetZeroTrustInfrastructureAccessTargetsArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var example = CloudflareFunctions.getZeroTrustInfrastructureAccessTargets(GetZeroTrustInfrastructureAccessTargetsArgs.builder()
+     *             .accountId("f037e56e89293a057740de681ac9abbe")
+     *             .hostnameContains("example")
+     *             .ipv4("198.51.100.1")
+     *             .build());
+     * 
+     *         ctx.export("targets", example.applyValue(getZeroTrustInfrastructureAccessTargetsResult -> getZeroTrustInfrastructureAccessTargetsResult.targets()));
+     *     }
+     * }
+     * }
+     * 

+     * <!--End PulumiCodeChooser -->
+     * 
+     */
+    public static Output getZeroTrustInfrastructureAccessTargets(GetZeroTrustInfrastructureAccessTargetsArgs args, InvokeOutputOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getZeroTrustInfrastructureAccessTargets:getZeroTrustInfrastructureAccessTargets", TypeShape.of(GetZeroTrustInfrastructureAccessTargetsResult.class), args, Utilities.withVersion(options));
+    }
     /**
      * Use this data source to retrieve all Infrastructure Access Targets.
      * 
@@ -4509,6 +5484,13 @@ public static CompletableFuture getZeroTrus
     public static Output getZeroTrustTunnelCloudflared(GetZeroTrustTunnelCloudflaredArgs args, InvokeOptions options) {
         return Deployment.getInstance().invoke("cloudflare:index/getZeroTrustTunnelCloudflared:getZeroTrustTunnelCloudflared", TypeShape.of(GetZeroTrustTunnelCloudflaredResult.class), args, Utilities.withVersion(options));
     }
+    /**
+     * Use this datasource to lookup a tunnel in an account.
+     * 
+     */
+    public static Output getZeroTrustTunnelCloudflared(GetZeroTrustTunnelCloudflaredArgs args, InvokeOutputOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getZeroTrustTunnelCloudflared:getZeroTrustTunnelCloudflared", TypeShape.of(GetZeroTrustTunnelCloudflaredResult.class), args, Utilities.withVersion(options));
+    }
     /**
      * Use this datasource to lookup a tunnel in an account.
      * 
@@ -4537,6 +5519,13 @@ public static CompletableFuture getZeroT
     public static Output getZeroTrustTunnelVirtualNetwork(GetZeroTrustTunnelVirtualNetworkArgs args, InvokeOptions options) {
         return Deployment.getInstance().invoke("cloudflare:index/getZeroTrustTunnelVirtualNetwork:getZeroTrustTunnelVirtualNetwork", TypeShape.of(GetZeroTrustTunnelVirtualNetworkResult.class), args, Utilities.withVersion(options));
     }
+    /**
+     * Use this datasource to lookup a tunnel virtual network in an account.
+     * 
+     */
+    public static Output getZeroTrustTunnelVirtualNetwork(GetZeroTrustTunnelVirtualNetworkArgs args, InvokeOutputOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getZeroTrustTunnelVirtualNetwork:getZeroTrustTunnelVirtualNetwork", TypeShape.of(GetZeroTrustTunnelVirtualNetworkResult.class), args, Utilities.withVersion(options));
+    }
     /**
      * Use this datasource to lookup a tunnel virtual network in an account.
      * 
@@ -4834,6 +5823,64 @@ public static CompletableFuture getZonePlain(GetZonePlainArgs arg
     public static Output getZone(GetZoneArgs args, InvokeOptions options) {
         return Deployment.getInstance().invoke("cloudflare:index/getZone:getZone", TypeShape.of(GetZoneResult.class), args, Utilities.withVersion(options));
     }
+    /**
+     * Use this data source to look up [zone](https://api.cloudflare.com/#zone-properties)
+     * info. This is the singular alternative to `cloudflare.getZones`.
+     * 
+     * > **Note** Cloudflare zone names **are not unique**. It is possible for multiple
+     * accounts to have the same zone created but in different states. If you are
+     * using this setup, it is advised to use the `account_id` attribute on this
+     * resource or swap to `cloudflare.getZones` to further filter the results.
+     * 
+     * ## Example Usage
+     * 
+     * <!--Start PulumiCodeChooser -->
+     * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.cloudflare.inputs.GetZoneArgs;
+     * import com.pulumi.cloudflare.Record;
+     * import com.pulumi.cloudflare.RecordArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var example = CloudflareFunctions.getZone(GetZoneArgs.builder()
+     *             .name("example.com")
+     *             .build());
+     * 
+     *         var exampleRecord = new Record("exampleRecord", RecordArgs.builder()
+     *             .zoneId(example.applyValue(getZoneResult -> getZoneResult.id()))
+     *             .name("www")
+     *             .content("203.0.113.1")
+     *             .type("A")
+     *             .proxied(true)
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     * 

+     * <!--End PulumiCodeChooser -->
+     * 
+     */
+    public static Output getZone(GetZoneArgs args, InvokeOutputOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getZone:getZone", TypeShape.of(GetZoneResult.class), args, Utilities.withVersion(options));
+    }
     /**
      * Use this data source to look up [zone](https://api.cloudflare.com/#zone-properties)
      * info. This is the singular alternative to `cloudflare.getZones`.
@@ -5021,6 +6068,49 @@ public static CompletableFuture getZoneCacheReservePl
     public static Output getZoneCacheReserve(GetZoneCacheReserveArgs args, InvokeOptions options) {
         return Deployment.getInstance().invoke("cloudflare:index/getZoneCacheReserve:getZoneCacheReserve", TypeShape.of(GetZoneCacheReserveResult.class), args, Utilities.withVersion(options));
     }
+    /**
+     * Provides a Cloudflare data source to look up Cache Reserve
+     * status for a given zone.
+     * 
+     * ## Example Usage
+     * 
+     * <!--Start PulumiCodeChooser -->
+     * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.cloudflare.inputs.GetZoneCacheReserveArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var example = CloudflareFunctions.getZoneCacheReserve(GetZoneCacheReserveArgs.builder()
+     *             .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     * 

+     * <!--End PulumiCodeChooser -->
+     * 
+     */
+    public static Output getZoneCacheReserve(GetZoneCacheReserveArgs args, InvokeOutputOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getZoneCacheReserve:getZoneCacheReserve", TypeShape.of(GetZoneCacheReserveResult.class), args, Utilities.withVersion(options));
+    }
     /**
      * Provides a Cloudflare data source to look up Cache Reserve
      * status for a given zone.
@@ -5190,6 +6280,48 @@ public static CompletableFuture getZoneDnssecPlain(GetZoneD
     public static Output getZoneDnssec(GetZoneDnssecArgs args, InvokeOptions options) {
         return Deployment.getInstance().invoke("cloudflare:index/getZoneDnssec:getZoneDnssec", TypeShape.of(GetZoneDnssecResult.class), args, Utilities.withVersion(options));
     }
+    /**
+     * Use this data source to look up Zone DNSSEC settings.
+     * 
+     * ## Example Usage
+     * 
+     * <!--Start PulumiCodeChooser -->
+     * 
+     * {@code
+     * package generated_program;
+     * 
+     * import com.pulumi.Context;
+     * import com.pulumi.Pulumi;
+     * import com.pulumi.core.Output;
+     * import com.pulumi.cloudflare.CloudflareFunctions;
+     * import com.pulumi.cloudflare.inputs.GetZoneDnssecArgs;
+     * import java.util.List;
+     * import java.util.ArrayList;
+     * import java.util.Map;
+     * import java.io.File;
+     * import java.nio.file.Files;
+     * import java.nio.file.Paths;
+     * 
+     * public class App {
+     *     public static void main(String[] args) {
+     *         Pulumi.run(App::stack);
+     *     }
+     * 
+     *     public static void stack(Context ctx) {
+     *         final var example = CloudflareFunctions.getZoneDnssec(GetZoneDnssecArgs.builder()
+     *             .zoneId("0da42c8d2132a9ddaf714f9e7c920711")
+     *             .build());
+     * 
+     *     }
+     * }
+     * }
+     * 

+     * <!--End PulumiCodeChooser -->
+     * 
+     */
+    public static Output getZoneDnssec(GetZoneDnssecArgs args, InvokeOutputOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getZoneDnssec:getZoneDnssec", TypeShape.of(GetZoneDnssecResult.class), args, Utilities.withVersion(options));
+    }
     /**
      * Use this data source to look up Zone DNSSEC settings.
      * 
@@ -5253,6 +6385,13 @@ public static CompletableFuture getZonesPlain(GetZonesPlainArgs
     public static Output getZones(GetZonesArgs args, InvokeOptions options) {
         return Deployment.getInstance().invoke("cloudflare:index/getZones:getZones", TypeShape.of(GetZonesResult.class), args, Utilities.withVersion(options));
     }
+    /**
+     * Use this data source to look up Zone results for use in other resources.
+     * 
+     */
+    public static Output getZones(GetZonesArgs args, InvokeOutputOptions options) {
+        return Deployment.getInstance().invoke("cloudflare:index/getZones:getZones", TypeShape.of(GetZonesResult.class), args, Utilities.withVersion(options));
+    }
     /**
      * Use this data source to look up Zone results for use in other resources.
      * 
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/LeakedCredentialCheck.java b/sdk/java/src/main/java/com/pulumi/cloudflare/LeakedCredentialCheck.java
new file mode 100644
index 00000000..d0c03b02
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/LeakedCredentialCheck.java
@@ -0,0 +1,150 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare;
+
+import com.pulumi.cloudflare.LeakedCredentialCheckArgs;
+import com.pulumi.cloudflare.Utilities;
+import com.pulumi.cloudflare.inputs.LeakedCredentialCheckState;
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Export;
+import com.pulumi.core.annotations.ResourceType;
+import com.pulumi.core.internal.Codegen;
+import java.lang.Boolean;
+import java.lang.String;
+import javax.annotation.Nullable;
+
+/**
+ * Provides a Cloudflare Leaked Credential Check resource to be used for managing the status of the Cloudflare Leaked Credential detection within a specific zone.
+ * 
+ * ## Example Usage
+ * 
+ * <!--Start PulumiCodeChooser -->
+ * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.cloudflare.LeakedCredentialCheck;
+ * import com.pulumi.cloudflare.LeakedCredentialCheckArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         // Enable the Leaked Credentials Check detection
+ *         var example = new LeakedCredentialCheck("example", LeakedCredentialCheckArgs.builder()
+ *             .zoneId("399c6f4950c01a5a141b99ff7fbcbd8b")
+ *             .enabled(true)
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ * 

+ * <!--End PulumiCodeChooser -->
+ * 
+ * ## Import
+ * 
+ * ```sh
+ * $ pulumi import cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck example <zone_id>
+ * ```
+ * 
+ */
+@ResourceType(type="cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck")
+public class LeakedCredentialCheck extends com.pulumi.resources.CustomResource {
+    /**
+     * State of the Leaked Credential Check detection
+     * 
+     */
+    @Export(name="enabled", refs={Boolean.class}, tree="[0]")
+    private Output enabled;
+
+    /**
+     * @return State of the Leaked Credential Check detection
+     * 
+     */
+    public Output enabled() {
+        return this.enabled;
+    }
+    /**
+     * The zone identifier to target for the resource.
+     * 
+     */
+    @Export(name="zoneId", refs={String.class}, tree="[0]")
+    private Output zoneId;
+
+    /**
+     * @return The zone identifier to target for the resource.
+     * 
+     */
+    public Output zoneId() {
+        return this.zoneId;
+    }
+
+    /**
+     *
+     * @param name The _unique_ name of the resulting resource.
+     */
+    public LeakedCredentialCheck(java.lang.String name) {
+        this(name, LeakedCredentialCheckArgs.Empty);
+    }
+    /**
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param args The arguments to use to populate this resource's properties.
+     */
+    public LeakedCredentialCheck(java.lang.String name, LeakedCredentialCheckArgs args) {
+        this(name, args, null);
+    }
+    /**
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param options A bag of options that control this resource's behavior.
+     */
+    public LeakedCredentialCheck(java.lang.String name, LeakedCredentialCheckArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        super("cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false);
+    }
+
+    private LeakedCredentialCheck(java.lang.String name, Output id, @Nullable LeakedCredentialCheckState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        super("cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck", name, state, makeResourceOptions(options, id), false);
+    }
+
+    private static LeakedCredentialCheckArgs makeArgs(LeakedCredentialCheckArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        if (options != null && options.getUrn().isPresent()) {
+            return null;
+        }
+        return args == null ? LeakedCredentialCheckArgs.Empty : args;
+    }
+
+    private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) {
+        var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder()
+            .version(Utilities.getVersion())
+            .build();
+        return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id);
+    }
+
+    /**
+     * Get an existing Host resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state
+     * @param options Optional settings to control the behavior of the CustomResource.
+     */
+    public static LeakedCredentialCheck get(java.lang.String name, Output id, @Nullable LeakedCredentialCheckState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        return new LeakedCredentialCheck(name, id, state, options);
+    }
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/LeakedCredentialCheckArgs.java b/sdk/java/src/main/java/com/pulumi/cloudflare/LeakedCredentialCheckArgs.java
new file mode 100644
index 00000000..4fae8d85
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/LeakedCredentialCheckArgs.java
@@ -0,0 +1,126 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare;
+
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Import;
+import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.Boolean;
+import java.lang.String;
+import java.util.Objects;
+
+
+public final class LeakedCredentialCheckArgs extends com.pulumi.resources.ResourceArgs {
+
+    public static final LeakedCredentialCheckArgs Empty = new LeakedCredentialCheckArgs();
+
+    /**
+     * State of the Leaked Credential Check detection
+     * 
+     */
+    @Import(name="enabled", required=true)
+    private Output enabled;
+
+    /**
+     * @return State of the Leaked Credential Check detection
+     * 
+     */
+    public Output enabled() {
+        return this.enabled;
+    }
+
+    /**
+     * The zone identifier to target for the resource.
+     * 
+     */
+    @Import(name="zoneId", required=true)
+    private Output zoneId;
+
+    /**
+     * @return The zone identifier to target for the resource.
+     * 
+     */
+    public Output zoneId() {
+        return this.zoneId;
+    }
+
+    private LeakedCredentialCheckArgs() {}
+
+    private LeakedCredentialCheckArgs(LeakedCredentialCheckArgs $) {
+        this.enabled = $.enabled;
+        this.zoneId = $.zoneId;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+    public static Builder builder(LeakedCredentialCheckArgs defaults) {
+        return new Builder(defaults);
+    }
+
+    public static final class Builder {
+        private LeakedCredentialCheckArgs $;
+
+        public Builder() {
+            $ = new LeakedCredentialCheckArgs();
+        }
+
+        public Builder(LeakedCredentialCheckArgs defaults) {
+            $ = new LeakedCredentialCheckArgs(Objects.requireNonNull(defaults));
+        }
+
+        /**
+         * @param enabled State of the Leaked Credential Check detection
+         * 
+         * @return builder
+         * 
+         */
+        public Builder enabled(Output enabled) {
+            $.enabled = enabled;
+            return this;
+        }
+
+        /**
+         * @param enabled State of the Leaked Credential Check detection
+         * 
+         * @return builder
+         * 
+         */
+        public Builder enabled(Boolean enabled) {
+            return enabled(Output.of(enabled));
+        }
+
+        /**
+         * @param zoneId The zone identifier to target for the resource.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder zoneId(Output zoneId) {
+            $.zoneId = zoneId;
+            return this;
+        }
+
+        /**
+         * @param zoneId The zone identifier to target for the resource.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder zoneId(String zoneId) {
+            return zoneId(Output.of(zoneId));
+        }
+
+        public LeakedCredentialCheckArgs build() {
+            if ($.enabled == null) {
+                throw new MissingRequiredPropertyException("LeakedCredentialCheckArgs", "enabled");
+            }
+            if ($.zoneId == null) {
+                throw new MissingRequiredPropertyException("LeakedCredentialCheckArgs", "zoneId");
+            }
+            return $;
+        }
+    }
+
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/LeakedCredentialCheckRule.java b/sdk/java/src/main/java/com/pulumi/cloudflare/LeakedCredentialCheckRule.java
new file mode 100644
index 00000000..72325652
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/LeakedCredentialCheckRule.java
@@ -0,0 +1,172 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare;
+
+import com.pulumi.cloudflare.LeakedCredentialCheckRuleArgs;
+import com.pulumi.cloudflare.Utilities;
+import com.pulumi.cloudflare.inputs.LeakedCredentialCheckRuleState;
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Export;
+import com.pulumi.core.annotations.ResourceType;
+import com.pulumi.core.internal.Codegen;
+import java.lang.String;
+import javax.annotation.Nullable;
+
+/**
+ * Provides a Cloudflare Leaked Credential Check Rule resource for managing user-defined Leaked Credential detection patterns within a specific zone.
+ * 
+ * ## Example Usage
+ * 
+ * <!--Start PulumiCodeChooser -->
+ * 
+ * {@code
+ * package generated_program;
+ * 
+ * import com.pulumi.Context;
+ * import com.pulumi.Pulumi;
+ * import com.pulumi.core.Output;
+ * import com.pulumi.cloudflare.LeakedCredentialCheck;
+ * import com.pulumi.cloudflare.LeakedCredentialCheckArgs;
+ * import com.pulumi.cloudflare.LeakedCredentialCheckRule;
+ * import com.pulumi.cloudflare.LeakedCredentialCheckRuleArgs;
+ * import java.util.List;
+ * import java.util.ArrayList;
+ * import java.util.Map;
+ * import java.io.File;
+ * import java.nio.file.Files;
+ * import java.nio.file.Paths;
+ * 
+ * public class App {
+ *     public static void main(String[] args) {
+ *         Pulumi.run(App::stack);
+ *     }
+ * 
+ *     public static void stack(Context ctx) {
+ *         // Enable the Leaked Credentials Check detection before trying
+ *         // to add detections.
+ *         var example = new LeakedCredentialCheck("example", LeakedCredentialCheckArgs.builder()
+ *             .zoneId("399c6f4950c01a5a141b99ff7fbcbd8b")
+ *             .enabled(true)
+ *             .build());
+ * 
+ *         var exampleLeakedCredentialCheckRule = new LeakedCredentialCheckRule("exampleLeakedCredentialCheckRule", LeakedCredentialCheckRuleArgs.builder()
+ *             .zoneId(example.zoneId())
+ *             .username("lookup_json_string(http.request.body.raw, \"user\")")
+ *             .password("lookup_json_string(http.request.body.raw, \"pass\")")
+ *             .build());
+ * 
+ *     }
+ * }
+ * }
+ * 

+ * <!--End PulumiCodeChooser -->
+ * 
+ * ## Import
+ * 
+ * ```sh
+ * $ pulumi import cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule example <zone_id>/<resource_id>
+ * ```
+ * 
+ */
+@ResourceType(type="cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule")
+public class LeakedCredentialCheckRule extends com.pulumi.resources.CustomResource {
+    /**
+     * The ruleset expression to use in matching the password in a request
+     * 
+     */
+    @Export(name="password", refs={String.class}, tree="[0]")
+    private Output password;
+
+    /**
+     * @return The ruleset expression to use in matching the password in a request
+     * 
+     */
+    public Output password() {
+        return this.password;
+    }
+    /**
+     * The ruleset expression to use in matching the username in a request.
+     * 
+     */
+    @Export(name="username", refs={String.class}, tree="[0]")
+    private Output username;
+
+    /**
+     * @return The ruleset expression to use in matching the username in a request.
+     * 
+     */
+    public Output username() {
+        return this.username;
+    }
+    /**
+     * The zone identifier to target for the resource.
+     * 
+     */
+    @Export(name="zoneId", refs={String.class}, tree="[0]")
+    private Output zoneId;
+
+    /**
+     * @return The zone identifier to target for the resource.
+     * 
+     */
+    public Output zoneId() {
+        return this.zoneId;
+    }
+
+    /**
+     *
+     * @param name The _unique_ name of the resulting resource.
+     */
+    public LeakedCredentialCheckRule(java.lang.String name) {
+        this(name, LeakedCredentialCheckRuleArgs.Empty);
+    }
+    /**
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param args The arguments to use to populate this resource's properties.
+     */
+    public LeakedCredentialCheckRule(java.lang.String name, LeakedCredentialCheckRuleArgs args) {
+        this(name, args, null);
+    }
+    /**
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param options A bag of options that control this resource's behavior.
+     */
+    public LeakedCredentialCheckRule(java.lang.String name, LeakedCredentialCheckRuleArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        super("cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false);
+    }
+
+    private LeakedCredentialCheckRule(java.lang.String name, Output id, @Nullable LeakedCredentialCheckRuleState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        super("cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule", name, state, makeResourceOptions(options, id), false);
+    }
+
+    private static LeakedCredentialCheckRuleArgs makeArgs(LeakedCredentialCheckRuleArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        if (options != null && options.getUrn().isPresent()) {
+            return null;
+        }
+        return args == null ? LeakedCredentialCheckRuleArgs.Empty : args;
+    }
+
+    private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) {
+        var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder()
+            .version(Utilities.getVersion())
+            .build();
+        return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id);
+    }
+
+    /**
+     * Get an existing Host resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state
+     * @param options Optional settings to control the behavior of the CustomResource.
+     */
+    public static LeakedCredentialCheckRule get(java.lang.String name, Output id, @Nullable LeakedCredentialCheckRuleState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        return new LeakedCredentialCheckRule(name, id, state, options);
+    }
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/LeakedCredentialCheckRuleArgs.java b/sdk/java/src/main/java/com/pulumi/cloudflare/LeakedCredentialCheckRuleArgs.java
new file mode 100644
index 00000000..f48a32e3
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/LeakedCredentialCheckRuleArgs.java
@@ -0,0 +1,165 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare;
+
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Import;
+import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.String;
+import java.util.Objects;
+
+
+public final class LeakedCredentialCheckRuleArgs extends com.pulumi.resources.ResourceArgs {
+
+    public static final LeakedCredentialCheckRuleArgs Empty = new LeakedCredentialCheckRuleArgs();
+
+    /**
+     * The ruleset expression to use in matching the password in a request
+     * 
+     */
+    @Import(name="password", required=true)
+    private Output password;
+
+    /**
+     * @return The ruleset expression to use in matching the password in a request
+     * 
+     */
+    public Output password() {
+        return this.password;
+    }
+
+    /**
+     * The ruleset expression to use in matching the username in a request.
+     * 
+     */
+    @Import(name="username", required=true)
+    private Output username;
+
+    /**
+     * @return The ruleset expression to use in matching the username in a request.
+     * 
+     */
+    public Output username() {
+        return this.username;
+    }
+
+    /**
+     * The zone identifier to target for the resource.
+     * 
+     */
+    @Import(name="zoneId", required=true)
+    private Output zoneId;
+
+    /**
+     * @return The zone identifier to target for the resource.
+     * 
+     */
+    public Output zoneId() {
+        return this.zoneId;
+    }
+
+    private LeakedCredentialCheckRuleArgs() {}
+
+    private LeakedCredentialCheckRuleArgs(LeakedCredentialCheckRuleArgs $) {
+        this.password = $.password;
+        this.username = $.username;
+        this.zoneId = $.zoneId;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+    public static Builder builder(LeakedCredentialCheckRuleArgs defaults) {
+        return new Builder(defaults);
+    }
+
+    public static final class Builder {
+        private LeakedCredentialCheckRuleArgs $;
+
+        public Builder() {
+            $ = new LeakedCredentialCheckRuleArgs();
+        }
+
+        public Builder(LeakedCredentialCheckRuleArgs defaults) {
+            $ = new LeakedCredentialCheckRuleArgs(Objects.requireNonNull(defaults));
+        }
+
+        /**
+         * @param password The ruleset expression to use in matching the password in a request
+         * 
+         * @return builder
+         * 
+         */
+        public Builder password(Output password) {
+            $.password = password;
+            return this;
+        }
+
+        /**
+         * @param password The ruleset expression to use in matching the password in a request
+         * 
+         * @return builder
+         * 
+         */
+        public Builder password(String password) {
+            return password(Output.of(password));
+        }
+
+        /**
+         * @param username The ruleset expression to use in matching the username in a request.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder username(Output username) {
+            $.username = username;
+            return this;
+        }
+
+        /**
+         * @param username The ruleset expression to use in matching the username in a request.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder username(String username) {
+            return username(Output.of(username));
+        }
+
+        /**
+         * @param zoneId The zone identifier to target for the resource.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder zoneId(Output zoneId) {
+            $.zoneId = zoneId;
+            return this;
+        }
+
+        /**
+         * @param zoneId The zone identifier to target for the resource.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder zoneId(String zoneId) {
+            return zoneId(Output.of(zoneId));
+        }
+
+        public LeakedCredentialCheckRuleArgs build() {
+            if ($.password == null) {
+                throw new MissingRequiredPropertyException("LeakedCredentialCheckRuleArgs", "password");
+            }
+            if ($.username == null) {
+                throw new MissingRequiredPropertyException("LeakedCredentialCheckRuleArgs", "username");
+            }
+            if ($.zoneId == null) {
+                throw new MissingRequiredPropertyException("LeakedCredentialCheckRuleArgs", "zoneId");
+            }
+            return $;
+        }
+    }
+
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/Snippet.java b/sdk/java/src/main/java/com/pulumi/cloudflare/Snippet.java
new file mode 100644
index 00000000..0a5ae156
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/Snippet.java
@@ -0,0 +1,133 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare;
+
+import com.pulumi.cloudflare.SnippetArgs;
+import com.pulumi.cloudflare.Utilities;
+import com.pulumi.cloudflare.inputs.SnippetState;
+import com.pulumi.cloudflare.outputs.SnippetFile;
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Export;
+import com.pulumi.core.annotations.ResourceType;
+import com.pulumi.core.internal.Codegen;
+import java.lang.String;
+import java.util.List;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+@ResourceType(type="cloudflare:index/snippet:Snippet")
+public class Snippet extends com.pulumi.resources.CustomResource {
+    /**
+     * List of Snippet Files
+     * 
+     */
+    @Export(name="files", refs={List.class,SnippetFile.class}, tree="[0,1]")
+    private Output> files;
+
+    /**
+     * @return List of Snippet Files
+     * 
+     */
+    public Output>> files() {
+        return Codegen.optional(this.files);
+    }
+    /**
+     * Main module file name of the snippet.
+     * 
+     */
+    @Export(name="mainModule", refs={String.class}, tree="[0]")
+    private Output mainModule;
+
+    /**
+     * @return Main module file name of the snippet.
+     * 
+     */
+    public Output mainModule() {
+        return this.mainModule;
+    }
+    /**
+     * Name of the snippet.
+     * 
+     */
+    @Export(name="name", refs={String.class}, tree="[0]")
+    private Output name;
+
+    /**
+     * @return Name of the snippet.
+     * 
+     */
+    public Output name() {
+        return this.name;
+    }
+    /**
+     * The zone identifier to target for the resource.
+     * 
+     */
+    @Export(name="zoneId", refs={String.class}, tree="[0]")
+    private Output zoneId;
+
+    /**
+     * @return The zone identifier to target for the resource.
+     * 
+     */
+    public Output zoneId() {
+        return this.zoneId;
+    }
+
+    /**
+     *
+     * @param name The _unique_ name of the resulting resource.
+     */
+    public Snippet(java.lang.String name) {
+        this(name, SnippetArgs.Empty);
+    }
+    /**
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param args The arguments to use to populate this resource's properties.
+     */
+    public Snippet(java.lang.String name, SnippetArgs args) {
+        this(name, args, null);
+    }
+    /**
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param options A bag of options that control this resource's behavior.
+     */
+    public Snippet(java.lang.String name, SnippetArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        super("cloudflare:index/snippet:Snippet", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false);
+    }
+
+    private Snippet(java.lang.String name, Output id, @Nullable SnippetState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        super("cloudflare:index/snippet:Snippet", name, state, makeResourceOptions(options, id), false);
+    }
+
+    private static SnippetArgs makeArgs(SnippetArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        if (options != null && options.getUrn().isPresent()) {
+            return null;
+        }
+        return args == null ? SnippetArgs.Empty : args;
+    }
+
+    private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) {
+        var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder()
+            .version(Utilities.getVersion())
+            .build();
+        return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id);
+    }
+
+    /**
+     * Get an existing Host resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state
+     * @param options Optional settings to control the behavior of the CustomResource.
+     */
+    public static Snippet get(java.lang.String name, Output id, @Nullable SnippetState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        return new Snippet(name, id, state, options);
+    }
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/SnippetArgs.java b/sdk/java/src/main/java/com/pulumi/cloudflare/SnippetArgs.java
new file mode 100644
index 00000000..1ce2d4dc
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/SnippetArgs.java
@@ -0,0 +1,216 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare;
+
+import com.pulumi.cloudflare.inputs.SnippetFileArgs;
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Import;
+import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.String;
+import java.util.List;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+
+public final class SnippetArgs extends com.pulumi.resources.ResourceArgs {
+
+    public static final SnippetArgs Empty = new SnippetArgs();
+
+    /**
+     * List of Snippet Files
+     * 
+     */
+    @Import(name="files")
+    private @Nullable Output> files;
+
+    /**
+     * @return List of Snippet Files
+     * 
+     */
+    public Optional>> files() {
+        return Optional.ofNullable(this.files);
+    }
+
+    /**
+     * Main module file name of the snippet.
+     * 
+     */
+    @Import(name="mainModule", required=true)
+    private Output mainModule;
+
+    /**
+     * @return Main module file name of the snippet.
+     * 
+     */
+    public Output mainModule() {
+        return this.mainModule;
+    }
+
+    /**
+     * Name of the snippet.
+     * 
+     */
+    @Import(name="name", required=true)
+    private Output name;
+
+    /**
+     * @return Name of the snippet.
+     * 
+     */
+    public Output name() {
+        return this.name;
+    }
+
+    /**
+     * The zone identifier to target for the resource.
+     * 
+     */
+    @Import(name="zoneId", required=true)
+    private Output zoneId;
+
+    /**
+     * @return The zone identifier to target for the resource.
+     * 
+     */
+    public Output zoneId() {
+        return this.zoneId;
+    }
+
+    private SnippetArgs() {}
+
+    private SnippetArgs(SnippetArgs $) {
+        this.files = $.files;
+        this.mainModule = $.mainModule;
+        this.name = $.name;
+        this.zoneId = $.zoneId;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+    public static Builder builder(SnippetArgs defaults) {
+        return new Builder(defaults);
+    }
+
+    public static final class Builder {
+        private SnippetArgs $;
+
+        public Builder() {
+            $ = new SnippetArgs();
+        }
+
+        public Builder(SnippetArgs defaults) {
+            $ = new SnippetArgs(Objects.requireNonNull(defaults));
+        }
+
+        /**
+         * @param files List of Snippet Files
+         * 
+         * @return builder
+         * 
+         */
+        public Builder files(@Nullable Output> files) {
+            $.files = files;
+            return this;
+        }
+
+        /**
+         * @param files List of Snippet Files
+         * 
+         * @return builder
+         * 
+         */
+        public Builder files(List files) {
+            return files(Output.of(files));
+        }
+
+        /**
+         * @param files List of Snippet Files
+         * 
+         * @return builder
+         * 
+         */
+        public Builder files(SnippetFileArgs... files) {
+            return files(List.of(files));
+        }
+
+        /**
+         * @param mainModule Main module file name of the snippet.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder mainModule(Output mainModule) {
+            $.mainModule = mainModule;
+            return this;
+        }
+
+        /**
+         * @param mainModule Main module file name of the snippet.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder mainModule(String mainModule) {
+            return mainModule(Output.of(mainModule));
+        }
+
+        /**
+         * @param name Name of the snippet.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder name(Output name) {
+            $.name = name;
+            return this;
+        }
+
+        /**
+         * @param name Name of the snippet.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder name(String name) {
+            return name(Output.of(name));
+        }
+
+        /**
+         * @param zoneId The zone identifier to target for the resource.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder zoneId(Output zoneId) {
+            $.zoneId = zoneId;
+            return this;
+        }
+
+        /**
+         * @param zoneId The zone identifier to target for the resource.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder zoneId(String zoneId) {
+            return zoneId(Output.of(zoneId));
+        }
+
+        public SnippetArgs build() {
+            if ($.mainModule == null) {
+                throw new MissingRequiredPropertyException("SnippetArgs", "mainModule");
+            }
+            if ($.name == null) {
+                throw new MissingRequiredPropertyException("SnippetArgs", "name");
+            }
+            if ($.zoneId == null) {
+                throw new MissingRequiredPropertyException("SnippetArgs", "zoneId");
+            }
+            return $;
+        }
+    }
+
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/SnippetRules.java b/sdk/java/src/main/java/com/pulumi/cloudflare/SnippetRules.java
new file mode 100644
index 00000000..1530f3c8
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/SnippetRules.java
@@ -0,0 +1,105 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare;
+
+import com.pulumi.cloudflare.SnippetRulesArgs;
+import com.pulumi.cloudflare.Utilities;
+import com.pulumi.cloudflare.inputs.SnippetRulesState;
+import com.pulumi.cloudflare.outputs.SnippetRulesRule;
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Export;
+import com.pulumi.core.annotations.ResourceType;
+import com.pulumi.core.internal.Codegen;
+import java.lang.String;
+import java.util.List;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+@ResourceType(type="cloudflare:index/snippetRules:SnippetRules")
+public class SnippetRules extends com.pulumi.resources.CustomResource {
+    /**
+     * List of Snippet Rules
+     * 
+     */
+    @Export(name="rules", refs={List.class,SnippetRulesRule.class}, tree="[0,1]")
+    private Output> rules;
+
+    /**
+     * @return List of Snippet Rules
+     * 
+     */
+    public Output>> rules() {
+        return Codegen.optional(this.rules);
+    }
+    /**
+     * The zone identifier to target for the resource.
+     * 
+     */
+    @Export(name="zoneId", refs={String.class}, tree="[0]")
+    private Output zoneId;
+
+    /**
+     * @return The zone identifier to target for the resource.
+     * 
+     */
+    public Output zoneId() {
+        return this.zoneId;
+    }
+
+    /**
+     *
+     * @param name The _unique_ name of the resulting resource.
+     */
+    public SnippetRules(java.lang.String name) {
+        this(name, SnippetRulesArgs.Empty);
+    }
+    /**
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param args The arguments to use to populate this resource's properties.
+     */
+    public SnippetRules(java.lang.String name, SnippetRulesArgs args) {
+        this(name, args, null);
+    }
+    /**
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param options A bag of options that control this resource's behavior.
+     */
+    public SnippetRules(java.lang.String name, SnippetRulesArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        super("cloudflare:index/snippetRules:SnippetRules", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false);
+    }
+
+    private SnippetRules(java.lang.String name, Output id, @Nullable SnippetRulesState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        super("cloudflare:index/snippetRules:SnippetRules", name, state, makeResourceOptions(options, id), false);
+    }
+
+    private static SnippetRulesArgs makeArgs(SnippetRulesArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        if (options != null && options.getUrn().isPresent()) {
+            return null;
+        }
+        return args == null ? SnippetRulesArgs.Empty : args;
+    }
+
+    private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) {
+        var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder()
+            .version(Utilities.getVersion())
+            .build();
+        return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id);
+    }
+
+    /**
+     * Get an existing Host resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state
+     * @param options Optional settings to control the behavior of the CustomResource.
+     */
+    public static SnippetRules get(java.lang.String name, Output id, @Nullable SnippetRulesState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
+        return new SnippetRules(name, id, state, options);
+    }
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/SnippetRulesArgs.java b/sdk/java/src/main/java/com/pulumi/cloudflare/SnippetRulesArgs.java
new file mode 100644
index 00000000..8557c960
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/SnippetRulesArgs.java
@@ -0,0 +1,136 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare;
+
+import com.pulumi.cloudflare.inputs.SnippetRulesRuleArgs;
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Import;
+import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.String;
+import java.util.List;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+
+public final class SnippetRulesArgs extends com.pulumi.resources.ResourceArgs {
+
+    public static final SnippetRulesArgs Empty = new SnippetRulesArgs();
+
+    /**
+     * List of Snippet Rules
+     * 
+     */
+    @Import(name="rules")
+    private @Nullable Output> rules;
+
+    /**
+     * @return List of Snippet Rules
+     * 
+     */
+    public Optional>> rules() {
+        return Optional.ofNullable(this.rules);
+    }
+
+    /**
+     * The zone identifier to target for the resource.
+     * 
+     */
+    @Import(name="zoneId", required=true)
+    private Output zoneId;
+
+    /**
+     * @return The zone identifier to target for the resource.
+     * 
+     */
+    public Output zoneId() {
+        return this.zoneId;
+    }
+
+    private SnippetRulesArgs() {}
+
+    private SnippetRulesArgs(SnippetRulesArgs $) {
+        this.rules = $.rules;
+        this.zoneId = $.zoneId;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+    public static Builder builder(SnippetRulesArgs defaults) {
+        return new Builder(defaults);
+    }
+
+    public static final class Builder {
+        private SnippetRulesArgs $;
+
+        public Builder() {
+            $ = new SnippetRulesArgs();
+        }
+
+        public Builder(SnippetRulesArgs defaults) {
+            $ = new SnippetRulesArgs(Objects.requireNonNull(defaults));
+        }
+
+        /**
+         * @param rules List of Snippet Rules
+         * 
+         * @return builder
+         * 
+         */
+        public Builder rules(@Nullable Output> rules) {
+            $.rules = rules;
+            return this;
+        }
+
+        /**
+         * @param rules List of Snippet Rules
+         * 
+         * @return builder
+         * 
+         */
+        public Builder rules(List rules) {
+            return rules(Output.of(rules));
+        }
+
+        /**
+         * @param rules List of Snippet Rules
+         * 
+         * @return builder
+         * 
+         */
+        public Builder rules(SnippetRulesRuleArgs... rules) {
+            return rules(List.of(rules));
+        }
+
+        /**
+         * @param zoneId The zone identifier to target for the resource.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder zoneId(Output zoneId) {
+            $.zoneId = zoneId;
+            return this;
+        }
+
+        /**
+         * @param zoneId The zone identifier to target for the resource.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder zoneId(String zoneId) {
+            return zoneId(Output.of(zoneId));
+        }
+
+        public SnippetRulesArgs build() {
+            if ($.zoneId == null) {
+                throw new MissingRequiredPropertyException("SnippetRulesArgs", "zoneId");
+            }
+            return $;
+        }
+    }
+
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/Utilities.java b/sdk/java/src/main/java/com/pulumi/cloudflare/Utilities.java
index 9ce42f02..ee089bc4 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/Utilities.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/Utilities.java
@@ -14,6 +14,7 @@
 import javax.annotation.Nullable;
 import com.pulumi.core.internal.Environment;
 import com.pulumi.deployment.InvokeOptions;
+import com.pulumi.deployment.InvokeOutputOptions;
 
 public class Utilities {
 
@@ -57,16 +58,28 @@ public static Optional getEnvDouble(java.lang.String... names)
         return Optional.empty();
 	}
 
-	public static InvokeOptions withVersion(@Nullable InvokeOptions options) {
-            if (options != null && options.getVersion().isPresent()) {
-                return options;
-            }
-            return new InvokeOptions(
-                options == null ? null : options.getParent().orElse(null),
-                options == null ? null : options.getProvider().orElse(null),
-                getVersion()
-            );
+    public static InvokeOptions withVersion(@Nullable InvokeOptions options) {
+        if (options != null && options.getVersion().isPresent()) {
+            return options;
+        }
+        return new InvokeOptions(
+            options == null ? null : options.getParent().orElse(null),
+            options == null ? null : options.getProvider().orElse(null),
+            getVersion()
+        );
+    }
+
+    public static InvokeOutputOptions withVersion(@Nullable InvokeOutputOptions options) {
+        if (options != null && options.getVersion().isPresent()) {
+            return options;
         }
+        return new InvokeOutputOptions(
+            options == null ? null : options.getParent().orElse(null),
+            options == null ? null : options.getProvider().orElse(null),
+            getVersion(),
+            options == null ? null : options.getDependsOn()
+        );
+    }
 
     private static final java.lang.String version;
     public static java.lang.String getVersion() {
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/ZeroTrustAccessApplication.java b/sdk/java/src/main/java/com/pulumi/cloudflare/ZeroTrustAccessApplication.java
index 6d29aebf..8f00647b 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/ZeroTrustAccessApplication.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/ZeroTrustAccessApplication.java
@@ -7,6 +7,7 @@
 import com.pulumi.cloudflare.ZeroTrustAccessApplicationArgs;
 import com.pulumi.cloudflare.inputs.ZeroTrustAccessApplicationState;
 import com.pulumi.cloudflare.outputs.ZeroTrustAccessApplicationCorsHeader;
+import com.pulumi.cloudflare.outputs.ZeroTrustAccessApplicationDestination;
 import com.pulumi.cloudflare.outputs.ZeroTrustAccessApplicationFooterLink;
 import com.pulumi.cloudflare.outputs.ZeroTrustAccessApplicationLandingPageDesign;
 import com.pulumi.cloudflare.outputs.ZeroTrustAccessApplicationSaasApp;
@@ -224,6 +225,20 @@ public Output> customNonIdentityDenyUrl() {
     public Output>> customPages() {
         return Codegen.optional(this.customPages);
     }
+    /**
+     * A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+     * 
+     */
+    @Export(name="destinations", refs={List.class,ZeroTrustAccessApplicationDestination.class}, tree="[0,1]")
+    private Output> destinations;
+
+    /**
+     * @return A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+     * 
+     */
+    public Output>> destinations() {
+        return Codegen.optional(this.destinations);
+    }
     /**
      * The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
      * 
@@ -238,6 +253,20 @@ public Output>> customPages() {
     public Output domain() {
         return this.domain;
     }
+    /**
+     * The type of the primary domain. Available values: `public`, `private`.
+     * 
+     */
+    @Export(name="domainType", refs={String.class}, tree="[0]")
+    private Output domainType;
+
+    /**
+     * @return The type of the primary domain. Available values: `public`, `private`.
+     * 
+     */
+    public Output domainType() {
+        return this.domainType;
+    }
     /**
      * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
      * 
@@ -407,14 +436,18 @@ public Output> scimConfig() {
         return Codegen.optional(this.scimConfig);
     }
     /**
-     * List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+     * List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
+     * 
+     * @deprecated
+     * Use `destinations` instead
      * 
      */
+    @Deprecated /* Use `destinations` instead */
     @Export(name="selfHostedDomains", refs={List.class,String.class}, tree="[0,1]")
     private Output> selfHostedDomains;
 
     /**
-     * @return List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+     * @return List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
      * 
      */
     public Output>> selfHostedDomains() {
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/ZeroTrustAccessApplicationArgs.java b/sdk/java/src/main/java/com/pulumi/cloudflare/ZeroTrustAccessApplicationArgs.java
index 1faaffdd..714fdc31 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/ZeroTrustAccessApplicationArgs.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/ZeroTrustAccessApplicationArgs.java
@@ -4,6 +4,7 @@
 package com.pulumi.cloudflare;
 
 import com.pulumi.cloudflare.inputs.ZeroTrustAccessApplicationCorsHeaderArgs;
+import com.pulumi.cloudflare.inputs.ZeroTrustAccessApplicationDestinationArgs;
 import com.pulumi.cloudflare.inputs.ZeroTrustAccessApplicationFooterLinkArgs;
 import com.pulumi.cloudflare.inputs.ZeroTrustAccessApplicationLandingPageDesignArgs;
 import com.pulumi.cloudflare.inputs.ZeroTrustAccessApplicationSaasAppArgs;
@@ -203,6 +204,21 @@ public Optional>> customPages() {
         return Optional.ofNullable(this.customPages);
     }
 
+    /**
+     * A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+     * 
+     */
+    @Import(name="destinations")
+    private @Nullable Output> destinations;
+
+    /**
+     * @return A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+     * 
+     */
+    public Optional>> destinations() {
+        return Optional.ofNullable(this.destinations);
+    }
+
     /**
      * The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
      * 
@@ -218,6 +234,21 @@ public Optional> domain() {
         return Optional.ofNullable(this.domain);
     }
 
+    /**
+     * The type of the primary domain. Available values: `public`, `private`.
+     * 
+     */
+    @Import(name="domainType")
+    private @Nullable Output domainType;
+
+    /**
+     * @return The type of the primary domain. Available values: `public`, `private`.
+     * 
+     */
+    public Optional> domainType() {
+        return Optional.ofNullable(this.domainType);
+    }
+
     /**
      * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
      * 
@@ -399,16 +430,24 @@ public Optional> scimConfig() {
     }
 
     /**
-     * List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+     * List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
+     * 
+     * @deprecated
+     * Use `destinations` instead
      * 
      */
+    @Deprecated /* Use `destinations` instead */
     @Import(name="selfHostedDomains")
     private @Nullable Output> selfHostedDomains;
 
     /**
-     * @return List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+     * @return List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
+     * 
+     * @deprecated
+     * Use `destinations` instead
      * 
      */
+    @Deprecated /* Use `destinations` instead */
     public Optional>> selfHostedDomains() {
         return Optional.ofNullable(this.selfHostedDomains);
     }
@@ -548,7 +587,9 @@ private ZeroTrustAccessApplicationArgs(ZeroTrustAccessApplicationArgs $) {
         this.customDenyUrl = $.customDenyUrl;
         this.customNonIdentityDenyUrl = $.customNonIdentityDenyUrl;
         this.customPages = $.customPages;
+        this.destinations = $.destinations;
         this.domain = $.domain;
+        this.domainType = $.domainType;
         this.enableBindingCookie = $.enableBindingCookie;
         this.footerLinks = $.footerLinks;
         this.headerBgColor = $.headerBgColor;
@@ -872,6 +913,37 @@ public Builder customPages(String... customPages) {
             return customPages(List.of(customPages));
         }
 
+        /**
+         * @param destinations A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder destinations(@Nullable Output> destinations) {
+            $.destinations = destinations;
+            return this;
+        }
+
+        /**
+         * @param destinations A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder destinations(List destinations) {
+            return destinations(Output.of(destinations));
+        }
+
+        /**
+         * @param destinations A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder destinations(ZeroTrustAccessApplicationDestinationArgs... destinations) {
+            return destinations(List.of(destinations));
+        }
+
         /**
          * @param domain The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
          * 
@@ -893,6 +965,27 @@ public Builder domain(String domain) {
             return domain(Output.of(domain));
         }
 
+        /**
+         * @param domainType The type of the primary domain. Available values: `public`, `private`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder domainType(@Nullable Output domainType) {
+            $.domainType = domainType;
+            return this;
+        }
+
+        /**
+         * @param domainType The type of the primary domain. Available values: `public`, `private`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder domainType(String domainType) {
+            return domainType(Output.of(domainType));
+        }
+
         /**
          * @param enableBindingCookie Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
          * 
@@ -1166,32 +1259,44 @@ public Builder scimConfig(ZeroTrustAccessApplicationScimConfigArgs scimConfig) {
         }
 
         /**
-         * @param selfHostedDomains List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+         * @param selfHostedDomains List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
          * 
          * @return builder
          * 
+         * @deprecated
+         * Use `destinations` instead
+         * 
          */
+        @Deprecated /* Use `destinations` instead */
         public Builder selfHostedDomains(@Nullable Output> selfHostedDomains) {
             $.selfHostedDomains = selfHostedDomains;
             return this;
         }
 
         /**
-         * @param selfHostedDomains List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+         * @param selfHostedDomains List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
          * 
          * @return builder
          * 
+         * @deprecated
+         * Use `destinations` instead
+         * 
          */
+        @Deprecated /* Use `destinations` instead */
         public Builder selfHostedDomains(List selfHostedDomains) {
             return selfHostedDomains(Output.of(selfHostedDomains));
         }
 
         /**
-         * @param selfHostedDomains List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+         * @param selfHostedDomains List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
          * 
          * @return builder
          * 
+         * @deprecated
+         * Use `destinations` instead
+         * 
          */
+        @Deprecated /* Use `destinations` instead */
         public Builder selfHostedDomains(String... selfHostedDomains) {
             return selfHostedDomains(List.of(selfHostedDomains));
         }
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/AccessApplicationDestinationArgs.java b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/AccessApplicationDestinationArgs.java
new file mode 100644
index 00000000..6b9a546b
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/AccessApplicationDestinationArgs.java
@@ -0,0 +1,124 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare.inputs;
+
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Import;
+import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.String;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+
+public final class AccessApplicationDestinationArgs extends com.pulumi.resources.ResourceArgs {
+
+    public static final AccessApplicationDestinationArgs Empty = new AccessApplicationDestinationArgs();
+
+    /**
+     * The destination type. Available values: `public`, `private`. Defaults to `public`.
+     * 
+     */
+    @Import(name="type")
+    private @Nullable Output type;
+
+    /**
+     * @return The destination type. Available values: `public`, `private`. Defaults to `public`.
+     * 
+     */
+    public Optional> type() {
+        return Optional.ofNullable(this.type);
+    }
+
+    /**
+     * The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+     * 
+     */
+    @Import(name="uri", required=true)
+    private Output uri;
+
+    /**
+     * @return The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+     * 
+     */
+    public Output uri() {
+        return this.uri;
+    }
+
+    private AccessApplicationDestinationArgs() {}
+
+    private AccessApplicationDestinationArgs(AccessApplicationDestinationArgs $) {
+        this.type = $.type;
+        this.uri = $.uri;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+    public static Builder builder(AccessApplicationDestinationArgs defaults) {
+        return new Builder(defaults);
+    }
+
+    public static final class Builder {
+        private AccessApplicationDestinationArgs $;
+
+        public Builder() {
+            $ = new AccessApplicationDestinationArgs();
+        }
+
+        public Builder(AccessApplicationDestinationArgs defaults) {
+            $ = new AccessApplicationDestinationArgs(Objects.requireNonNull(defaults));
+        }
+
+        /**
+         * @param type The destination type. Available values: `public`, `private`. Defaults to `public`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder type(@Nullable Output type) {
+            $.type = type;
+            return this;
+        }
+
+        /**
+         * @param type The destination type. Available values: `public`, `private`. Defaults to `public`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder type(String type) {
+            return type(Output.of(type));
+        }
+
+        /**
+         * @param uri The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder uri(Output uri) {
+            $.uri = uri;
+            return this;
+        }
+
+        /**
+         * @param uri The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder uri(String uri) {
+            return uri(Output.of(uri));
+        }
+
+        public AccessApplicationDestinationArgs build() {
+            if ($.uri == null) {
+                throw new MissingRequiredPropertyException("AccessApplicationDestinationArgs", "uri");
+            }
+            return $;
+        }
+    }
+
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/AccessApplicationState.java b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/AccessApplicationState.java
index c41ce4f3..b13f4a4d 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/AccessApplicationState.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/AccessApplicationState.java
@@ -4,6 +4,7 @@
 package com.pulumi.cloudflare.inputs;
 
 import com.pulumi.cloudflare.inputs.AccessApplicationCorsHeaderArgs;
+import com.pulumi.cloudflare.inputs.AccessApplicationDestinationArgs;
 import com.pulumi.cloudflare.inputs.AccessApplicationFooterLinkArgs;
 import com.pulumi.cloudflare.inputs.AccessApplicationLandingPageDesignArgs;
 import com.pulumi.cloudflare.inputs.AccessApplicationSaasAppArgs;
@@ -218,6 +219,21 @@ public Optional>> customPages() {
         return Optional.ofNullable(this.customPages);
     }
 
+    /**
+     * A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+     * 
+     */
+    @Import(name="destinations")
+    private @Nullable Output> destinations;
+
+    /**
+     * @return A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+     * 
+     */
+    public Optional>> destinations() {
+        return Optional.ofNullable(this.destinations);
+    }
+
     /**
      * The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
      * 
@@ -233,6 +249,21 @@ public Optional> domain() {
         return Optional.ofNullable(this.domain);
     }
 
+    /**
+     * The type of the primary domain. Available values: `public`, `private`.
+     * 
+     */
+    @Import(name="domainType")
+    private @Nullable Output domainType;
+
+    /**
+     * @return The type of the primary domain. Available values: `public`, `private`.
+     * 
+     */
+    public Optional> domainType() {
+        return Optional.ofNullable(this.domainType);
+    }
+
     /**
      * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
      * 
@@ -414,16 +445,24 @@ public Optional> scimConfig() {
     }
 
     /**
-     * List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+     * List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
+     * 
+     * @deprecated
+     * Use `destinations` instead
      * 
      */
+    @Deprecated /* Use `destinations` instead */
     @Import(name="selfHostedDomains")
     private @Nullable Output> selfHostedDomains;
 
     /**
-     * @return List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+     * @return List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
+     * 
+     * @deprecated
+     * Use `destinations` instead
      * 
      */
+    @Deprecated /* Use `destinations` instead */
     public Optional>> selfHostedDomains() {
         return Optional.ofNullable(this.selfHostedDomains);
     }
@@ -564,7 +603,9 @@ private AccessApplicationState(AccessApplicationState $) {
         this.customDenyUrl = $.customDenyUrl;
         this.customNonIdentityDenyUrl = $.customNonIdentityDenyUrl;
         this.customPages = $.customPages;
+        this.destinations = $.destinations;
         this.domain = $.domain;
+        this.domainType = $.domainType;
         this.enableBindingCookie = $.enableBindingCookie;
         this.footerLinks = $.footerLinks;
         this.headerBgColor = $.headerBgColor;
@@ -909,6 +950,37 @@ public Builder customPages(String... customPages) {
             return customPages(List.of(customPages));
         }
 
+        /**
+         * @param destinations A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder destinations(@Nullable Output> destinations) {
+            $.destinations = destinations;
+            return this;
+        }
+
+        /**
+         * @param destinations A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder destinations(List destinations) {
+            return destinations(Output.of(destinations));
+        }
+
+        /**
+         * @param destinations A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder destinations(AccessApplicationDestinationArgs... destinations) {
+            return destinations(List.of(destinations));
+        }
+
         /**
          * @param domain The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
          * 
@@ -930,6 +1002,27 @@ public Builder domain(String domain) {
             return domain(Output.of(domain));
         }
 
+        /**
+         * @param domainType The type of the primary domain. Available values: `public`, `private`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder domainType(@Nullable Output domainType) {
+            $.domainType = domainType;
+            return this;
+        }
+
+        /**
+         * @param domainType The type of the primary domain. Available values: `public`, `private`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder domainType(String domainType) {
+            return domainType(Output.of(domainType));
+        }
+
         /**
          * @param enableBindingCookie Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
          * 
@@ -1203,32 +1296,44 @@ public Builder scimConfig(AccessApplicationScimConfigArgs scimConfig) {
         }
 
         /**
-         * @param selfHostedDomains List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+         * @param selfHostedDomains List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
          * 
          * @return builder
          * 
+         * @deprecated
+         * Use `destinations` instead
+         * 
          */
+        @Deprecated /* Use `destinations` instead */
         public Builder selfHostedDomains(@Nullable Output> selfHostedDomains) {
             $.selfHostedDomains = selfHostedDomains;
             return this;
         }
 
         /**
-         * @param selfHostedDomains List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+         * @param selfHostedDomains List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
          * 
          * @return builder
          * 
+         * @deprecated
+         * Use `destinations` instead
+         * 
          */
+        @Deprecated /* Use `destinations` instead */
         public Builder selfHostedDomains(List selfHostedDomains) {
             return selfHostedDomains(Output.of(selfHostedDomains));
         }
 
         /**
-         * @param selfHostedDomains List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+         * @param selfHostedDomains List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
          * 
          * @return builder
          * 
+         * @deprecated
+         * Use `destinations` instead
+         * 
          */
+        @Deprecated /* Use `destinations` instead */
         public Builder selfHostedDomains(String... selfHostedDomains) {
             return selfHostedDomains(List.of(selfHostedDomains));
         }
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/AccessIdentityProviderScimConfigArgs.java b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/AccessIdentityProviderScimConfigArgs.java
index 5f147be5..ce2f2060 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/AccessIdentityProviderScimConfigArgs.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/AccessIdentityProviderScimConfigArgs.java
@@ -16,44 +16,92 @@ public final class AccessIdentityProviderScimConfigArgs extends com.pulumi.resou
 
     public static final AccessIdentityProviderScimConfigArgs Empty = new AccessIdentityProviderScimConfigArgs();
 
+    /**
+     * A flag to enable or disable SCIM for the identity provider.
+     * 
+     */
     @Import(name="enabled")
     private @Nullable Output enabled;
 
+    /**
+     * @return A flag to enable or disable SCIM for the identity provider.
+     * 
+     */
     public Optional> enabled() {
         return Optional.ofNullable(this.enabled);
     }
 
+    /**
+     * Deprecated. Use `identity_update_behavior`.
+     * 
+     */
     @Import(name="groupMemberDeprovision")
     private @Nullable Output groupMemberDeprovision;
 
+    /**
+     * @return Deprecated. Use `identity_update_behavior`.
+     * 
+     */
     public Optional> groupMemberDeprovision() {
         return Optional.ofNullable(this.groupMemberDeprovision);
     }
 
+    /**
+     * Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+     * 
+     */
     @Import(name="identityUpdateBehavior")
     private @Nullable Output identityUpdateBehavior;
 
+    /**
+     * @return Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+     * 
+     */
     public Optional> identityUpdateBehavior() {
         return Optional.ofNullable(this.identityUpdateBehavior);
     }
 
+    /**
+     * A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+     * 
+     */
     @Import(name="seatDeprovision")
     private @Nullable Output seatDeprovision;
 
+    /**
+     * @return A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+     * 
+     */
     public Optional> seatDeprovision() {
         return Optional.ofNullable(this.seatDeprovision);
     }
 
+    /**
+     * A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+     * 
+     */
     @Import(name="secret")
     private @Nullable Output secret;
 
+    /**
+     * @return A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+     * 
+     */
     public Optional> secret() {
         return Optional.ofNullable(this.secret);
     }
 
+    /**
+     * A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+     * 
+     */
     @Import(name="userDeprovision")
     private @Nullable Output userDeprovision;
 
+    /**
+     * @return A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+     * 
+     */
     public Optional> userDeprovision() {
         return Optional.ofNullable(this.userDeprovision);
     }
@@ -87,56 +135,128 @@ public Builder(AccessIdentityProviderScimConfigArgs defaults) {
             $ = new AccessIdentityProviderScimConfigArgs(Objects.requireNonNull(defaults));
         }
 
+        /**
+         * @param enabled A flag to enable or disable SCIM for the identity provider.
+         * 
+         * @return builder
+         * 
+         */
         public Builder enabled(@Nullable Output enabled) {
             $.enabled = enabled;
             return this;
         }
 
+        /**
+         * @param enabled A flag to enable or disable SCIM for the identity provider.
+         * 
+         * @return builder
+         * 
+         */
         public Builder enabled(Boolean enabled) {
             return enabled(Output.of(enabled));
         }
 
+        /**
+         * @param groupMemberDeprovision Deprecated. Use `identity_update_behavior`.
+         * 
+         * @return builder
+         * 
+         */
         public Builder groupMemberDeprovision(@Nullable Output groupMemberDeprovision) {
             $.groupMemberDeprovision = groupMemberDeprovision;
             return this;
         }
 
+        /**
+         * @param groupMemberDeprovision Deprecated. Use `identity_update_behavior`.
+         * 
+         * @return builder
+         * 
+         */
         public Builder groupMemberDeprovision(Boolean groupMemberDeprovision) {
             return groupMemberDeprovision(Output.of(groupMemberDeprovision));
         }
 
+        /**
+         * @param identityUpdateBehavior Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+         * 
+         * @return builder
+         * 
+         */
         public Builder identityUpdateBehavior(@Nullable Output identityUpdateBehavior) {
             $.identityUpdateBehavior = identityUpdateBehavior;
             return this;
         }
 
+        /**
+         * @param identityUpdateBehavior Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+         * 
+         * @return builder
+         * 
+         */
         public Builder identityUpdateBehavior(String identityUpdateBehavior) {
             return identityUpdateBehavior(Output.of(identityUpdateBehavior));
         }
 
+        /**
+         * @param seatDeprovision A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+         * 
+         * @return builder
+         * 
+         */
         public Builder seatDeprovision(@Nullable Output seatDeprovision) {
             $.seatDeprovision = seatDeprovision;
             return this;
         }
 
+        /**
+         * @param seatDeprovision A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+         * 
+         * @return builder
+         * 
+         */
         public Builder seatDeprovision(Boolean seatDeprovision) {
             return seatDeprovision(Output.of(seatDeprovision));
         }
 
+        /**
+         * @param secret A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+         * 
+         * @return builder
+         * 
+         */
         public Builder secret(@Nullable Output secret) {
             $.secret = secret;
             return this;
         }
 
+        /**
+         * @param secret A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+         * 
+         * @return builder
+         * 
+         */
         public Builder secret(String secret) {
             return secret(Output.of(secret));
         }
 
+        /**
+         * @param userDeprovision A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+         * 
+         * @return builder
+         * 
+         */
         public Builder userDeprovision(@Nullable Output userDeprovision) {
             $.userDeprovision = userDeprovision;
             return this;
         }
 
+        /**
+         * @param userDeprovision A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+         * 
+         * @return builder
+         * 
+         */
         public Builder userDeprovision(Boolean userDeprovision) {
             return userDeprovision(Output.of(userDeprovision));
         }
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/AccessPolicyConnectionRulesSshArgs.java b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/AccessPolicyConnectionRulesSshArgs.java
index 1343480a..691b7661 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/AccessPolicyConnectionRulesSshArgs.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/AccessPolicyConnectionRulesSshArgs.java
@@ -6,15 +6,33 @@
 import com.pulumi.core.Output;
 import com.pulumi.core.annotations.Import;
 import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.Boolean;
 import java.lang.String;
 import java.util.List;
 import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
 
 
 public final class AccessPolicyConnectionRulesSshArgs extends com.pulumi.resources.ResourceArgs {
 
     public static final AccessPolicyConnectionRulesSshArgs Empty = new AccessPolicyConnectionRulesSshArgs();
 
+    /**
+     * Allows connecting to Unix username that matches the authenticating email prefix.
+     * 
+     */
+    @Import(name="allowEmailAlias")
+    private @Nullable Output allowEmailAlias;
+
+    /**
+     * @return Allows connecting to Unix username that matches the authenticating email prefix.
+     * 
+     */
+    public Optional> allowEmailAlias() {
+        return Optional.ofNullable(this.allowEmailAlias);
+    }
+
     /**
      * Contains the Unix usernames that may be used when connecting over SSH.
      * 
@@ -33,6 +51,7 @@ public Output> usernames() {
     private AccessPolicyConnectionRulesSshArgs() {}
 
     private AccessPolicyConnectionRulesSshArgs(AccessPolicyConnectionRulesSshArgs $) {
+        this.allowEmailAlias = $.allowEmailAlias;
         this.usernames = $.usernames;
     }
 
@@ -54,6 +73,27 @@ public Builder(AccessPolicyConnectionRulesSshArgs defaults) {
             $ = new AccessPolicyConnectionRulesSshArgs(Objects.requireNonNull(defaults));
         }
 
+        /**
+         * @param allowEmailAlias Allows connecting to Unix username that matches the authenticating email prefix.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder allowEmailAlias(@Nullable Output allowEmailAlias) {
+            $.allowEmailAlias = allowEmailAlias;
+            return this;
+        }
+
+        /**
+         * @param allowEmailAlias Allows connecting to Unix username that matches the authenticating email prefix.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder allowEmailAlias(Boolean allowEmailAlias) {
+            return allowEmailAlias(Output.of(allowEmailAlias));
+        }
+
         /**
          * @param usernames Contains the Unix usernames that may be used when connecting over SSH.
          * 
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/LeakedCredentialCheckRuleState.java b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/LeakedCredentialCheckRuleState.java
new file mode 100644
index 00000000..7c5704cc
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/LeakedCredentialCheckRuleState.java
@@ -0,0 +1,157 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare.inputs;
+
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Import;
+import java.lang.String;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+
+public final class LeakedCredentialCheckRuleState extends com.pulumi.resources.ResourceArgs {
+
+    public static final LeakedCredentialCheckRuleState Empty = new LeakedCredentialCheckRuleState();
+
+    /**
+     * The ruleset expression to use in matching the password in a request
+     * 
+     */
+    @Import(name="password")
+    private @Nullable Output password;
+
+    /**
+     * @return The ruleset expression to use in matching the password in a request
+     * 
+     */
+    public Optional> password() {
+        return Optional.ofNullable(this.password);
+    }
+
+    /**
+     * The ruleset expression to use in matching the username in a request.
+     * 
+     */
+    @Import(name="username")
+    private @Nullable Output username;
+
+    /**
+     * @return The ruleset expression to use in matching the username in a request.
+     * 
+     */
+    public Optional> username() {
+        return Optional.ofNullable(this.username);
+    }
+
+    /**
+     * The zone identifier to target for the resource.
+     * 
+     */
+    @Import(name="zoneId")
+    private @Nullable Output zoneId;
+
+    /**
+     * @return The zone identifier to target for the resource.
+     * 
+     */
+    public Optional> zoneId() {
+        return Optional.ofNullable(this.zoneId);
+    }
+
+    private LeakedCredentialCheckRuleState() {}
+
+    private LeakedCredentialCheckRuleState(LeakedCredentialCheckRuleState $) {
+        this.password = $.password;
+        this.username = $.username;
+        this.zoneId = $.zoneId;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+    public static Builder builder(LeakedCredentialCheckRuleState defaults) {
+        return new Builder(defaults);
+    }
+
+    public static final class Builder {
+        private LeakedCredentialCheckRuleState $;
+
+        public Builder() {
+            $ = new LeakedCredentialCheckRuleState();
+        }
+
+        public Builder(LeakedCredentialCheckRuleState defaults) {
+            $ = new LeakedCredentialCheckRuleState(Objects.requireNonNull(defaults));
+        }
+
+        /**
+         * @param password The ruleset expression to use in matching the password in a request
+         * 
+         * @return builder
+         * 
+         */
+        public Builder password(@Nullable Output password) {
+            $.password = password;
+            return this;
+        }
+
+        /**
+         * @param password The ruleset expression to use in matching the password in a request
+         * 
+         * @return builder
+         * 
+         */
+        public Builder password(String password) {
+            return password(Output.of(password));
+        }
+
+        /**
+         * @param username The ruleset expression to use in matching the username in a request.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder username(@Nullable Output username) {
+            $.username = username;
+            return this;
+        }
+
+        /**
+         * @param username The ruleset expression to use in matching the username in a request.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder username(String username) {
+            return username(Output.of(username));
+        }
+
+        /**
+         * @param zoneId The zone identifier to target for the resource.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder zoneId(@Nullable Output zoneId) {
+            $.zoneId = zoneId;
+            return this;
+        }
+
+        /**
+         * @param zoneId The zone identifier to target for the resource.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder zoneId(String zoneId) {
+            return zoneId(Output.of(zoneId));
+        }
+
+        public LeakedCredentialCheckRuleState build() {
+            return $;
+        }
+    }
+
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/LeakedCredentialCheckState.java b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/LeakedCredentialCheckState.java
new file mode 100644
index 00000000..7ba2d1a8
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/LeakedCredentialCheckState.java
@@ -0,0 +1,121 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare.inputs;
+
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Import;
+import java.lang.Boolean;
+import java.lang.String;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+
+public final class LeakedCredentialCheckState extends com.pulumi.resources.ResourceArgs {
+
+    public static final LeakedCredentialCheckState Empty = new LeakedCredentialCheckState();
+
+    /**
+     * State of the Leaked Credential Check detection
+     * 
+     */
+    @Import(name="enabled")
+    private @Nullable Output enabled;
+
+    /**
+     * @return State of the Leaked Credential Check detection
+     * 
+     */
+    public Optional> enabled() {
+        return Optional.ofNullable(this.enabled);
+    }
+
+    /**
+     * The zone identifier to target for the resource.
+     * 
+     */
+    @Import(name="zoneId")
+    private @Nullable Output zoneId;
+
+    /**
+     * @return The zone identifier to target for the resource.
+     * 
+     */
+    public Optional> zoneId() {
+        return Optional.ofNullable(this.zoneId);
+    }
+
+    private LeakedCredentialCheckState() {}
+
+    private LeakedCredentialCheckState(LeakedCredentialCheckState $) {
+        this.enabled = $.enabled;
+        this.zoneId = $.zoneId;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+    public static Builder builder(LeakedCredentialCheckState defaults) {
+        return new Builder(defaults);
+    }
+
+    public static final class Builder {
+        private LeakedCredentialCheckState $;
+
+        public Builder() {
+            $ = new LeakedCredentialCheckState();
+        }
+
+        public Builder(LeakedCredentialCheckState defaults) {
+            $ = new LeakedCredentialCheckState(Objects.requireNonNull(defaults));
+        }
+
+        /**
+         * @param enabled State of the Leaked Credential Check detection
+         * 
+         * @return builder
+         * 
+         */
+        public Builder enabled(@Nullable Output enabled) {
+            $.enabled = enabled;
+            return this;
+        }
+
+        /**
+         * @param enabled State of the Leaked Credential Check detection
+         * 
+         * @return builder
+         * 
+         */
+        public Builder enabled(Boolean enabled) {
+            return enabled(Output.of(enabled));
+        }
+
+        /**
+         * @param zoneId The zone identifier to target for the resource.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder zoneId(@Nullable Output zoneId) {
+            $.zoneId = zoneId;
+            return this;
+        }
+
+        /**
+         * @param zoneId The zone identifier to target for the resource.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder zoneId(String zoneId) {
+            return zoneId(Output.of(zoneId));
+        }
+
+        public LeakedCredentialCheckState build() {
+            return $;
+        }
+    }
+
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/NotificationPolicyFiltersArgs.java b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/NotificationPolicyFiltersArgs.java
index e469bfd1..97b399f7 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/NotificationPolicyFiltersArgs.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/NotificationPolicyFiltersArgs.java
@@ -32,14 +32,14 @@ public Optional>> actions() {
     }
 
     /**
-     * Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
+     * Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
      * 
      */
     @Import(name="affectedComponents")
     private @Nullable Output> affectedComponents;
 
     /**
-     * @return Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
+     * @return Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
      * 
      */
     public Optional>> affectedComponents() {
@@ -607,7 +607,7 @@ public Builder actions(String... actions) {
         }
 
         /**
-         * @param affectedComponents Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
+         * @param affectedComponents Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
          * 
          * @return builder
          * 
@@ -618,7 +618,7 @@ public Builder affectedComponents(@Nullable Output> affectedCompone
         }
 
         /**
-         * @param affectedComponents Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
+         * @param affectedComponents Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
          * 
          * @return builder
          * 
@@ -628,7 +628,7 @@ public Builder affectedComponents(List affectedComponents) {
         }
 
         /**
-         * @param affectedComponents Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
+         * @param affectedComponents Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
          * 
          * @return builder
          * 
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/RulesetRuleActionParametersArgs.java b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/RulesetRuleActionParametersArgs.java
index 4480fa11..be12803a 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/RulesetRuleActionParametersArgs.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/RulesetRuleActionParametersArgs.java
@@ -822,21 +822,6 @@ public Optional> uri() {
         return Optional.ofNullable(this.uri);
     }
 
-    /**
-     * Version of the ruleset to deploy.
-     * 
-     */
-    @Import(name="version")
-    private @Nullable Output version;
-
-    /**
-     * @return Version of the ruleset to deploy.
-     * 
-     */
-    public Optional> version() {
-        return Optional.ofNullable(this.version);
-    }
-
     private RulesetRuleActionParametersArgs() {}
 
     private RulesetRuleActionParametersArgs(RulesetRuleActionParametersArgs $) {
@@ -893,7 +878,6 @@ private RulesetRuleActionParametersArgs(RulesetRuleActionParametersArgs $) {
         this.statusCode = $.statusCode;
         this.sxg = $.sxg;
         this.uri = $.uri;
-        this.version = $.version;
     }
 
     public static Builder builder() {
@@ -2125,27 +2109,6 @@ public Builder uri(RulesetRuleActionParametersUriArgs uri) {
             return uri(Output.of(uri));
         }
 
-        /**
-         * @param version Version of the ruleset to deploy.
-         * 
-         * @return builder
-         * 
-         */
-        public Builder version(@Nullable Output version) {
-            $.version = version;
-            return this;
-        }
-
-        /**
-         * @param version Version of the ruleset to deploy.
-         * 
-         * @return builder
-         * 
-         */
-        public Builder version(String version) {
-            return version(Output.of(version));
-        }
-
         public RulesetRuleActionParametersArgs build() {
             return $;
         }
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/RulesetRuleArgs.java b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/RulesetRuleArgs.java
index 2f8fe89e..30a7e9d2 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/RulesetRuleArgs.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/RulesetRuleArgs.java
@@ -126,21 +126,6 @@ public Optional> id() {
         return Optional.ofNullable(this.id);
     }
 
-    /**
-     * The most recent update to this rule.
-     * 
-     */
-    @Import(name="lastUpdated")
-    private @Nullable Output lastUpdated;
-
-    /**
-     * @return The most recent update to this rule.
-     * 
-     */
-    public Optional> lastUpdated() {
-        return Optional.ofNullable(this.lastUpdated);
-    }
-
     /**
      * List parameters to configure how the rule generates logs. Only valid for skip action.
      * 
@@ -186,21 +171,6 @@ public Optional> ref() {
         return Optional.ofNullable(this.ref);
     }
 
-    /**
-     * Version of the ruleset to deploy.
-     * 
-     */
-    @Import(name="version")
-    private @Nullable Output version;
-
-    /**
-     * @return Version of the ruleset to deploy.
-     * 
-     */
-    public Optional> version() {
-        return Optional.ofNullable(this.version);
-    }
-
     private RulesetRuleArgs() {}
 
     private RulesetRuleArgs(RulesetRuleArgs $) {
@@ -211,11 +181,9 @@ private RulesetRuleArgs(RulesetRuleArgs $) {
         this.exposedCredentialCheck = $.exposedCredentialCheck;
         this.expression = $.expression;
         this.id = $.id;
-        this.lastUpdated = $.lastUpdated;
         this.logging = $.logging;
         this.ratelimit = $.ratelimit;
         this.ref = $.ref;
-        this.version = $.version;
     }
 
     public static Builder builder() {
@@ -383,27 +351,6 @@ public Builder id(String id) {
             return id(Output.of(id));
         }
 
-        /**
-         * @param lastUpdated The most recent update to this rule.
-         * 
-         * @return builder
-         * 
-         */
-        public Builder lastUpdated(@Nullable Output lastUpdated) {
-            $.lastUpdated = lastUpdated;
-            return this;
-        }
-
-        /**
-         * @param lastUpdated The most recent update to this rule.
-         * 
-         * @return builder
-         * 
-         */
-        public Builder lastUpdated(String lastUpdated) {
-            return lastUpdated(Output.of(lastUpdated));
-        }
-
         /**
          * @param logging List parameters to configure how the rule generates logs. Only valid for skip action.
          * 
@@ -467,27 +414,6 @@ public Builder ref(String ref) {
             return ref(Output.of(ref));
         }
 
-        /**
-         * @param version Version of the ruleset to deploy.
-         * 
-         * @return builder
-         * 
-         */
-        public Builder version(@Nullable Output version) {
-            $.version = version;
-            return this;
-        }
-
-        /**
-         * @param version Version of the ruleset to deploy.
-         * 
-         * @return builder
-         * 
-         */
-        public Builder version(String version) {
-            return version(Output.of(version));
-        }
-
         public RulesetRuleArgs build() {
             if ($.expression == null) {
                 throw new MissingRequiredPropertyException("RulesetRuleArgs", "expression");
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/SnippetFileArgs.java b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/SnippetFileArgs.java
new file mode 100644
index 00000000..5dbd6ffd
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/SnippetFileArgs.java
@@ -0,0 +1,124 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare.inputs;
+
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Import;
+import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.String;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+
+public final class SnippetFileArgs extends com.pulumi.resources.ResourceArgs {
+
+    public static final SnippetFileArgs Empty = new SnippetFileArgs();
+
+    /**
+     * Content of the snippet file.
+     * 
+     */
+    @Import(name="content")
+    private @Nullable Output content;
+
+    /**
+     * @return Content of the snippet file.
+     * 
+     */
+    public Optional> content() {
+        return Optional.ofNullable(this.content);
+    }
+
+    /**
+     * Name of the snippet file.
+     * 
+     */
+    @Import(name="name", required=true)
+    private Output name;
+
+    /**
+     * @return Name of the snippet file.
+     * 
+     */
+    public Output name() {
+        return this.name;
+    }
+
+    private SnippetFileArgs() {}
+
+    private SnippetFileArgs(SnippetFileArgs $) {
+        this.content = $.content;
+        this.name = $.name;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+    public static Builder builder(SnippetFileArgs defaults) {
+        return new Builder(defaults);
+    }
+
+    public static final class Builder {
+        private SnippetFileArgs $;
+
+        public Builder() {
+            $ = new SnippetFileArgs();
+        }
+
+        public Builder(SnippetFileArgs defaults) {
+            $ = new SnippetFileArgs(Objects.requireNonNull(defaults));
+        }
+
+        /**
+         * @param content Content of the snippet file.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder content(@Nullable Output content) {
+            $.content = content;
+            return this;
+        }
+
+        /**
+         * @param content Content of the snippet file.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder content(String content) {
+            return content(Output.of(content));
+        }
+
+        /**
+         * @param name Name of the snippet file.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder name(Output name) {
+            $.name = name;
+            return this;
+        }
+
+        /**
+         * @param name Name of the snippet file.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder name(String name) {
+            return name(Output.of(name));
+        }
+
+        public SnippetFileArgs build() {
+            if ($.name == null) {
+                throw new MissingRequiredPropertyException("SnippetFileArgs", "name");
+            }
+            return $;
+        }
+    }
+
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/SnippetRulesRuleArgs.java b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/SnippetRulesRuleArgs.java
new file mode 100644
index 00000000..c9fcd4df
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/SnippetRulesRuleArgs.java
@@ -0,0 +1,202 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare.inputs;
+
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Import;
+import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.Boolean;
+import java.lang.String;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+
+public final class SnippetRulesRuleArgs extends com.pulumi.resources.ResourceArgs {
+
+    public static final SnippetRulesRuleArgs Empty = new SnippetRulesRuleArgs();
+
+    /**
+     * Brief summary of the snippet rule and its intended use.
+     * 
+     */
+    @Import(name="description")
+    private @Nullable Output description;
+
+    /**
+     * @return Brief summary of the snippet rule and its intended use.
+     * 
+     */
+    public Optional> description() {
+        return Optional.ofNullable(this.description);
+    }
+
+    /**
+     * Whether the headers rule is active.
+     * 
+     */
+    @Import(name="enabled")
+    private @Nullable Output enabled;
+
+    /**
+     * @return Whether the headers rule is active.
+     * 
+     */
+    public Optional> enabled() {
+        return Optional.ofNullable(this.enabled);
+    }
+
+    /**
+     * Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters.
+     * 
+     */
+    @Import(name="expression", required=true)
+    private Output expression;
+
+    /**
+     * @return Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters.
+     * 
+     */
+    public Output expression() {
+        return this.expression;
+    }
+
+    /**
+     * Name of the snippet invoked by this rule.
+     * 
+     */
+    @Import(name="snippetName", required=true)
+    private Output snippetName;
+
+    /**
+     * @return Name of the snippet invoked by this rule.
+     * 
+     */
+    public Output snippetName() {
+        return this.snippetName;
+    }
+
+    private SnippetRulesRuleArgs() {}
+
+    private SnippetRulesRuleArgs(SnippetRulesRuleArgs $) {
+        this.description = $.description;
+        this.enabled = $.enabled;
+        this.expression = $.expression;
+        this.snippetName = $.snippetName;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+    public static Builder builder(SnippetRulesRuleArgs defaults) {
+        return new Builder(defaults);
+    }
+
+    public static final class Builder {
+        private SnippetRulesRuleArgs $;
+
+        public Builder() {
+            $ = new SnippetRulesRuleArgs();
+        }
+
+        public Builder(SnippetRulesRuleArgs defaults) {
+            $ = new SnippetRulesRuleArgs(Objects.requireNonNull(defaults));
+        }
+
+        /**
+         * @param description Brief summary of the snippet rule and its intended use.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder description(@Nullable Output description) {
+            $.description = description;
+            return this;
+        }
+
+        /**
+         * @param description Brief summary of the snippet rule and its intended use.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder description(String description) {
+            return description(Output.of(description));
+        }
+
+        /**
+         * @param enabled Whether the headers rule is active.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder enabled(@Nullable Output enabled) {
+            $.enabled = enabled;
+            return this;
+        }
+
+        /**
+         * @param enabled Whether the headers rule is active.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder enabled(Boolean enabled) {
+            return enabled(Output.of(enabled));
+        }
+
+        /**
+         * @param expression Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder expression(Output expression) {
+            $.expression = expression;
+            return this;
+        }
+
+        /**
+         * @param expression Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder expression(String expression) {
+            return expression(Output.of(expression));
+        }
+
+        /**
+         * @param snippetName Name of the snippet invoked by this rule.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder snippetName(Output snippetName) {
+            $.snippetName = snippetName;
+            return this;
+        }
+
+        /**
+         * @param snippetName Name of the snippet invoked by this rule.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder snippetName(String snippetName) {
+            return snippetName(Output.of(snippetName));
+        }
+
+        public SnippetRulesRuleArgs build() {
+            if ($.expression == null) {
+                throw new MissingRequiredPropertyException("SnippetRulesRuleArgs", "expression");
+            }
+            if ($.snippetName == null) {
+                throw new MissingRequiredPropertyException("SnippetRulesRuleArgs", "snippetName");
+            }
+            return $;
+        }
+    }
+
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/SnippetRulesState.java b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/SnippetRulesState.java
new file mode 100644
index 00000000..94786122
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/SnippetRulesState.java
@@ -0,0 +1,132 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare.inputs;
+
+import com.pulumi.cloudflare.inputs.SnippetRulesRuleArgs;
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Import;
+import java.lang.String;
+import java.util.List;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+
+public final class SnippetRulesState extends com.pulumi.resources.ResourceArgs {
+
+    public static final SnippetRulesState Empty = new SnippetRulesState();
+
+    /**
+     * List of Snippet Rules
+     * 
+     */
+    @Import(name="rules")
+    private @Nullable Output> rules;
+
+    /**
+     * @return List of Snippet Rules
+     * 
+     */
+    public Optional>> rules() {
+        return Optional.ofNullable(this.rules);
+    }
+
+    /**
+     * The zone identifier to target for the resource.
+     * 
+     */
+    @Import(name="zoneId")
+    private @Nullable Output zoneId;
+
+    /**
+     * @return The zone identifier to target for the resource.
+     * 
+     */
+    public Optional> zoneId() {
+        return Optional.ofNullable(this.zoneId);
+    }
+
+    private SnippetRulesState() {}
+
+    private SnippetRulesState(SnippetRulesState $) {
+        this.rules = $.rules;
+        this.zoneId = $.zoneId;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+    public static Builder builder(SnippetRulesState defaults) {
+        return new Builder(defaults);
+    }
+
+    public static final class Builder {
+        private SnippetRulesState $;
+
+        public Builder() {
+            $ = new SnippetRulesState();
+        }
+
+        public Builder(SnippetRulesState defaults) {
+            $ = new SnippetRulesState(Objects.requireNonNull(defaults));
+        }
+
+        /**
+         * @param rules List of Snippet Rules
+         * 
+         * @return builder
+         * 
+         */
+        public Builder rules(@Nullable Output> rules) {
+            $.rules = rules;
+            return this;
+        }
+
+        /**
+         * @param rules List of Snippet Rules
+         * 
+         * @return builder
+         * 
+         */
+        public Builder rules(List rules) {
+            return rules(Output.of(rules));
+        }
+
+        /**
+         * @param rules List of Snippet Rules
+         * 
+         * @return builder
+         * 
+         */
+        public Builder rules(SnippetRulesRuleArgs... rules) {
+            return rules(List.of(rules));
+        }
+
+        /**
+         * @param zoneId The zone identifier to target for the resource.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder zoneId(@Nullable Output zoneId) {
+            $.zoneId = zoneId;
+            return this;
+        }
+
+        /**
+         * @param zoneId The zone identifier to target for the resource.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder zoneId(String zoneId) {
+            return zoneId(Output.of(zoneId));
+        }
+
+        public SnippetRulesState build() {
+            return $;
+        }
+    }
+
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/SnippetState.java b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/SnippetState.java
new file mode 100644
index 00000000..d9b3bc47
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/SnippetState.java
@@ -0,0 +1,206 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare.inputs;
+
+import com.pulumi.cloudflare.inputs.SnippetFileArgs;
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Import;
+import java.lang.String;
+import java.util.List;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+
+public final class SnippetState extends com.pulumi.resources.ResourceArgs {
+
+    public static final SnippetState Empty = new SnippetState();
+
+    /**
+     * List of Snippet Files
+     * 
+     */
+    @Import(name="files")
+    private @Nullable Output> files;
+
+    /**
+     * @return List of Snippet Files
+     * 
+     */
+    public Optional>> files() {
+        return Optional.ofNullable(this.files);
+    }
+
+    /**
+     * Main module file name of the snippet.
+     * 
+     */
+    @Import(name="mainModule")
+    private @Nullable Output mainModule;
+
+    /**
+     * @return Main module file name of the snippet.
+     * 
+     */
+    public Optional> mainModule() {
+        return Optional.ofNullable(this.mainModule);
+    }
+
+    /**
+     * Name of the snippet.
+     * 
+     */
+    @Import(name="name")
+    private @Nullable Output name;
+
+    /**
+     * @return Name of the snippet.
+     * 
+     */
+    public Optional> name() {
+        return Optional.ofNullable(this.name);
+    }
+
+    /**
+     * The zone identifier to target for the resource.
+     * 
+     */
+    @Import(name="zoneId")
+    private @Nullable Output zoneId;
+
+    /**
+     * @return The zone identifier to target for the resource.
+     * 
+     */
+    public Optional> zoneId() {
+        return Optional.ofNullable(this.zoneId);
+    }
+
+    private SnippetState() {}
+
+    private SnippetState(SnippetState $) {
+        this.files = $.files;
+        this.mainModule = $.mainModule;
+        this.name = $.name;
+        this.zoneId = $.zoneId;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+    public static Builder builder(SnippetState defaults) {
+        return new Builder(defaults);
+    }
+
+    public static final class Builder {
+        private SnippetState $;
+
+        public Builder() {
+            $ = new SnippetState();
+        }
+
+        public Builder(SnippetState defaults) {
+            $ = new SnippetState(Objects.requireNonNull(defaults));
+        }
+
+        /**
+         * @param files List of Snippet Files
+         * 
+         * @return builder
+         * 
+         */
+        public Builder files(@Nullable Output> files) {
+            $.files = files;
+            return this;
+        }
+
+        /**
+         * @param files List of Snippet Files
+         * 
+         * @return builder
+         * 
+         */
+        public Builder files(List files) {
+            return files(Output.of(files));
+        }
+
+        /**
+         * @param files List of Snippet Files
+         * 
+         * @return builder
+         * 
+         */
+        public Builder files(SnippetFileArgs... files) {
+            return files(List.of(files));
+        }
+
+        /**
+         * @param mainModule Main module file name of the snippet.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder mainModule(@Nullable Output mainModule) {
+            $.mainModule = mainModule;
+            return this;
+        }
+
+        /**
+         * @param mainModule Main module file name of the snippet.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder mainModule(String mainModule) {
+            return mainModule(Output.of(mainModule));
+        }
+
+        /**
+         * @param name Name of the snippet.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder name(@Nullable Output name) {
+            $.name = name;
+            return this;
+        }
+
+        /**
+         * @param name Name of the snippet.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder name(String name) {
+            return name(Output.of(name));
+        }
+
+        /**
+         * @param zoneId The zone identifier to target for the resource.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder zoneId(@Nullable Output zoneId) {
+            $.zoneId = zoneId;
+            return this;
+        }
+
+        /**
+         * @param zoneId The zone identifier to target for the resource.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder zoneId(String zoneId) {
+            return zoneId(Output.of(zoneId));
+        }
+
+        public SnippetState build() {
+            return $;
+        }
+    }
+
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/ZeroTrustAccessApplicationDestinationArgs.java b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/ZeroTrustAccessApplicationDestinationArgs.java
new file mode 100644
index 00000000..848a2a51
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/ZeroTrustAccessApplicationDestinationArgs.java
@@ -0,0 +1,124 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare.inputs;
+
+import com.pulumi.core.Output;
+import com.pulumi.core.annotations.Import;
+import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.String;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+
+public final class ZeroTrustAccessApplicationDestinationArgs extends com.pulumi.resources.ResourceArgs {
+
+    public static final ZeroTrustAccessApplicationDestinationArgs Empty = new ZeroTrustAccessApplicationDestinationArgs();
+
+    /**
+     * The destination type. Available values: `public`, `private`. Defaults to `public`.
+     * 
+     */
+    @Import(name="type")
+    private @Nullable Output type;
+
+    /**
+     * @return The destination type. Available values: `public`, `private`. Defaults to `public`.
+     * 
+     */
+    public Optional> type() {
+        return Optional.ofNullable(this.type);
+    }
+
+    /**
+     * The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+     * 
+     */
+    @Import(name="uri", required=true)
+    private Output uri;
+
+    /**
+     * @return The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+     * 
+     */
+    public Output uri() {
+        return this.uri;
+    }
+
+    private ZeroTrustAccessApplicationDestinationArgs() {}
+
+    private ZeroTrustAccessApplicationDestinationArgs(ZeroTrustAccessApplicationDestinationArgs $) {
+        this.type = $.type;
+        this.uri = $.uri;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+    public static Builder builder(ZeroTrustAccessApplicationDestinationArgs defaults) {
+        return new Builder(defaults);
+    }
+
+    public static final class Builder {
+        private ZeroTrustAccessApplicationDestinationArgs $;
+
+        public Builder() {
+            $ = new ZeroTrustAccessApplicationDestinationArgs();
+        }
+
+        public Builder(ZeroTrustAccessApplicationDestinationArgs defaults) {
+            $ = new ZeroTrustAccessApplicationDestinationArgs(Objects.requireNonNull(defaults));
+        }
+
+        /**
+         * @param type The destination type. Available values: `public`, `private`. Defaults to `public`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder type(@Nullable Output type) {
+            $.type = type;
+            return this;
+        }
+
+        /**
+         * @param type The destination type. Available values: `public`, `private`. Defaults to `public`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder type(String type) {
+            return type(Output.of(type));
+        }
+
+        /**
+         * @param uri The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder uri(Output uri) {
+            $.uri = uri;
+            return this;
+        }
+
+        /**
+         * @param uri The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder uri(String uri) {
+            return uri(Output.of(uri));
+        }
+
+        public ZeroTrustAccessApplicationDestinationArgs build() {
+            if ($.uri == null) {
+                throw new MissingRequiredPropertyException("ZeroTrustAccessApplicationDestinationArgs", "uri");
+            }
+            return $;
+        }
+    }
+
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/ZeroTrustAccessApplicationState.java b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/ZeroTrustAccessApplicationState.java
index dda36db9..7d088b77 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/ZeroTrustAccessApplicationState.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/ZeroTrustAccessApplicationState.java
@@ -4,6 +4,7 @@
 package com.pulumi.cloudflare.inputs;
 
 import com.pulumi.cloudflare.inputs.ZeroTrustAccessApplicationCorsHeaderArgs;
+import com.pulumi.cloudflare.inputs.ZeroTrustAccessApplicationDestinationArgs;
 import com.pulumi.cloudflare.inputs.ZeroTrustAccessApplicationFooterLinkArgs;
 import com.pulumi.cloudflare.inputs.ZeroTrustAccessApplicationLandingPageDesignArgs;
 import com.pulumi.cloudflare.inputs.ZeroTrustAccessApplicationSaasAppArgs;
@@ -218,6 +219,21 @@ public Optional>> customPages() {
         return Optional.ofNullable(this.customPages);
     }
 
+    /**
+     * A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+     * 
+     */
+    @Import(name="destinations")
+    private @Nullable Output> destinations;
+
+    /**
+     * @return A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+     * 
+     */
+    public Optional>> destinations() {
+        return Optional.ofNullable(this.destinations);
+    }
+
     /**
      * The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
      * 
@@ -233,6 +249,21 @@ public Optional> domain() {
         return Optional.ofNullable(this.domain);
     }
 
+    /**
+     * The type of the primary domain. Available values: `public`, `private`.
+     * 
+     */
+    @Import(name="domainType")
+    private @Nullable Output domainType;
+
+    /**
+     * @return The type of the primary domain. Available values: `public`, `private`.
+     * 
+     */
+    public Optional> domainType() {
+        return Optional.ofNullable(this.domainType);
+    }
+
     /**
      * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
      * 
@@ -414,16 +445,24 @@ public Optional> scimConfig() {
     }
 
     /**
-     * List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+     * List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
+     * 
+     * @deprecated
+     * Use `destinations` instead
      * 
      */
+    @Deprecated /* Use `destinations` instead */
     @Import(name="selfHostedDomains")
     private @Nullable Output> selfHostedDomains;
 
     /**
-     * @return List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+     * @return List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
+     * 
+     * @deprecated
+     * Use `destinations` instead
      * 
      */
+    @Deprecated /* Use `destinations` instead */
     public Optional>> selfHostedDomains() {
         return Optional.ofNullable(this.selfHostedDomains);
     }
@@ -564,7 +603,9 @@ private ZeroTrustAccessApplicationState(ZeroTrustAccessApplicationState $) {
         this.customDenyUrl = $.customDenyUrl;
         this.customNonIdentityDenyUrl = $.customNonIdentityDenyUrl;
         this.customPages = $.customPages;
+        this.destinations = $.destinations;
         this.domain = $.domain;
+        this.domainType = $.domainType;
         this.enableBindingCookie = $.enableBindingCookie;
         this.footerLinks = $.footerLinks;
         this.headerBgColor = $.headerBgColor;
@@ -909,6 +950,37 @@ public Builder customPages(String... customPages) {
             return customPages(List.of(customPages));
         }
 
+        /**
+         * @param destinations A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder destinations(@Nullable Output> destinations) {
+            $.destinations = destinations;
+            return this;
+        }
+
+        /**
+         * @param destinations A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder destinations(List destinations) {
+            return destinations(Output.of(destinations));
+        }
+
+        /**
+         * @param destinations A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder destinations(ZeroTrustAccessApplicationDestinationArgs... destinations) {
+            return destinations(List.of(destinations));
+        }
+
         /**
          * @param domain The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
          * 
@@ -930,6 +1002,27 @@ public Builder domain(String domain) {
             return domain(Output.of(domain));
         }
 
+        /**
+         * @param domainType The type of the primary domain. Available values: `public`, `private`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder domainType(@Nullable Output domainType) {
+            $.domainType = domainType;
+            return this;
+        }
+
+        /**
+         * @param domainType The type of the primary domain. Available values: `public`, `private`.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder domainType(String domainType) {
+            return domainType(Output.of(domainType));
+        }
+
         /**
          * @param enableBindingCookie Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
          * 
@@ -1203,32 +1296,44 @@ public Builder scimConfig(ZeroTrustAccessApplicationScimConfigArgs scimConfig) {
         }
 
         /**
-         * @param selfHostedDomains List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+         * @param selfHostedDomains List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
          * 
          * @return builder
          * 
+         * @deprecated
+         * Use `destinations` instead
+         * 
          */
+        @Deprecated /* Use `destinations` instead */
         public Builder selfHostedDomains(@Nullable Output> selfHostedDomains) {
             $.selfHostedDomains = selfHostedDomains;
             return this;
         }
 
         /**
-         * @param selfHostedDomains List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+         * @param selfHostedDomains List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
          * 
          * @return builder
          * 
+         * @deprecated
+         * Use `destinations` instead
+         * 
          */
+        @Deprecated /* Use `destinations` instead */
         public Builder selfHostedDomains(List selfHostedDomains) {
             return selfHostedDomains(Output.of(selfHostedDomains));
         }
 
         /**
-         * @param selfHostedDomains List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+         * @param selfHostedDomains List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
          * 
          * @return builder
          * 
+         * @deprecated
+         * Use `destinations` instead
+         * 
          */
+        @Deprecated /* Use `destinations` instead */
         public Builder selfHostedDomains(String... selfHostedDomains) {
             return selfHostedDomains(List.of(selfHostedDomains));
         }
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/ZeroTrustAccessIdentityProviderScimConfigArgs.java b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/ZeroTrustAccessIdentityProviderScimConfigArgs.java
index 0d226850..9f7875b3 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/ZeroTrustAccessIdentityProviderScimConfigArgs.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/ZeroTrustAccessIdentityProviderScimConfigArgs.java
@@ -16,44 +16,92 @@ public final class ZeroTrustAccessIdentityProviderScimConfigArgs extends com.pul
 
     public static final ZeroTrustAccessIdentityProviderScimConfigArgs Empty = new ZeroTrustAccessIdentityProviderScimConfigArgs();
 
+    /**
+     * A flag to enable or disable SCIM for the identity provider.
+     * 
+     */
     @Import(name="enabled")
     private @Nullable Output enabled;
 
+    /**
+     * @return A flag to enable or disable SCIM for the identity provider.
+     * 
+     */
     public Optional> enabled() {
         return Optional.ofNullable(this.enabled);
     }
 
+    /**
+     * Deprecated. Use `identity_update_behavior`.
+     * 
+     */
     @Import(name="groupMemberDeprovision")
     private @Nullable Output groupMemberDeprovision;
 
+    /**
+     * @return Deprecated. Use `identity_update_behavior`.
+     * 
+     */
     public Optional> groupMemberDeprovision() {
         return Optional.ofNullable(this.groupMemberDeprovision);
     }
 
+    /**
+     * Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+     * 
+     */
     @Import(name="identityUpdateBehavior")
     private @Nullable Output identityUpdateBehavior;
 
+    /**
+     * @return Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+     * 
+     */
     public Optional> identityUpdateBehavior() {
         return Optional.ofNullable(this.identityUpdateBehavior);
     }
 
+    /**
+     * A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+     * 
+     */
     @Import(name="seatDeprovision")
     private @Nullable Output seatDeprovision;
 
+    /**
+     * @return A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+     * 
+     */
     public Optional> seatDeprovision() {
         return Optional.ofNullable(this.seatDeprovision);
     }
 
+    /**
+     * A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+     * 
+     */
     @Import(name="secret")
     private @Nullable Output secret;
 
+    /**
+     * @return A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+     * 
+     */
     public Optional> secret() {
         return Optional.ofNullable(this.secret);
     }
 
+    /**
+     * A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+     * 
+     */
     @Import(name="userDeprovision")
     private @Nullable Output userDeprovision;
 
+    /**
+     * @return A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+     * 
+     */
     public Optional> userDeprovision() {
         return Optional.ofNullable(this.userDeprovision);
     }
@@ -87,56 +135,128 @@ public Builder(ZeroTrustAccessIdentityProviderScimConfigArgs defaults) {
             $ = new ZeroTrustAccessIdentityProviderScimConfigArgs(Objects.requireNonNull(defaults));
         }
 
+        /**
+         * @param enabled A flag to enable or disable SCIM for the identity provider.
+         * 
+         * @return builder
+         * 
+         */
         public Builder enabled(@Nullable Output enabled) {
             $.enabled = enabled;
             return this;
         }
 
+        /**
+         * @param enabled A flag to enable or disable SCIM for the identity provider.
+         * 
+         * @return builder
+         * 
+         */
         public Builder enabled(Boolean enabled) {
             return enabled(Output.of(enabled));
         }
 
+        /**
+         * @param groupMemberDeprovision Deprecated. Use `identity_update_behavior`.
+         * 
+         * @return builder
+         * 
+         */
         public Builder groupMemberDeprovision(@Nullable Output groupMemberDeprovision) {
             $.groupMemberDeprovision = groupMemberDeprovision;
             return this;
         }
 
+        /**
+         * @param groupMemberDeprovision Deprecated. Use `identity_update_behavior`.
+         * 
+         * @return builder
+         * 
+         */
         public Builder groupMemberDeprovision(Boolean groupMemberDeprovision) {
             return groupMemberDeprovision(Output.of(groupMemberDeprovision));
         }
 
+        /**
+         * @param identityUpdateBehavior Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+         * 
+         * @return builder
+         * 
+         */
         public Builder identityUpdateBehavior(@Nullable Output identityUpdateBehavior) {
             $.identityUpdateBehavior = identityUpdateBehavior;
             return this;
         }
 
+        /**
+         * @param identityUpdateBehavior Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+         * 
+         * @return builder
+         * 
+         */
         public Builder identityUpdateBehavior(String identityUpdateBehavior) {
             return identityUpdateBehavior(Output.of(identityUpdateBehavior));
         }
 
+        /**
+         * @param seatDeprovision A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+         * 
+         * @return builder
+         * 
+         */
         public Builder seatDeprovision(@Nullable Output seatDeprovision) {
             $.seatDeprovision = seatDeprovision;
             return this;
         }
 
+        /**
+         * @param seatDeprovision A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+         * 
+         * @return builder
+         * 
+         */
         public Builder seatDeprovision(Boolean seatDeprovision) {
             return seatDeprovision(Output.of(seatDeprovision));
         }
 
+        /**
+         * @param secret A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+         * 
+         * @return builder
+         * 
+         */
         public Builder secret(@Nullable Output secret) {
             $.secret = secret;
             return this;
         }
 
+        /**
+         * @param secret A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+         * 
+         * @return builder
+         * 
+         */
         public Builder secret(String secret) {
             return secret(Output.of(secret));
         }
 
+        /**
+         * @param userDeprovision A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+         * 
+         * @return builder
+         * 
+         */
         public Builder userDeprovision(@Nullable Output userDeprovision) {
             $.userDeprovision = userDeprovision;
             return this;
         }
 
+        /**
+         * @param userDeprovision A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+         * 
+         * @return builder
+         * 
+         */
         public Builder userDeprovision(Boolean userDeprovision) {
             return userDeprovision(Output.of(userDeprovision));
         }
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/ZeroTrustAccessPolicyConnectionRulesSshArgs.java b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/ZeroTrustAccessPolicyConnectionRulesSshArgs.java
index 2eb66ece..b8fca79c 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/ZeroTrustAccessPolicyConnectionRulesSshArgs.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/inputs/ZeroTrustAccessPolicyConnectionRulesSshArgs.java
@@ -6,15 +6,33 @@
 import com.pulumi.core.Output;
 import com.pulumi.core.annotations.Import;
 import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.Boolean;
 import java.lang.String;
 import java.util.List;
 import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
 
 
 public final class ZeroTrustAccessPolicyConnectionRulesSshArgs extends com.pulumi.resources.ResourceArgs {
 
     public static final ZeroTrustAccessPolicyConnectionRulesSshArgs Empty = new ZeroTrustAccessPolicyConnectionRulesSshArgs();
 
+    /**
+     * Allows connecting to Unix username that matches the authenticating email prefix.
+     * 
+     */
+    @Import(name="allowEmailAlias")
+    private @Nullable Output allowEmailAlias;
+
+    /**
+     * @return Allows connecting to Unix username that matches the authenticating email prefix.
+     * 
+     */
+    public Optional> allowEmailAlias() {
+        return Optional.ofNullable(this.allowEmailAlias);
+    }
+
     /**
      * Contains the Unix usernames that may be used when connecting over SSH.
      * 
@@ -33,6 +51,7 @@ public Output> usernames() {
     private ZeroTrustAccessPolicyConnectionRulesSshArgs() {}
 
     private ZeroTrustAccessPolicyConnectionRulesSshArgs(ZeroTrustAccessPolicyConnectionRulesSshArgs $) {
+        this.allowEmailAlias = $.allowEmailAlias;
         this.usernames = $.usernames;
     }
 
@@ -54,6 +73,27 @@ public Builder(ZeroTrustAccessPolicyConnectionRulesSshArgs defaults) {
             $ = new ZeroTrustAccessPolicyConnectionRulesSshArgs(Objects.requireNonNull(defaults));
         }
 
+        /**
+         * @param allowEmailAlias Allows connecting to Unix username that matches the authenticating email prefix.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder allowEmailAlias(@Nullable Output allowEmailAlias) {
+            $.allowEmailAlias = allowEmailAlias;
+            return this;
+        }
+
+        /**
+         * @param allowEmailAlias Allows connecting to Unix username that matches the authenticating email prefix.
+         * 
+         * @return builder
+         * 
+         */
+        public Builder allowEmailAlias(Boolean allowEmailAlias) {
+            return allowEmailAlias(Output.of(allowEmailAlias));
+        }
+
         /**
          * @param usernames Contains the Unix usernames that may be used when connecting over SSH.
          * 
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/AccessApplicationDestination.java b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/AccessApplicationDestination.java
new file mode 100644
index 00000000..a18ce76c
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/AccessApplicationDestination.java
@@ -0,0 +1,81 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare.outputs;
+
+import com.pulumi.core.annotations.CustomType;
+import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.String;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+@CustomType
+public final class AccessApplicationDestination {
+    /**
+     * @return The destination type. Available values: `public`, `private`. Defaults to `public`.
+     * 
+     */
+    private @Nullable String type;
+    /**
+     * @return The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+     * 
+     */
+    private String uri;
+
+    private AccessApplicationDestination() {}
+    /**
+     * @return The destination type. Available values: `public`, `private`. Defaults to `public`.
+     * 
+     */
+    public Optional type() {
+        return Optional.ofNullable(this.type);
+    }
+    /**
+     * @return The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+     * 
+     */
+    public String uri() {
+        return this.uri;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+
+    public static Builder builder(AccessApplicationDestination defaults) {
+        return new Builder(defaults);
+    }
+    @CustomType.Builder
+    public static final class Builder {
+        private @Nullable String type;
+        private String uri;
+        public Builder() {}
+        public Builder(AccessApplicationDestination defaults) {
+    	      Objects.requireNonNull(defaults);
+    	      this.type = defaults.type;
+    	      this.uri = defaults.uri;
+        }
+
+        @CustomType.Setter
+        public Builder type(@Nullable String type) {
+
+            this.type = type;
+            return this;
+        }
+        @CustomType.Setter
+        public Builder uri(String uri) {
+            if (uri == null) {
+              throw new MissingRequiredPropertyException("AccessApplicationDestination", "uri");
+            }
+            this.uri = uri;
+            return this;
+        }
+        public AccessApplicationDestination build() {
+            final var _resultValue = new AccessApplicationDestination();
+            _resultValue.type = type;
+            _resultValue.uri = uri;
+            return _resultValue;
+        }
+    }
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/AccessIdentityProviderScimConfig.java b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/AccessIdentityProviderScimConfig.java
index 8d74e777..4b665d53 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/AccessIdentityProviderScimConfig.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/AccessIdentityProviderScimConfig.java
@@ -12,29 +12,77 @@
 
 @CustomType
 public final class AccessIdentityProviderScimConfig {
+    /**
+     * @return A flag to enable or disable SCIM for the identity provider.
+     * 
+     */
     private @Nullable Boolean enabled;
+    /**
+     * @return Deprecated. Use `identity_update_behavior`.
+     * 
+     */
     private @Nullable Boolean groupMemberDeprovision;
+    /**
+     * @return Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+     * 
+     */
     private @Nullable String identityUpdateBehavior;
+    /**
+     * @return A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+     * 
+     */
     private @Nullable Boolean seatDeprovision;
+    /**
+     * @return A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+     * 
+     */
     private @Nullable String secret;
+    /**
+     * @return A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+     * 
+     */
     private @Nullable Boolean userDeprovision;
 
     private AccessIdentityProviderScimConfig() {}
+    /**
+     * @return A flag to enable or disable SCIM for the identity provider.
+     * 
+     */
     public Optional enabled() {
         return Optional.ofNullable(this.enabled);
     }
+    /**
+     * @return Deprecated. Use `identity_update_behavior`.
+     * 
+     */
     public Optional groupMemberDeprovision() {
         return Optional.ofNullable(this.groupMemberDeprovision);
     }
+    /**
+     * @return Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+     * 
+     */
     public Optional identityUpdateBehavior() {
         return Optional.ofNullable(this.identityUpdateBehavior);
     }
+    /**
+     * @return A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+     * 
+     */
     public Optional seatDeprovision() {
         return Optional.ofNullable(this.seatDeprovision);
     }
+    /**
+     * @return A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+     * 
+     */
     public Optional secret() {
         return Optional.ofNullable(this.secret);
     }
+    /**
+     * @return A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+     * 
+     */
     public Optional userDeprovision() {
         return Optional.ofNullable(this.userDeprovision);
     }
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/AccessPolicyConnectionRulesSsh.java b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/AccessPolicyConnectionRulesSsh.java
index 94384690..00b03c9b 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/AccessPolicyConnectionRulesSsh.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/AccessPolicyConnectionRulesSsh.java
@@ -5,12 +5,20 @@
 
 import com.pulumi.core.annotations.CustomType;
 import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.Boolean;
 import java.lang.String;
 import java.util.List;
 import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
 
 @CustomType
 public final class AccessPolicyConnectionRulesSsh {
+    /**
+     * @return Allows connecting to Unix username that matches the authenticating email prefix.
+     * 
+     */
+    private @Nullable Boolean allowEmailAlias;
     /**
      * @return Contains the Unix usernames that may be used when connecting over SSH.
      * 
@@ -18,6 +26,13 @@ public final class AccessPolicyConnectionRulesSsh {
     private List usernames;
 
     private AccessPolicyConnectionRulesSsh() {}
+    /**
+     * @return Allows connecting to Unix username that matches the authenticating email prefix.
+     * 
+     */
+    public Optional allowEmailAlias() {
+        return Optional.ofNullable(this.allowEmailAlias);
+    }
     /**
      * @return Contains the Unix usernames that may be used when connecting over SSH.
      * 
@@ -35,13 +50,21 @@ public static Builder builder(AccessPolicyConnectionRulesSsh defaults) {
     }
     @CustomType.Builder
     public static final class Builder {
+        private @Nullable Boolean allowEmailAlias;
         private List usernames;
         public Builder() {}
         public Builder(AccessPolicyConnectionRulesSsh defaults) {
     	      Objects.requireNonNull(defaults);
+    	      this.allowEmailAlias = defaults.allowEmailAlias;
     	      this.usernames = defaults.usernames;
         }
 
+        @CustomType.Setter
+        public Builder allowEmailAlias(@Nullable Boolean allowEmailAlias) {
+
+            this.allowEmailAlias = allowEmailAlias;
+            return this;
+        }
         @CustomType.Setter
         public Builder usernames(List usernames) {
             if (usernames == null) {
@@ -55,6 +78,7 @@ public Builder usernames(String... usernames) {
         }
         public AccessPolicyConnectionRulesSsh build() {
             final var _resultValue = new AccessPolicyConnectionRulesSsh();
+            _resultValue.allowEmailAlias = allowEmailAlias;
             _resultValue.usernames = usernames;
             return _resultValue;
         }
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/NotificationPolicyFilters.java b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/NotificationPolicyFilters.java
index 0923f2bc..318f9114 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/NotificationPolicyFilters.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/NotificationPolicyFilters.java
@@ -17,7 +17,7 @@ public final class NotificationPolicyFilters {
      */
     private @Nullable List actions;
     /**
-     * @return Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
+     * @return Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
      * 
      */
     private @Nullable List affectedComponents;
@@ -187,7 +187,7 @@ public List actions() {
         return this.actions == null ? List.of() : this.actions;
     }
     /**
-     * @return Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
+     * @return Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
      * 
      */
     public List affectedComponents() {
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/RulesetRule.java b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/RulesetRule.java
index d1f10e39..f9681e48 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/RulesetRule.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/RulesetRule.java
@@ -52,11 +52,6 @@ public final class RulesetRule {
      * 
      */
     private @Nullable String id;
-    /**
-     * @return The most recent update to this rule.
-     * 
-     */
-    private @Nullable String lastUpdated;
     /**
      * @return List parameters to configure how the rule generates logs. Only valid for skip action.
      * 
@@ -72,11 +67,6 @@ public final class RulesetRule {
      * 
      */
     private @Nullable String ref;
-    /**
-     * @return Version of the ruleset to deploy.
-     * 
-     */
-    private @Nullable String version;
 
     private RulesetRule() {}
     /**
@@ -128,13 +118,6 @@ public String expression() {
     public Optional id() {
         return Optional.ofNullable(this.id);
     }
-    /**
-     * @return The most recent update to this rule.
-     * 
-     */
-    public Optional lastUpdated() {
-        return Optional.ofNullable(this.lastUpdated);
-    }
     /**
      * @return List parameters to configure how the rule generates logs. Only valid for skip action.
      * 
@@ -156,13 +139,6 @@ public Optional ratelimit() {
     public Optional ref() {
         return Optional.ofNullable(this.ref);
     }
-    /**
-     * @return Version of the ruleset to deploy.
-     * 
-     */
-    public Optional version() {
-        return Optional.ofNullable(this.version);
-    }
 
     public static Builder builder() {
         return new Builder();
@@ -180,11 +156,9 @@ public static final class Builder {
         private @Nullable RulesetRuleExposedCredentialCheck exposedCredentialCheck;
         private String expression;
         private @Nullable String id;
-        private @Nullable String lastUpdated;
         private @Nullable RulesetRuleLogging logging;
         private @Nullable RulesetRuleRatelimit ratelimit;
         private @Nullable String ref;
-        private @Nullable String version;
         public Builder() {}
         public Builder(RulesetRule defaults) {
     	      Objects.requireNonNull(defaults);
@@ -195,11 +169,9 @@ public Builder(RulesetRule defaults) {
     	      this.exposedCredentialCheck = defaults.exposedCredentialCheck;
     	      this.expression = defaults.expression;
     	      this.id = defaults.id;
-    	      this.lastUpdated = defaults.lastUpdated;
     	      this.logging = defaults.logging;
     	      this.ratelimit = defaults.ratelimit;
     	      this.ref = defaults.ref;
-    	      this.version = defaults.version;
         }
 
         @CustomType.Setter
@@ -247,12 +219,6 @@ public Builder id(@Nullable String id) {
             return this;
         }
         @CustomType.Setter
-        public Builder lastUpdated(@Nullable String lastUpdated) {
-
-            this.lastUpdated = lastUpdated;
-            return this;
-        }
-        @CustomType.Setter
         public Builder logging(@Nullable RulesetRuleLogging logging) {
 
             this.logging = logging;
@@ -270,12 +236,6 @@ public Builder ref(@Nullable String ref) {
             this.ref = ref;
             return this;
         }
-        @CustomType.Setter
-        public Builder version(@Nullable String version) {
-
-            this.version = version;
-            return this;
-        }
         public RulesetRule build() {
             final var _resultValue = new RulesetRule();
             _resultValue.action = action;
@@ -285,11 +245,9 @@ public RulesetRule build() {
             _resultValue.exposedCredentialCheck = exposedCredentialCheck;
             _resultValue.expression = expression;
             _resultValue.id = id;
-            _resultValue.lastUpdated = lastUpdated;
             _resultValue.logging = logging;
             _resultValue.ratelimit = ratelimit;
             _resultValue.ref = ref;
-            _resultValue.version = version;
             return _resultValue;
         }
     }
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/RulesetRuleActionParameters.java b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/RulesetRuleActionParameters.java
index 2ccba6ca..8cb35cbb 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/RulesetRuleActionParameters.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/RulesetRuleActionParameters.java
@@ -292,11 +292,6 @@ public final class RulesetRuleActionParameters {
      * 
      */
     private @Nullable RulesetRuleActionParametersUri uri;
-    /**
-     * @return Version of the ruleset to deploy.
-     * 
-     */
-    private @Nullable String version;
 
     private RulesetRuleActionParameters() {}
     /**
@@ -666,13 +661,6 @@ public Optional sxg() {
     public Optional uri() {
         return Optional.ofNullable(this.uri);
     }
-    /**
-     * @return Version of the ruleset to deploy.
-     * 
-     */
-    public Optional version() {
-        return Optional.ofNullable(this.version);
-    }
 
     public static Builder builder() {
         return new Builder();
@@ -736,7 +724,6 @@ public static final class Builder {
         private @Nullable Integer statusCode;
         private @Nullable Boolean sxg;
         private @Nullable RulesetRuleActionParametersUri uri;
-        private @Nullable String version;
         public Builder() {}
         public Builder(RulesetRuleActionParameters defaults) {
     	      Objects.requireNonNull(defaults);
@@ -793,7 +780,6 @@ public Builder(RulesetRuleActionParameters defaults) {
     	      this.statusCode = defaults.statusCode;
     	      this.sxg = defaults.sxg;
     	      this.uri = defaults.uri;
-    	      this.version = defaults.version;
         }
 
         @CustomType.Setter
@@ -1147,12 +1133,6 @@ public Builder uri(@Nullable RulesetRuleActionParametersUri uri) {
             this.uri = uri;
             return this;
         }
-        @CustomType.Setter
-        public Builder version(@Nullable String version) {
-
-            this.version = version;
-            return this;
-        }
         public RulesetRuleActionParameters build() {
             final var _resultValue = new RulesetRuleActionParameters();
             _resultValue.additionalCacheablePorts = additionalCacheablePorts;
@@ -1208,7 +1188,6 @@ public RulesetRuleActionParameters build() {
             _resultValue.statusCode = statusCode;
             _resultValue.sxg = sxg;
             _resultValue.uri = uri;
-            _resultValue.version = version;
             return _resultValue;
         }
     }
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/SnippetFile.java b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/SnippetFile.java
new file mode 100644
index 00000000..d9e13098
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/SnippetFile.java
@@ -0,0 +1,81 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare.outputs;
+
+import com.pulumi.core.annotations.CustomType;
+import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.String;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+@CustomType
+public final class SnippetFile {
+    /**
+     * @return Content of the snippet file.
+     * 
+     */
+    private @Nullable String content;
+    /**
+     * @return Name of the snippet file.
+     * 
+     */
+    private String name;
+
+    private SnippetFile() {}
+    /**
+     * @return Content of the snippet file.
+     * 
+     */
+    public Optional content() {
+        return Optional.ofNullable(this.content);
+    }
+    /**
+     * @return Name of the snippet file.
+     * 
+     */
+    public String name() {
+        return this.name;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+
+    public static Builder builder(SnippetFile defaults) {
+        return new Builder(defaults);
+    }
+    @CustomType.Builder
+    public static final class Builder {
+        private @Nullable String content;
+        private String name;
+        public Builder() {}
+        public Builder(SnippetFile defaults) {
+    	      Objects.requireNonNull(defaults);
+    	      this.content = defaults.content;
+    	      this.name = defaults.name;
+        }
+
+        @CustomType.Setter
+        public Builder content(@Nullable String content) {
+
+            this.content = content;
+            return this;
+        }
+        @CustomType.Setter
+        public Builder name(String name) {
+            if (name == null) {
+              throw new MissingRequiredPropertyException("SnippetFile", "name");
+            }
+            this.name = name;
+            return this;
+        }
+        public SnippetFile build() {
+            final var _resultValue = new SnippetFile();
+            _resultValue.content = content;
+            _resultValue.name = name;
+            return _resultValue;
+        }
+    }
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/SnippetRulesRule.java b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/SnippetRulesRule.java
new file mode 100644
index 00000000..80be885c
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/SnippetRulesRule.java
@@ -0,0 +1,126 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare.outputs;
+
+import com.pulumi.core.annotations.CustomType;
+import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.Boolean;
+import java.lang.String;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+@CustomType
+public final class SnippetRulesRule {
+    /**
+     * @return Brief summary of the snippet rule and its intended use.
+     * 
+     */
+    private @Nullable String description;
+    /**
+     * @return Whether the headers rule is active.
+     * 
+     */
+    private @Nullable Boolean enabled;
+    /**
+     * @return Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters.
+     * 
+     */
+    private String expression;
+    /**
+     * @return Name of the snippet invoked by this rule.
+     * 
+     */
+    private String snippetName;
+
+    private SnippetRulesRule() {}
+    /**
+     * @return Brief summary of the snippet rule and its intended use.
+     * 
+     */
+    public Optional description() {
+        return Optional.ofNullable(this.description);
+    }
+    /**
+     * @return Whether the headers rule is active.
+     * 
+     */
+    public Optional enabled() {
+        return Optional.ofNullable(this.enabled);
+    }
+    /**
+     * @return Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters.
+     * 
+     */
+    public String expression() {
+        return this.expression;
+    }
+    /**
+     * @return Name of the snippet invoked by this rule.
+     * 
+     */
+    public String snippetName() {
+        return this.snippetName;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+
+    public static Builder builder(SnippetRulesRule defaults) {
+        return new Builder(defaults);
+    }
+    @CustomType.Builder
+    public static final class Builder {
+        private @Nullable String description;
+        private @Nullable Boolean enabled;
+        private String expression;
+        private String snippetName;
+        public Builder() {}
+        public Builder(SnippetRulesRule defaults) {
+    	      Objects.requireNonNull(defaults);
+    	      this.description = defaults.description;
+    	      this.enabled = defaults.enabled;
+    	      this.expression = defaults.expression;
+    	      this.snippetName = defaults.snippetName;
+        }
+
+        @CustomType.Setter
+        public Builder description(@Nullable String description) {
+
+            this.description = description;
+            return this;
+        }
+        @CustomType.Setter
+        public Builder enabled(@Nullable Boolean enabled) {
+
+            this.enabled = enabled;
+            return this;
+        }
+        @CustomType.Setter
+        public Builder expression(String expression) {
+            if (expression == null) {
+              throw new MissingRequiredPropertyException("SnippetRulesRule", "expression");
+            }
+            this.expression = expression;
+            return this;
+        }
+        @CustomType.Setter
+        public Builder snippetName(String snippetName) {
+            if (snippetName == null) {
+              throw new MissingRequiredPropertyException("SnippetRulesRule", "snippetName");
+            }
+            this.snippetName = snippetName;
+            return this;
+        }
+        public SnippetRulesRule build() {
+            final var _resultValue = new SnippetRulesRule();
+            _resultValue.description = description;
+            _resultValue.enabled = enabled;
+            _resultValue.expression = expression;
+            _resultValue.snippetName = snippetName;
+            return _resultValue;
+        }
+    }
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/ZeroTrustAccessApplicationDestination.java b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/ZeroTrustAccessApplicationDestination.java
new file mode 100644
index 00000000..6538d32c
--- /dev/null
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/ZeroTrustAccessApplicationDestination.java
@@ -0,0 +1,81 @@
+// *** WARNING: this file was generated by pulumi-java-gen. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+package com.pulumi.cloudflare.outputs;
+
+import com.pulumi.core.annotations.CustomType;
+import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.String;
+import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
+
+@CustomType
+public final class ZeroTrustAccessApplicationDestination {
+    /**
+     * @return The destination type. Available values: `public`, `private`. Defaults to `public`.
+     * 
+     */
+    private @Nullable String type;
+    /**
+     * @return The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+     * 
+     */
+    private String uri;
+
+    private ZeroTrustAccessApplicationDestination() {}
+    /**
+     * @return The destination type. Available values: `public`, `private`. Defaults to `public`.
+     * 
+     */
+    public Optional type() {
+        return Optional.ofNullable(this.type);
+    }
+    /**
+     * @return The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+     * 
+     */
+    public String uri() {
+        return this.uri;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+
+    public static Builder builder(ZeroTrustAccessApplicationDestination defaults) {
+        return new Builder(defaults);
+    }
+    @CustomType.Builder
+    public static final class Builder {
+        private @Nullable String type;
+        private String uri;
+        public Builder() {}
+        public Builder(ZeroTrustAccessApplicationDestination defaults) {
+    	      Objects.requireNonNull(defaults);
+    	      this.type = defaults.type;
+    	      this.uri = defaults.uri;
+        }
+
+        @CustomType.Setter
+        public Builder type(@Nullable String type) {
+
+            this.type = type;
+            return this;
+        }
+        @CustomType.Setter
+        public Builder uri(String uri) {
+            if (uri == null) {
+              throw new MissingRequiredPropertyException("ZeroTrustAccessApplicationDestination", "uri");
+            }
+            this.uri = uri;
+            return this;
+        }
+        public ZeroTrustAccessApplicationDestination build() {
+            final var _resultValue = new ZeroTrustAccessApplicationDestination();
+            _resultValue.type = type;
+            _resultValue.uri = uri;
+            return _resultValue;
+        }
+    }
+}
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/ZeroTrustAccessIdentityProviderScimConfig.java b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/ZeroTrustAccessIdentityProviderScimConfig.java
index 16e7faa6..50b1ebec 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/ZeroTrustAccessIdentityProviderScimConfig.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/ZeroTrustAccessIdentityProviderScimConfig.java
@@ -12,29 +12,77 @@
 
 @CustomType
 public final class ZeroTrustAccessIdentityProviderScimConfig {
+    /**
+     * @return A flag to enable or disable SCIM for the identity provider.
+     * 
+     */
     private @Nullable Boolean enabled;
+    /**
+     * @return Deprecated. Use `identity_update_behavior`.
+     * 
+     */
     private @Nullable Boolean groupMemberDeprovision;
+    /**
+     * @return Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+     * 
+     */
     private @Nullable String identityUpdateBehavior;
+    /**
+     * @return A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+     * 
+     */
     private @Nullable Boolean seatDeprovision;
+    /**
+     * @return A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+     * 
+     */
     private @Nullable String secret;
+    /**
+     * @return A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+     * 
+     */
     private @Nullable Boolean userDeprovision;
 
     private ZeroTrustAccessIdentityProviderScimConfig() {}
+    /**
+     * @return A flag to enable or disable SCIM for the identity provider.
+     * 
+     */
     public Optional enabled() {
         return Optional.ofNullable(this.enabled);
     }
+    /**
+     * @return Deprecated. Use `identity_update_behavior`.
+     * 
+     */
     public Optional groupMemberDeprovision() {
         return Optional.ofNullable(this.groupMemberDeprovision);
     }
+    /**
+     * @return Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+     * 
+     */
     public Optional identityUpdateBehavior() {
         return Optional.ofNullable(this.identityUpdateBehavior);
     }
+    /**
+     * @return A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+     * 
+     */
     public Optional seatDeprovision() {
         return Optional.ofNullable(this.seatDeprovision);
     }
+    /**
+     * @return A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+     * 
+     */
     public Optional secret() {
         return Optional.ofNullable(this.secret);
     }
+    /**
+     * @return A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+     * 
+     */
     public Optional userDeprovision() {
         return Optional.ofNullable(this.userDeprovision);
     }
diff --git a/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/ZeroTrustAccessPolicyConnectionRulesSsh.java b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/ZeroTrustAccessPolicyConnectionRulesSsh.java
index adea334d..4367730f 100644
--- a/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/ZeroTrustAccessPolicyConnectionRulesSsh.java
+++ b/sdk/java/src/main/java/com/pulumi/cloudflare/outputs/ZeroTrustAccessPolicyConnectionRulesSsh.java
@@ -5,12 +5,20 @@
 
 import com.pulumi.core.annotations.CustomType;
 import com.pulumi.exceptions.MissingRequiredPropertyException;
+import java.lang.Boolean;
 import java.lang.String;
 import java.util.List;
 import java.util.Objects;
+import java.util.Optional;
+import javax.annotation.Nullable;
 
 @CustomType
 public final class ZeroTrustAccessPolicyConnectionRulesSsh {
+    /**
+     * @return Allows connecting to Unix username that matches the authenticating email prefix.
+     * 
+     */
+    private @Nullable Boolean allowEmailAlias;
     /**
      * @return Contains the Unix usernames that may be used when connecting over SSH.
      * 
@@ -18,6 +26,13 @@ public final class ZeroTrustAccessPolicyConnectionRulesSsh {
     private List usernames;
 
     private ZeroTrustAccessPolicyConnectionRulesSsh() {}
+    /**
+     * @return Allows connecting to Unix username that matches the authenticating email prefix.
+     * 
+     */
+    public Optional allowEmailAlias() {
+        return Optional.ofNullable(this.allowEmailAlias);
+    }
     /**
      * @return Contains the Unix usernames that may be used when connecting over SSH.
      * 
@@ -35,13 +50,21 @@ public static Builder builder(ZeroTrustAccessPolicyConnectionRulesSsh defaults)
     }
     @CustomType.Builder
     public static final class Builder {
+        private @Nullable Boolean allowEmailAlias;
         private List usernames;
         public Builder() {}
         public Builder(ZeroTrustAccessPolicyConnectionRulesSsh defaults) {
     	      Objects.requireNonNull(defaults);
+    	      this.allowEmailAlias = defaults.allowEmailAlias;
     	      this.usernames = defaults.usernames;
         }
 
+        @CustomType.Setter
+        public Builder allowEmailAlias(@Nullable Boolean allowEmailAlias) {
+
+            this.allowEmailAlias = allowEmailAlias;
+            return this;
+        }
         @CustomType.Setter
         public Builder usernames(List usernames) {
             if (usernames == null) {
@@ -55,6 +78,7 @@ public Builder usernames(String... usernames) {
         }
         public ZeroTrustAccessPolicyConnectionRulesSsh build() {
             final var _resultValue = new ZeroTrustAccessPolicyConnectionRulesSsh();
+            _resultValue.allowEmailAlias = allowEmailAlias;
             _resultValue.usernames = usernames;
             return _resultValue;
         }
diff --git a/sdk/nodejs/accessApplication.ts b/sdk/nodejs/accessApplication.ts
index e10446e1..7ff357b4 100644
--- a/sdk/nodejs/accessApplication.ts
+++ b/sdk/nodejs/accessApplication.ts
@@ -103,10 +103,18 @@ export class AccessApplication extends pulumi.CustomResource {
      * The custom pages selected for the application.
      */
     public readonly customPages!: pulumi.Output;
+    /**
+     * A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `selfHostedDomains` to allow for more flexibility in defining different types of destinations. Conflicts with `selfHostedDomains`.
+     */
+    public readonly destinations!: pulumi.Output;
     /**
      * The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
      */
     public readonly domain!: pulumi.Output;
+    /**
+     * The type of the primary domain. Available values: `public`, `private`.
+     */
+    public readonly domainType!: pulumi.Output;
     /**
      * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
      */
@@ -156,7 +164,9 @@ export class AccessApplication extends pulumi.CustomResource {
      */
     public readonly scimConfig!: pulumi.Output;
     /**
-     * List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+     * List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
+     *
+     * @deprecated Use `destinations` instead
      */
     public readonly selfHostedDomains!: pulumi.Output;
     /**
@@ -218,7 +228,9 @@ export class AccessApplication extends pulumi.CustomResource {
             resourceInputs["customDenyUrl"] = state ? state.customDenyUrl : undefined;
             resourceInputs["customNonIdentityDenyUrl"] = state ? state.customNonIdentityDenyUrl : undefined;
             resourceInputs["customPages"] = state ? state.customPages : undefined;
+            resourceInputs["destinations"] = state ? state.destinations : undefined;
             resourceInputs["domain"] = state ? state.domain : undefined;
+            resourceInputs["domainType"] = state ? state.domainType : undefined;
             resourceInputs["enableBindingCookie"] = state ? state.enableBindingCookie : undefined;
             resourceInputs["footerLinks"] = state ? state.footerLinks : undefined;
             resourceInputs["headerBgColor"] = state ? state.headerBgColor : undefined;
@@ -254,7 +266,9 @@ export class AccessApplication extends pulumi.CustomResource {
             resourceInputs["customDenyUrl"] = args ? args.customDenyUrl : undefined;
             resourceInputs["customNonIdentityDenyUrl"] = args ? args.customNonIdentityDenyUrl : undefined;
             resourceInputs["customPages"] = args ? args.customPages : undefined;
+            resourceInputs["destinations"] = args ? args.destinations : undefined;
             resourceInputs["domain"] = args ? args.domain : undefined;
+            resourceInputs["domainType"] = args ? args.domainType : undefined;
             resourceInputs["enableBindingCookie"] = args ? args.enableBindingCookie : undefined;
             resourceInputs["footerLinks"] = args ? args.footerLinks : undefined;
             resourceInputs["headerBgColor"] = args ? args.headerBgColor : undefined;
@@ -339,10 +353,18 @@ export interface AccessApplicationState {
      * The custom pages selected for the application.
      */
     customPages?: pulumi.Input[]>;
+    /**
+     * A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `selfHostedDomains` to allow for more flexibility in defining different types of destinations. Conflicts with `selfHostedDomains`.
+     */
+    destinations?: pulumi.Input[]>;
     /**
      * The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
      */
     domain?: pulumi.Input;
+    /**
+     * The type of the primary domain. Available values: `public`, `private`.
+     */
+    domainType?: pulumi.Input;
     /**
      * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
      */
@@ -392,7 +414,9 @@ export interface AccessApplicationState {
      */
     scimConfig?: pulumi.Input;
     /**
-     * List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+     * List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
+     *
+     * @deprecated Use `destinations` instead
      */
     selfHostedDomains?: pulumi.Input[]>;
     /**
@@ -481,10 +505,18 @@ export interface AccessApplicationArgs {
      * The custom pages selected for the application.
      */
     customPages?: pulumi.Input[]>;
+    /**
+     * A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `selfHostedDomains` to allow for more flexibility in defining different types of destinations. Conflicts with `selfHostedDomains`.
+     */
+    destinations?: pulumi.Input[]>;
     /**
      * The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
      */
     domain?: pulumi.Input;
+    /**
+     * The type of the primary domain. Available values: `public`, `private`.
+     */
+    domainType?: pulumi.Input;
     /**
      * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
      */
@@ -534,7 +566,9 @@ export interface AccessApplicationArgs {
      */
     scimConfig?: pulumi.Input;
     /**
-     * List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+     * List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
+     *
+     * @deprecated Use `destinations` instead
      */
     selfHostedDomains?: pulumi.Input[]>;
     /**
diff --git a/sdk/nodejs/index.ts b/sdk/nodejs/index.ts
index 5a766d9a..98fcb381 100644
--- a/sdk/nodejs/index.ts
+++ b/sdk/nodejs/index.ts
@@ -445,6 +445,16 @@ export type KeylessCertificate = import("./keylessCertificate").KeylessCertifica
 export const KeylessCertificate: typeof import("./keylessCertificate").KeylessCertificate = null as any;
 utilities.lazyLoad(exports, ["KeylessCertificate"], () => require("./keylessCertificate"));
 
+export { LeakedCredentialCheckArgs, LeakedCredentialCheckState } from "./leakedCredentialCheck";
+export type LeakedCredentialCheck = import("./leakedCredentialCheck").LeakedCredentialCheck;
+export const LeakedCredentialCheck: typeof import("./leakedCredentialCheck").LeakedCredentialCheck = null as any;
+utilities.lazyLoad(exports, ["LeakedCredentialCheck"], () => require("./leakedCredentialCheck"));
+
+export { LeakedCredentialCheckRuleArgs, LeakedCredentialCheckRuleState } from "./leakedCredentialCheckRule";
+export type LeakedCredentialCheckRule = import("./leakedCredentialCheckRule").LeakedCredentialCheckRule;
+export const LeakedCredentialCheckRule: typeof import("./leakedCredentialCheckRule").LeakedCredentialCheckRule = null as any;
+utilities.lazyLoad(exports, ["LeakedCredentialCheckRule"], () => require("./leakedCredentialCheckRule"));
+
 export { ListArgs, ListState } from "./list";
 export type List = import("./list").List;
 export const List: typeof import("./list").List = null as any;
@@ -595,6 +605,16 @@ export type Ruleset = import("./ruleset").Ruleset;
 export const Ruleset: typeof import("./ruleset").Ruleset = null as any;
 utilities.lazyLoad(exports, ["Ruleset"], () => require("./ruleset"));
 
+export { SnippetArgs, SnippetState } from "./snippet";
+export type Snippet = import("./snippet").Snippet;
+export const Snippet: typeof import("./snippet").Snippet = null as any;
+utilities.lazyLoad(exports, ["Snippet"], () => require("./snippet"));
+
+export { SnippetRulesArgs, SnippetRulesState } from "./snippetRules";
+export type SnippetRules = import("./snippetRules").SnippetRules;
+export const SnippetRules: typeof import("./snippetRules").SnippetRules = null as any;
+utilities.lazyLoad(exports, ["SnippetRules"], () => require("./snippetRules"));
+
 export { SpectrumApplicationArgs, SpectrumApplicationState } from "./spectrumApplication";
 export type SpectrumApplication = import("./spectrumApplication").SpectrumApplication;
 export const SpectrumApplication: typeof import("./spectrumApplication").SpectrumApplication = null as any;
@@ -1116,6 +1136,10 @@ const _module = {
                 return new IpsecTunnel(name, undefined, { urn })
             case "cloudflare:index/keylessCertificate:KeylessCertificate":
                 return new KeylessCertificate(name, undefined, { urn })
+            case "cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck":
+                return new LeakedCredentialCheck(name, undefined, { urn })
+            case "cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule":
+                return new LeakedCredentialCheckRule(name, undefined, { urn })
             case "cloudflare:index/list:List":
                 return new List(name, undefined, { urn })
             case "cloudflare:index/listItem:ListItem":
@@ -1174,6 +1198,10 @@ const _module = {
                 return new RiskBehavior(name, undefined, { urn })
             case "cloudflare:index/ruleset:Ruleset":
                 return new Ruleset(name, undefined, { urn })
+            case "cloudflare:index/snippet:Snippet":
+                return new Snippet(name, undefined, { urn })
+            case "cloudflare:index/snippetRules:SnippetRules":
+                return new SnippetRules(name, undefined, { urn })
             case "cloudflare:index/spectrumApplication:SpectrumApplication":
                 return new SpectrumApplication(name, undefined, { urn })
             case "cloudflare:index/splitTunnel:SplitTunnel":
@@ -1393,6 +1421,8 @@ pulumi.runtime.registerResourceModule("cloudflare", "index/hyperdriveConfig", _m
 pulumi.runtime.registerResourceModule("cloudflare", "index/infrastructureAccessTarget", _module)
 pulumi.runtime.registerResourceModule("cloudflare", "index/ipsecTunnel", _module)
 pulumi.runtime.registerResourceModule("cloudflare", "index/keylessCertificate", _module)
+pulumi.runtime.registerResourceModule("cloudflare", "index/leakedCredentialCheck", _module)
+pulumi.runtime.registerResourceModule("cloudflare", "index/leakedCredentialCheckRule", _module)
 pulumi.runtime.registerResourceModule("cloudflare", "index/list", _module)
 pulumi.runtime.registerResourceModule("cloudflare", "index/listItem", _module)
 pulumi.runtime.registerResourceModule("cloudflare", "index/loadBalancer", _module)
@@ -1422,6 +1452,8 @@ pulumi.runtime.registerResourceModule("cloudflare", "index/regionalHostname", _m
 pulumi.runtime.registerResourceModule("cloudflare", "index/regionalTieredCache", _module)
 pulumi.runtime.registerResourceModule("cloudflare", "index/riskBehavior", _module)
 pulumi.runtime.registerResourceModule("cloudflare", "index/ruleset", _module)
+pulumi.runtime.registerResourceModule("cloudflare", "index/snippet", _module)
+pulumi.runtime.registerResourceModule("cloudflare", "index/snippetRules", _module)
 pulumi.runtime.registerResourceModule("cloudflare", "index/spectrumApplication", _module)
 pulumi.runtime.registerResourceModule("cloudflare", "index/splitTunnel", _module)
 pulumi.runtime.registerResourceModule("cloudflare", "index/staticRoute", _module)
diff --git a/sdk/nodejs/leakedCredentialCheck.ts b/sdk/nodejs/leakedCredentialCheck.ts
new file mode 100644
index 00000000..99bc842a
--- /dev/null
+++ b/sdk/nodejs/leakedCredentialCheck.ts
@@ -0,0 +1,123 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import * as pulumi from "@pulumi/pulumi";
+import * as utilities from "./utilities";
+
+/**
+ * Provides a Cloudflare Leaked Credential Check resource to be used for managing the status of the Cloudflare Leaked Credential detection within a specific zone.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as cloudflare from "@pulumi/cloudflare";
+ *
+ * // Enable the Leaked Credentials Check detection
+ * const example = new cloudflare.LeakedCredentialCheck("example", {
+ *     zoneId: "399c6f4950c01a5a141b99ff7fbcbd8b",
+ *     enabled: true,
+ * });
+ * ```
+ *
+ * ## Import
+ *
+ * ```sh
+ * $ pulumi import cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck example 
+ * ```
+ */
+export class LeakedCredentialCheck extends pulumi.CustomResource {
+    /**
+     * Get an existing LeakedCredentialCheck resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    public static get(name: string, id: pulumi.Input, state?: LeakedCredentialCheckState, opts?: pulumi.CustomResourceOptions): LeakedCredentialCheck {
+        return new LeakedCredentialCheck(name, state, { ...opts, id: id });
+    }
+
+    /** @internal */
+    public static readonly __pulumiType = 'cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck';
+
+    /**
+     * Returns true if the given object is an instance of LeakedCredentialCheck.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    public static isInstance(obj: any): obj is LeakedCredentialCheck {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === LeakedCredentialCheck.__pulumiType;
+    }
+
+    /**
+     * State of the Leaked Credential Check detection
+     */
+    public readonly enabled!: pulumi.Output;
+    /**
+     * The zone identifier to target for the resource.
+     */
+    public readonly zoneId!: pulumi.Output;
+
+    /**
+     * Create a LeakedCredentialCheck resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: LeakedCredentialCheckArgs, opts?: pulumi.CustomResourceOptions)
+    constructor(name: string, argsOrState?: LeakedCredentialCheckArgs | LeakedCredentialCheckState, opts?: pulumi.CustomResourceOptions) {
+        let resourceInputs: pulumi.Inputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState as LeakedCredentialCheckState | undefined;
+            resourceInputs["enabled"] = state ? state.enabled : undefined;
+            resourceInputs["zoneId"] = state ? state.zoneId : undefined;
+        } else {
+            const args = argsOrState as LeakedCredentialCheckArgs | undefined;
+            if ((!args || args.enabled === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'enabled'");
+            }
+            if ((!args || args.zoneId === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'zoneId'");
+            }
+            resourceInputs["enabled"] = args ? args.enabled : undefined;
+            resourceInputs["zoneId"] = args ? args.zoneId : undefined;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        super(LeakedCredentialCheck.__pulumiType, name, resourceInputs, opts);
+    }
+}
+
+/**
+ * Input properties used for looking up and filtering LeakedCredentialCheck resources.
+ */
+export interface LeakedCredentialCheckState {
+    /**
+     * State of the Leaked Credential Check detection
+     */
+    enabled?: pulumi.Input;
+    /**
+     * The zone identifier to target for the resource.
+     */
+    zoneId?: pulumi.Input;
+}
+
+/**
+ * The set of arguments for constructing a LeakedCredentialCheck resource.
+ */
+export interface LeakedCredentialCheckArgs {
+    /**
+     * State of the Leaked Credential Check detection
+     */
+    enabled: pulumi.Input;
+    /**
+     * The zone identifier to target for the resource.
+     */
+    zoneId: pulumi.Input;
+}
diff --git a/sdk/nodejs/leakedCredentialCheckRule.ts b/sdk/nodejs/leakedCredentialCheckRule.ts
new file mode 100644
index 00000000..773f7934
--- /dev/null
+++ b/sdk/nodejs/leakedCredentialCheckRule.ts
@@ -0,0 +1,146 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import * as pulumi from "@pulumi/pulumi";
+import * as utilities from "./utilities";
+
+/**
+ * Provides a Cloudflare Leaked Credential Check Rule resource for managing user-defined Leaked Credential detection patterns within a specific zone.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as cloudflare from "@pulumi/cloudflare";
+ *
+ * // Enable the Leaked Credentials Check detection before trying
+ * // to add detections.
+ * const example = new cloudflare.LeakedCredentialCheck("example", {
+ *     zoneId: "399c6f4950c01a5a141b99ff7fbcbd8b",
+ *     enabled: true,
+ * });
+ * const exampleLeakedCredentialCheckRule = new cloudflare.LeakedCredentialCheckRule("example", {
+ *     zoneId: example.zoneId,
+ *     username: "lookup_json_string(http.request.body.raw, \"user\")",
+ *     password: "lookup_json_string(http.request.body.raw, \"pass\")",
+ * });
+ * ```
+ *
+ * ## Import
+ *
+ * ```sh
+ * $ pulumi import cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule example /
+ * ```
+ */
+export class LeakedCredentialCheckRule extends pulumi.CustomResource {
+    /**
+     * Get an existing LeakedCredentialCheckRule resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    public static get(name: string, id: pulumi.Input, state?: LeakedCredentialCheckRuleState, opts?: pulumi.CustomResourceOptions): LeakedCredentialCheckRule {
+        return new LeakedCredentialCheckRule(name, state, { ...opts, id: id });
+    }
+
+    /** @internal */
+    public static readonly __pulumiType = 'cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule';
+
+    /**
+     * Returns true if the given object is an instance of LeakedCredentialCheckRule.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    public static isInstance(obj: any): obj is LeakedCredentialCheckRule {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === LeakedCredentialCheckRule.__pulumiType;
+    }
+
+    /**
+     * The ruleset expression to use in matching the password in a request
+     */
+    public readonly password!: pulumi.Output;
+    /**
+     * The ruleset expression to use in matching the username in a request.
+     */
+    public readonly username!: pulumi.Output;
+    /**
+     * The zone identifier to target for the resource.
+     */
+    public readonly zoneId!: pulumi.Output;
+
+    /**
+     * Create a LeakedCredentialCheckRule resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: LeakedCredentialCheckRuleArgs, opts?: pulumi.CustomResourceOptions)
+    constructor(name: string, argsOrState?: LeakedCredentialCheckRuleArgs | LeakedCredentialCheckRuleState, opts?: pulumi.CustomResourceOptions) {
+        let resourceInputs: pulumi.Inputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState as LeakedCredentialCheckRuleState | undefined;
+            resourceInputs["password"] = state ? state.password : undefined;
+            resourceInputs["username"] = state ? state.username : undefined;
+            resourceInputs["zoneId"] = state ? state.zoneId : undefined;
+        } else {
+            const args = argsOrState as LeakedCredentialCheckRuleArgs | undefined;
+            if ((!args || args.password === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'password'");
+            }
+            if ((!args || args.username === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'username'");
+            }
+            if ((!args || args.zoneId === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'zoneId'");
+            }
+            resourceInputs["password"] = args ? args.password : undefined;
+            resourceInputs["username"] = args ? args.username : undefined;
+            resourceInputs["zoneId"] = args ? args.zoneId : undefined;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        super(LeakedCredentialCheckRule.__pulumiType, name, resourceInputs, opts);
+    }
+}
+
+/**
+ * Input properties used for looking up and filtering LeakedCredentialCheckRule resources.
+ */
+export interface LeakedCredentialCheckRuleState {
+    /**
+     * The ruleset expression to use in matching the password in a request
+     */
+    password?: pulumi.Input;
+    /**
+     * The ruleset expression to use in matching the username in a request.
+     */
+    username?: pulumi.Input;
+    /**
+     * The zone identifier to target for the resource.
+     */
+    zoneId?: pulumi.Input;
+}
+
+/**
+ * The set of arguments for constructing a LeakedCredentialCheckRule resource.
+ */
+export interface LeakedCredentialCheckRuleArgs {
+    /**
+     * The ruleset expression to use in matching the password in a request
+     */
+    password: pulumi.Input;
+    /**
+     * The ruleset expression to use in matching the username in a request.
+     */
+    username: pulumi.Input;
+    /**
+     * The zone identifier to target for the resource.
+     */
+    zoneId: pulumi.Input;
+}
diff --git a/sdk/nodejs/snippet.ts b/sdk/nodejs/snippet.ts
new file mode 100644
index 00000000..9b6fb673
--- /dev/null
+++ b/sdk/nodejs/snippet.ts
@@ -0,0 +1,134 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import * as pulumi from "@pulumi/pulumi";
+import * as inputs from "./types/input";
+import * as outputs from "./types/output";
+import * as utilities from "./utilities";
+
+export class Snippet extends pulumi.CustomResource {
+    /**
+     * Get an existing Snippet resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    public static get(name: string, id: pulumi.Input, state?: SnippetState, opts?: pulumi.CustomResourceOptions): Snippet {
+        return new Snippet(name, state, { ...opts, id: id });
+    }
+
+    /** @internal */
+    public static readonly __pulumiType = 'cloudflare:index/snippet:Snippet';
+
+    /**
+     * Returns true if the given object is an instance of Snippet.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    public static isInstance(obj: any): obj is Snippet {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === Snippet.__pulumiType;
+    }
+
+    /**
+     * List of Snippet Files
+     */
+    public readonly files!: pulumi.Output;
+    /**
+     * Main module file name of the snippet.
+     */
+    public readonly mainModule!: pulumi.Output;
+    /**
+     * Name of the snippet.
+     */
+    public readonly name!: pulumi.Output;
+    /**
+     * The zone identifier to target for the resource.
+     */
+    public readonly zoneId!: pulumi.Output;
+
+    /**
+     * Create a Snippet resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: SnippetArgs, opts?: pulumi.CustomResourceOptions)
+    constructor(name: string, argsOrState?: SnippetArgs | SnippetState, opts?: pulumi.CustomResourceOptions) {
+        let resourceInputs: pulumi.Inputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState as SnippetState | undefined;
+            resourceInputs["files"] = state ? state.files : undefined;
+            resourceInputs["mainModule"] = state ? state.mainModule : undefined;
+            resourceInputs["name"] = state ? state.name : undefined;
+            resourceInputs["zoneId"] = state ? state.zoneId : undefined;
+        } else {
+            const args = argsOrState as SnippetArgs | undefined;
+            if ((!args || args.mainModule === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'mainModule'");
+            }
+            if ((!args || args.name === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'name'");
+            }
+            if ((!args || args.zoneId === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'zoneId'");
+            }
+            resourceInputs["files"] = args ? args.files : undefined;
+            resourceInputs["mainModule"] = args ? args.mainModule : undefined;
+            resourceInputs["name"] = args ? args.name : undefined;
+            resourceInputs["zoneId"] = args ? args.zoneId : undefined;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        super(Snippet.__pulumiType, name, resourceInputs, opts);
+    }
+}
+
+/**
+ * Input properties used for looking up and filtering Snippet resources.
+ */
+export interface SnippetState {
+    /**
+     * List of Snippet Files
+     */
+    files?: pulumi.Input[]>;
+    /**
+     * Main module file name of the snippet.
+     */
+    mainModule?: pulumi.Input;
+    /**
+     * Name of the snippet.
+     */
+    name?: pulumi.Input;
+    /**
+     * The zone identifier to target for the resource.
+     */
+    zoneId?: pulumi.Input;
+}
+
+/**
+ * The set of arguments for constructing a Snippet resource.
+ */
+export interface SnippetArgs {
+    /**
+     * List of Snippet Files
+     */
+    files?: pulumi.Input[]>;
+    /**
+     * Main module file name of the snippet.
+     */
+    mainModule: pulumi.Input;
+    /**
+     * Name of the snippet.
+     */
+    name: pulumi.Input;
+    /**
+     * The zone identifier to target for the resource.
+     */
+    zoneId: pulumi.Input;
+}
diff --git a/sdk/nodejs/snippetRules.ts b/sdk/nodejs/snippetRules.ts
new file mode 100644
index 00000000..101cd1a7
--- /dev/null
+++ b/sdk/nodejs/snippetRules.ts
@@ -0,0 +1,100 @@
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import * as pulumi from "@pulumi/pulumi";
+import * as inputs from "./types/input";
+import * as outputs from "./types/output";
+import * as utilities from "./utilities";
+
+export class SnippetRules extends pulumi.CustomResource {
+    /**
+     * Get an existing SnippetRules resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    public static get(name: string, id: pulumi.Input, state?: SnippetRulesState, opts?: pulumi.CustomResourceOptions): SnippetRules {
+        return new SnippetRules(name, state, { ...opts, id: id });
+    }
+
+    /** @internal */
+    public static readonly __pulumiType = 'cloudflare:index/snippetRules:SnippetRules';
+
+    /**
+     * Returns true if the given object is an instance of SnippetRules.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    public static isInstance(obj: any): obj is SnippetRules {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === SnippetRules.__pulumiType;
+    }
+
+    /**
+     * List of Snippet Rules
+     */
+    public readonly rules!: pulumi.Output;
+    /**
+     * The zone identifier to target for the resource.
+     */
+    public readonly zoneId!: pulumi.Output;
+
+    /**
+     * Create a SnippetRules resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: SnippetRulesArgs, opts?: pulumi.CustomResourceOptions)
+    constructor(name: string, argsOrState?: SnippetRulesArgs | SnippetRulesState, opts?: pulumi.CustomResourceOptions) {
+        let resourceInputs: pulumi.Inputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState as SnippetRulesState | undefined;
+            resourceInputs["rules"] = state ? state.rules : undefined;
+            resourceInputs["zoneId"] = state ? state.zoneId : undefined;
+        } else {
+            const args = argsOrState as SnippetRulesArgs | undefined;
+            if ((!args || args.zoneId === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'zoneId'");
+            }
+            resourceInputs["rules"] = args ? args.rules : undefined;
+            resourceInputs["zoneId"] = args ? args.zoneId : undefined;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        super(SnippetRules.__pulumiType, name, resourceInputs, opts);
+    }
+}
+
+/**
+ * Input properties used for looking up and filtering SnippetRules resources.
+ */
+export interface SnippetRulesState {
+    /**
+     * List of Snippet Rules
+     */
+    rules?: pulumi.Input[]>;
+    /**
+     * The zone identifier to target for the resource.
+     */
+    zoneId?: pulumi.Input;
+}
+
+/**
+ * The set of arguments for constructing a SnippetRules resource.
+ */
+export interface SnippetRulesArgs {
+    /**
+     * List of Snippet Rules
+     */
+    rules?: pulumi.Input[]>;
+    /**
+     * The zone identifier to target for the resource.
+     */
+    zoneId: pulumi.Input;
+}
diff --git a/sdk/nodejs/tsconfig.json b/sdk/nodejs/tsconfig.json
index e2725fed..6bc7cd0b 100644
--- a/sdk/nodejs/tsconfig.json
+++ b/sdk/nodejs/tsconfig.json
@@ -104,6 +104,8 @@
         "infrastructureAccessTarget.ts",
         "ipsecTunnel.ts",
         "keylessCertificate.ts",
+        "leakedCredentialCheck.ts",
+        "leakedCredentialCheckRule.ts",
         "list.ts",
         "listItem.ts",
         "loadBalancer.ts",
@@ -134,6 +136,8 @@
         "regionalTieredCache.ts",
         "riskBehavior.ts",
         "ruleset.ts",
+        "snippet.ts",
+        "snippetRules.ts",
         "spectrumApplication.ts",
         "splitTunnel.ts",
         "staticRoute.ts",
diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts
index e62efbc4..6e8de312 100644
--- a/sdk/nodejs/types/input.ts
+++ b/sdk/nodejs/types/input.ts
@@ -40,6 +40,17 @@ export interface AccessApplicationCorsHeader {
     maxAge?: pulumi.Input;
 }
 
+export interface AccessApplicationDestination {
+    /**
+     * The destination type. Available values: `public`, `private`. Defaults to `public`.
+     */
+    type?: pulumi.Input;
+    /**
+     * The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+     */
+    uri: pulumi.Input;
+}
+
 export interface AccessApplicationFooterLink {
     /**
      * The name of the footer link.
@@ -953,11 +964,29 @@ export interface AccessIdentityProviderConfig {
 }
 
 export interface AccessIdentityProviderScimConfig {
+    /**
+     * A flag to enable or disable SCIM for the identity provider.
+     */
     enabled?: pulumi.Input;
+    /**
+     * Deprecated. Use `identityUpdateBehavior`.
+     */
     groupMemberDeprovision?: pulumi.Input;
+    /**
+     * Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "noAction" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+     */
     identityUpdateBehavior?: pulumi.Input;
+    /**
+     * A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless userDeprovision is also enabled.
+     */
     seatDeprovision?: pulumi.Input;
+    /**
+     * A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+     */
     secret?: pulumi.Input;
+    /**
+     * A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+     */
     userDeprovision?: pulumi.Input;
 }
 
@@ -1030,6 +1059,10 @@ export interface AccessPolicyConnectionRules {
 }
 
 export interface AccessPolicyConnectionRulesSsh {
+    /**
+     * Allows connecting to Unix username that matches the authenticating email prefix.
+     */
+    allowEmailAlias?: pulumi.Input;
     /**
      * Contains the Unix usernames that may be used when connecting over SSH.
      */
@@ -3118,7 +3151,7 @@ export interface NotificationPolicyFilters {
      */
     actions?: pulumi.Input[]>;
     /**
-     * Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
+     * Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
      */
     affectedComponents?: pulumi.Input[]>;
     /**
@@ -3981,10 +4014,6 @@ export interface RulesetRule {
      * Unique rule identifier.
      */
     id?: pulumi.Input;
-    /**
-     * The most recent update to this rule.
-     */
-    lastUpdated?: pulumi.Input;
     /**
      * List parameters to configure how the rule generates logs. Only valid for skip action.
      */
@@ -3997,10 +4026,6 @@ export interface RulesetRule {
      * Rule reference.
      */
     ref?: pulumi.Input;
-    /**
-     * Version of the ruleset to deploy.
-     */
-    version?: pulumi.Input;
 }
 
 export interface RulesetRuleActionParameters {
@@ -4213,10 +4238,6 @@ export interface RulesetRuleActionParameters {
      * List of URI properties to configure for the ruleset rule when performing URL rewrite transformations.
      */
     uri?: pulumi.Input;
-    /**
-     * Version of the ruleset to deploy.
-     */
-    version?: pulumi.Input;
 }
 
 export interface RulesetRuleActionParametersAlgorithm {
@@ -4660,6 +4681,36 @@ export interface RulesetRuleRatelimit {
     scoreResponseHeaderName?: pulumi.Input;
 }
 
+export interface SnippetFile {
+    /**
+     * Content of the snippet file.
+     */
+    content?: pulumi.Input;
+    /**
+     * Name of the snippet file.
+     */
+    name: pulumi.Input;
+}
+
+export interface SnippetRulesRule {
+    /**
+     * Brief summary of the snippet rule and its intended use.
+     */
+    description?: pulumi.Input;
+    /**
+     * Whether the headers rule is active.
+     */
+    enabled?: pulumi.Input;
+    /**
+     * Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters.
+     */
+    expression: pulumi.Input;
+    /**
+     * Name of the snippet invoked by this rule.
+     */
+    snippetName: pulumi.Input;
+}
+
 export interface SpectrumApplicationDns {
     /**
      * The name of the DNS record associated with the application.
@@ -5734,6 +5785,17 @@ export interface ZeroTrustAccessApplicationCorsHeader {
     maxAge?: pulumi.Input;
 }
 
+export interface ZeroTrustAccessApplicationDestination {
+    /**
+     * The destination type. Available values: `public`, `private`. Defaults to `public`.
+     */
+    type?: pulumi.Input;
+    /**
+     * The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+     */
+    uri: pulumi.Input;
+}
+
 export interface ZeroTrustAccessApplicationFooterLink {
     /**
      * The name of the footer link.
@@ -6647,11 +6709,29 @@ export interface ZeroTrustAccessIdentityProviderConfig {
 }
 
 export interface ZeroTrustAccessIdentityProviderScimConfig {
+    /**
+     * A flag to enable or disable SCIM for the identity provider.
+     */
     enabled?: pulumi.Input;
+    /**
+     * Deprecated. Use `identityUpdateBehavior`.
+     */
     groupMemberDeprovision?: pulumi.Input;
+    /**
+     * Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "noAction" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+     */
     identityUpdateBehavior?: pulumi.Input;
+    /**
+     * A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless userDeprovision is also enabled.
+     */
     seatDeprovision?: pulumi.Input;
+    /**
+     * A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+     */
     secret?: pulumi.Input;
+    /**
+     * A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+     */
     userDeprovision?: pulumi.Input;
 }
 
@@ -6724,6 +6804,10 @@ export interface ZeroTrustAccessPolicyConnectionRules {
 }
 
 export interface ZeroTrustAccessPolicyConnectionRulesSsh {
+    /**
+     * Allows connecting to Unix username that matches the authenticating email prefix.
+     */
+    allowEmailAlias?: pulumi.Input;
     /**
      * Contains the Unix usernames that may be used when connecting over SSH.
      */
diff --git a/sdk/nodejs/types/output.ts b/sdk/nodejs/types/output.ts
index 065531b1..bde7bc3c 100644
--- a/sdk/nodejs/types/output.ts
+++ b/sdk/nodejs/types/output.ts
@@ -40,6 +40,17 @@ export interface AccessApplicationCorsHeader {
     maxAge?: number;
 }
 
+export interface AccessApplicationDestination {
+    /**
+     * The destination type. Available values: `public`, `private`. Defaults to `public`.
+     */
+    type?: string;
+    /**
+     * The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+     */
+    uri: string;
+}
+
 export interface AccessApplicationFooterLink {
     /**
      * The name of the footer link.
@@ -953,11 +964,29 @@ export interface AccessIdentityProviderConfig {
 }
 
 export interface AccessIdentityProviderScimConfig {
+    /**
+     * A flag to enable or disable SCIM for the identity provider.
+     */
     enabled?: boolean;
+    /**
+     * Deprecated. Use `identityUpdateBehavior`.
+     */
     groupMemberDeprovision?: boolean;
+    /**
+     * Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "noAction" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+     */
     identityUpdateBehavior: string;
+    /**
+     * A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless userDeprovision is also enabled.
+     */
     seatDeprovision?: boolean;
+    /**
+     * A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+     */
     secret: string;
+    /**
+     * A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+     */
     userDeprovision?: boolean;
 }
 
@@ -1030,6 +1059,10 @@ export interface AccessPolicyConnectionRules {
 }
 
 export interface AccessPolicyConnectionRulesSsh {
+    /**
+     * Allows connecting to Unix username that matches the authenticating email prefix.
+     */
+    allowEmailAlias?: boolean;
     /**
      * Contains the Unix usernames that may be used when connecting over SSH.
      */
@@ -4069,7 +4102,7 @@ export interface NotificationPolicyFilters {
      */
     actions?: string[];
     /**
-     * Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
+     * Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
      */
     affectedComponents?: string[];
     /**
@@ -4932,10 +4965,6 @@ export interface RulesetRule {
      * Unique rule identifier.
      */
     id: string;
-    /**
-     * The most recent update to this rule.
-     */
-    lastUpdated: string;
     /**
      * List parameters to configure how the rule generates logs. Only valid for skip action.
      */
@@ -4948,10 +4977,6 @@ export interface RulesetRule {
      * Rule reference.
      */
     ref: string;
-    /**
-     * Version of the ruleset to deploy.
-     */
-    version: string;
 }
 
 export interface RulesetRuleActionParameters {
@@ -5164,10 +5189,6 @@ export interface RulesetRuleActionParameters {
      * List of URI properties to configure for the ruleset rule when performing URL rewrite transformations.
      */
     uri?: outputs.RulesetRuleActionParametersUri;
-    /**
-     * Version of the ruleset to deploy.
-     */
-    version: string;
 }
 
 export interface RulesetRuleActionParametersAlgorithm {
@@ -5611,6 +5632,36 @@ export interface RulesetRuleRatelimit {
     scoreResponseHeaderName?: string;
 }
 
+export interface SnippetFile {
+    /**
+     * Content of the snippet file.
+     */
+    content?: string;
+    /**
+     * Name of the snippet file.
+     */
+    name: string;
+}
+
+export interface SnippetRulesRule {
+    /**
+     * Brief summary of the snippet rule and its intended use.
+     */
+    description?: string;
+    /**
+     * Whether the headers rule is active.
+     */
+    enabled?: boolean;
+    /**
+     * Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters.
+     */
+    expression: string;
+    /**
+     * Name of the snippet invoked by this rule.
+     */
+    snippetName: string;
+}
+
 export interface SpectrumApplicationDns {
     /**
      * The name of the DNS record associated with the application.
@@ -6685,6 +6736,17 @@ export interface ZeroTrustAccessApplicationCorsHeader {
     maxAge?: number;
 }
 
+export interface ZeroTrustAccessApplicationDestination {
+    /**
+     * The destination type. Available values: `public`, `private`. Defaults to `public`.
+     */
+    type?: string;
+    /**
+     * The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+     */
+    uri: string;
+}
+
 export interface ZeroTrustAccessApplicationFooterLink {
     /**
      * The name of the footer link.
@@ -7598,11 +7660,29 @@ export interface ZeroTrustAccessIdentityProviderConfig {
 }
 
 export interface ZeroTrustAccessIdentityProviderScimConfig {
+    /**
+     * A flag to enable or disable SCIM for the identity provider.
+     */
     enabled?: boolean;
+    /**
+     * Deprecated. Use `identityUpdateBehavior`.
+     */
     groupMemberDeprovision?: boolean;
+    /**
+     * Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "noAction" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+     */
     identityUpdateBehavior: string;
+    /**
+     * A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless userDeprovision is also enabled.
+     */
     seatDeprovision?: boolean;
+    /**
+     * A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+     */
     secret: string;
+    /**
+     * A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+     */
     userDeprovision?: boolean;
 }
 
@@ -7675,6 +7755,10 @@ export interface ZeroTrustAccessPolicyConnectionRules {
 }
 
 export interface ZeroTrustAccessPolicyConnectionRulesSsh {
+    /**
+     * Allows connecting to Unix username that matches the authenticating email prefix.
+     */
+    allowEmailAlias?: boolean;
     /**
      * Contains the Unix usernames that may be used when connecting over SSH.
      */
diff --git a/sdk/nodejs/zeroTrustAccessApplication.ts b/sdk/nodejs/zeroTrustAccessApplication.ts
index 2fbfc4d3..d3496648 100644
--- a/sdk/nodejs/zeroTrustAccessApplication.ts
+++ b/sdk/nodejs/zeroTrustAccessApplication.ts
@@ -103,10 +103,18 @@ export class ZeroTrustAccessApplication extends pulumi.CustomResource {
      * The custom pages selected for the application.
      */
     public readonly customPages!: pulumi.Output;
+    /**
+     * A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `selfHostedDomains` to allow for more flexibility in defining different types of destinations. Conflicts with `selfHostedDomains`.
+     */
+    public readonly destinations!: pulumi.Output;
     /**
      * The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
      */
     public readonly domain!: pulumi.Output;
+    /**
+     * The type of the primary domain. Available values: `public`, `private`.
+     */
+    public readonly domainType!: pulumi.Output;
     /**
      * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
      */
@@ -156,7 +164,9 @@ export class ZeroTrustAccessApplication extends pulumi.CustomResource {
      */
     public readonly scimConfig!: pulumi.Output;
     /**
-     * List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+     * List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
+     *
+     * @deprecated Use `destinations` instead
      */
     public readonly selfHostedDomains!: pulumi.Output;
     /**
@@ -218,7 +228,9 @@ export class ZeroTrustAccessApplication extends pulumi.CustomResource {
             resourceInputs["customDenyUrl"] = state ? state.customDenyUrl : undefined;
             resourceInputs["customNonIdentityDenyUrl"] = state ? state.customNonIdentityDenyUrl : undefined;
             resourceInputs["customPages"] = state ? state.customPages : undefined;
+            resourceInputs["destinations"] = state ? state.destinations : undefined;
             resourceInputs["domain"] = state ? state.domain : undefined;
+            resourceInputs["domainType"] = state ? state.domainType : undefined;
             resourceInputs["enableBindingCookie"] = state ? state.enableBindingCookie : undefined;
             resourceInputs["footerLinks"] = state ? state.footerLinks : undefined;
             resourceInputs["headerBgColor"] = state ? state.headerBgColor : undefined;
@@ -254,7 +266,9 @@ export class ZeroTrustAccessApplication extends pulumi.CustomResource {
             resourceInputs["customDenyUrl"] = args ? args.customDenyUrl : undefined;
             resourceInputs["customNonIdentityDenyUrl"] = args ? args.customNonIdentityDenyUrl : undefined;
             resourceInputs["customPages"] = args ? args.customPages : undefined;
+            resourceInputs["destinations"] = args ? args.destinations : undefined;
             resourceInputs["domain"] = args ? args.domain : undefined;
+            resourceInputs["domainType"] = args ? args.domainType : undefined;
             resourceInputs["enableBindingCookie"] = args ? args.enableBindingCookie : undefined;
             resourceInputs["footerLinks"] = args ? args.footerLinks : undefined;
             resourceInputs["headerBgColor"] = args ? args.headerBgColor : undefined;
@@ -339,10 +353,18 @@ export interface ZeroTrustAccessApplicationState {
      * The custom pages selected for the application.
      */
     customPages?: pulumi.Input[]>;
+    /**
+     * A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `selfHostedDomains` to allow for more flexibility in defining different types of destinations. Conflicts with `selfHostedDomains`.
+     */
+    destinations?: pulumi.Input[]>;
     /**
      * The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
      */
     domain?: pulumi.Input;
+    /**
+     * The type of the primary domain. Available values: `public`, `private`.
+     */
+    domainType?: pulumi.Input;
     /**
      * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
      */
@@ -392,7 +414,9 @@ export interface ZeroTrustAccessApplicationState {
      */
     scimConfig?: pulumi.Input;
     /**
-     * List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+     * List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
+     *
+     * @deprecated Use `destinations` instead
      */
     selfHostedDomains?: pulumi.Input[]>;
     /**
@@ -481,10 +505,18 @@ export interface ZeroTrustAccessApplicationArgs {
      * The custom pages selected for the application.
      */
     customPages?: pulumi.Input[]>;
+    /**
+     * A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `selfHostedDomains` to allow for more flexibility in defining different types of destinations. Conflicts with `selfHostedDomains`.
+     */
+    destinations?: pulumi.Input[]>;
     /**
      * The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
      */
     domain?: pulumi.Input;
+    /**
+     * The type of the primary domain. Available values: `public`, `private`.
+     */
+    domainType?: pulumi.Input;
     /**
      * Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
      */
@@ -534,7 +566,9 @@ export interface ZeroTrustAccessApplicationArgs {
      */
     scimConfig?: pulumi.Input;
     /**
-     * List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+     * List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
+     *
+     * @deprecated Use `destinations` instead
      */
     selfHostedDomains?: pulumi.Input[]>;
     /**
diff --git a/sdk/python/pulumi_cloudflare/__init__.py b/sdk/python/pulumi_cloudflare/__init__.py
index 938e8ded..8195fa9d 100644
--- a/sdk/python/pulumi_cloudflare/__init__.py
+++ b/sdk/python/pulumi_cloudflare/__init__.py
@@ -93,6 +93,8 @@
 from .infrastructure_access_target import *
 from .ipsec_tunnel import *
 from .keyless_certificate import *
+from .leaked_credential_check import *
+from .leaked_credential_check_rule import *
 from .list import *
 from .list_item import *
 from .load_balancer import *
@@ -123,6 +125,8 @@
 from .regional_tiered_cache import *
 from .risk_behavior import *
 from .ruleset import *
+from .snippet import *
+from .snippet_rules import *
 from .spectrum_application import *
 from .split_tunnel import *
 from .static_route import *
@@ -663,6 +667,22 @@
    "cloudflare:index/keylessCertificate:KeylessCertificate": "KeylessCertificate"
   }
  },
+ {
+  "pkg": "cloudflare",
+  "mod": "index/leakedCredentialCheck",
+  "fqn": "pulumi_cloudflare",
+  "classes": {
+   "cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck": "LeakedCredentialCheck"
+  }
+ },
+ {
+  "pkg": "cloudflare",
+  "mod": "index/leakedCredentialCheckRule",
+  "fqn": "pulumi_cloudflare",
+  "classes": {
+   "cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule": "LeakedCredentialCheckRule"
+  }
+ },
  {
   "pkg": "cloudflare",
   "mod": "index/list",
@@ -895,6 +915,22 @@
    "cloudflare:index/ruleset:Ruleset": "Ruleset"
   }
  },
+ {
+  "pkg": "cloudflare",
+  "mod": "index/snippet",
+  "fqn": "pulumi_cloudflare",
+  "classes": {
+   "cloudflare:index/snippet:Snippet": "Snippet"
+  }
+ },
+ {
+  "pkg": "cloudflare",
+  "mod": "index/snippetRules",
+  "fqn": "pulumi_cloudflare",
+  "classes": {
+   "cloudflare:index/snippetRules:SnippetRules": "SnippetRules"
+  }
+ },
  {
   "pkg": "cloudflare",
   "mod": "index/spectrumApplication",
diff --git a/sdk/python/pulumi_cloudflare/_inputs.py b/sdk/python/pulumi_cloudflare/_inputs.py
index 6f54121b..e3032e2b 100644
--- a/sdk/python/pulumi_cloudflare/_inputs.py
+++ b/sdk/python/pulumi_cloudflare/_inputs.py
@@ -17,6 +17,8 @@
 __all__ = [
     'AccessApplicationCorsHeaderArgs',
     'AccessApplicationCorsHeaderArgsDict',
+    'AccessApplicationDestinationArgs',
+    'AccessApplicationDestinationArgsDict',
     'AccessApplicationFooterLinkArgs',
     'AccessApplicationFooterLinkArgsDict',
     'AccessApplicationLandingPageDesignArgs',
@@ -429,6 +431,10 @@
     'RulesetRuleLoggingArgsDict',
     'RulesetRuleRatelimitArgs',
     'RulesetRuleRatelimitArgsDict',
+    'SnippetFileArgs',
+    'SnippetFileArgsDict',
+    'SnippetRulesRuleArgs',
+    'SnippetRulesRuleArgsDict',
     'SpectrumApplicationDnsArgs',
     'SpectrumApplicationDnsArgsDict',
     'SpectrumApplicationEdgeIpsArgs',
@@ -569,6 +575,8 @@
     'WorkersScriptWebassemblyBindingArgsDict',
     'ZeroTrustAccessApplicationCorsHeaderArgs',
     'ZeroTrustAccessApplicationCorsHeaderArgsDict',
+    'ZeroTrustAccessApplicationDestinationArgs',
+    'ZeroTrustAccessApplicationDestinationArgsDict',
     'ZeroTrustAccessApplicationFooterLinkArgs',
     'ZeroTrustAccessApplicationFooterLinkArgsDict',
     'ZeroTrustAccessApplicationLandingPageDesignArgs',
@@ -1033,6 +1041,57 @@ def max_age(self, value: Optional[pulumi.Input[int]]):
         pulumi.set(self, "max_age", value)
 
 
+if not MYPY:
+    class AccessApplicationDestinationArgsDict(TypedDict):
+        uri: pulumi.Input[str]
+        """
+        The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+        """
+        type: NotRequired[pulumi.Input[str]]
+        """
+        The destination type. Available values: `public`, `private`. Defaults to `public`.
+        """
+elif False:
+    AccessApplicationDestinationArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class AccessApplicationDestinationArgs:
+    def __init__(__self__, *,
+                 uri: pulumi.Input[str],
+                 type: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] uri: The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+        :param pulumi.Input[str] type: The destination type. Available values: `public`, `private`. Defaults to `public`.
+        """
+        pulumi.set(__self__, "uri", uri)
+        if type is not None:
+            pulumi.set(__self__, "type", type)
+
+    @property
+    @pulumi.getter
+    def uri(self) -> pulumi.Input[str]:
+        """
+        The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+        """
+        return pulumi.get(self, "uri")
+
+    @uri.setter
+    def uri(self, value: pulumi.Input[str]):
+        pulumi.set(self, "uri", value)
+
+    @property
+    @pulumi.getter
+    def type(self) -> Optional[pulumi.Input[str]]:
+        """
+        The destination type. Available values: `public`, `private`. Defaults to `public`.
+        """
+        return pulumi.get(self, "type")
+
+    @type.setter
+    def type(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "type", value)
+
+
 if not MYPY:
     class AccessApplicationFooterLinkArgsDict(TypedDict):
         name: NotRequired[pulumi.Input[str]]
@@ -5702,11 +5761,29 @@ def token_url(self, value: Optional[pulumi.Input[str]]):
 if not MYPY:
     class AccessIdentityProviderScimConfigArgsDict(TypedDict):
         enabled: NotRequired[pulumi.Input[bool]]
+        """
+        A flag to enable or disable SCIM for the identity provider.
+        """
         group_member_deprovision: NotRequired[pulumi.Input[bool]]
+        """
+        Deprecated. Use `identity_update_behavior`.
+        """
         identity_update_behavior: NotRequired[pulumi.Input[str]]
+        """
+        Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+        """
         seat_deprovision: NotRequired[pulumi.Input[bool]]
+        """
+        A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+        """
         secret: NotRequired[pulumi.Input[str]]
+        """
+        A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+        """
         user_deprovision: NotRequired[pulumi.Input[bool]]
+        """
+        A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+        """
 elif False:
     AccessIdentityProviderScimConfigArgsDict: TypeAlias = Mapping[str, Any]
 
@@ -5719,6 +5796,14 @@ def __init__(__self__, *,
                  seat_deprovision: Optional[pulumi.Input[bool]] = None,
                  secret: Optional[pulumi.Input[str]] = None,
                  user_deprovision: Optional[pulumi.Input[bool]] = None):
+        """
+        :param pulumi.Input[bool] enabled: A flag to enable or disable SCIM for the identity provider.
+        :param pulumi.Input[bool] group_member_deprovision: Deprecated. Use `identity_update_behavior`.
+        :param pulumi.Input[str] identity_update_behavior: Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+        :param pulumi.Input[bool] seat_deprovision: A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+        :param pulumi.Input[str] secret: A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+        :param pulumi.Input[bool] user_deprovision: A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+        """
         if enabled is not None:
             pulumi.set(__self__, "enabled", enabled)
         if group_member_deprovision is not None:
@@ -5735,6 +5820,9 @@ def __init__(__self__, *,
     @property
     @pulumi.getter
     def enabled(self) -> Optional[pulumi.Input[bool]]:
+        """
+        A flag to enable or disable SCIM for the identity provider.
+        """
         return pulumi.get(self, "enabled")
 
     @enabled.setter
@@ -5744,6 +5832,9 @@ def enabled(self, value: Optional[pulumi.Input[bool]]):
     @property
     @pulumi.getter(name="groupMemberDeprovision")
     def group_member_deprovision(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Deprecated. Use `identity_update_behavior`.
+        """
         return pulumi.get(self, "group_member_deprovision")
 
     @group_member_deprovision.setter
@@ -5753,6 +5844,9 @@ def group_member_deprovision(self, value: Optional[pulumi.Input[bool]]):
     @property
     @pulumi.getter(name="identityUpdateBehavior")
     def identity_update_behavior(self) -> Optional[pulumi.Input[str]]:
+        """
+        Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+        """
         return pulumi.get(self, "identity_update_behavior")
 
     @identity_update_behavior.setter
@@ -5762,6 +5856,9 @@ def identity_update_behavior(self, value: Optional[pulumi.Input[str]]):
     @property
     @pulumi.getter(name="seatDeprovision")
     def seat_deprovision(self) -> Optional[pulumi.Input[bool]]:
+        """
+        A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+        """
         return pulumi.get(self, "seat_deprovision")
 
     @seat_deprovision.setter
@@ -5771,6 +5868,9 @@ def seat_deprovision(self, value: Optional[pulumi.Input[bool]]):
     @property
     @pulumi.getter
     def secret(self) -> Optional[pulumi.Input[str]]:
+        """
+        A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+        """
         return pulumi.get(self, "secret")
 
     @secret.setter
@@ -5780,6 +5880,9 @@ def secret(self, value: Optional[pulumi.Input[str]]):
     @property
     @pulumi.getter(name="userDeprovision")
     def user_deprovision(self) -> Optional[pulumi.Input[bool]]:
+        """
+        A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+        """
         return pulumi.get(self, "user_deprovision")
 
     @user_deprovision.setter
@@ -6123,17 +6226,25 @@ class AccessPolicyConnectionRulesSshArgsDict(TypedDict):
         """
         Contains the Unix usernames that may be used when connecting over SSH.
         """
+        allow_email_alias: NotRequired[pulumi.Input[bool]]
+        """
+        Allows connecting to Unix username that matches the authenticating email prefix.
+        """
 elif False:
     AccessPolicyConnectionRulesSshArgsDict: TypeAlias = Mapping[str, Any]
 
 @pulumi.input_type
 class AccessPolicyConnectionRulesSshArgs:
     def __init__(__self__, *,
-                 usernames: pulumi.Input[Sequence[pulumi.Input[str]]]):
+                 usernames: pulumi.Input[Sequence[pulumi.Input[str]]],
+                 allow_email_alias: Optional[pulumi.Input[bool]] = None):
         """
         :param pulumi.Input[Sequence[pulumi.Input[str]]] usernames: Contains the Unix usernames that may be used when connecting over SSH.
+        :param pulumi.Input[bool] allow_email_alias: Allows connecting to Unix username that matches the authenticating email prefix.
         """
         pulumi.set(__self__, "usernames", usernames)
+        if allow_email_alias is not None:
+            pulumi.set(__self__, "allow_email_alias", allow_email_alias)
 
     @property
     @pulumi.getter
@@ -6147,6 +6258,18 @@ def usernames(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
     def usernames(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
         pulumi.set(self, "usernames", value)
 
+    @property
+    @pulumi.getter(name="allowEmailAlias")
+    def allow_email_alias(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Allows connecting to Unix username that matches the authenticating email prefix.
+        """
+        return pulumi.get(self, "allow_email_alias")
+
+    @allow_email_alias.setter
+    def allow_email_alias(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "allow_email_alias", value)
+
 
 if not MYPY:
     class AccessPolicyExcludeArgsDict(TypedDict):
@@ -14680,7 +14803,7 @@ class NotificationPolicyFiltersArgsDict(TypedDict):
         """
         affected_components: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
         """
-        Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
+        Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
         """
         airport_codes: NotRequired[pulumi.Input[Sequence[pulumi.Input[str]]]]
         """
@@ -14849,7 +14972,7 @@ def __init__(__self__, *,
                  zones: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None):
         """
         :param pulumi.Input[Sequence[pulumi.Input[str]]] actions: Targeted actions for alert.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] affected_components: Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] affected_components: Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] airport_codes: Filter on Points of Presence.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] alert_trigger_preferences: Alert trigger preferences. Example: `slo`.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] enableds: State of the pool to alert on.
@@ -14967,7 +15090,7 @@ def actions(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
     @pulumi.getter(name="affectedComponents")
     def affected_components(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
+        Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
         """
         return pulumi.get(self, "affected_components")
 
@@ -19035,10 +19158,6 @@ class RulesetRuleArgsDict(TypedDict):
         """
         Unique rule identifier.
         """
-        last_updated: NotRequired[pulumi.Input[str]]
-        """
-        The most recent update to this rule.
-        """
         logging: NotRequired[pulumi.Input['RulesetRuleLoggingArgsDict']]
         """
         List parameters to configure how the rule generates logs. Only valid for skip action.
@@ -19051,10 +19170,6 @@ class RulesetRuleArgsDict(TypedDict):
         """
         Rule reference.
         """
-        version: NotRequired[pulumi.Input[str]]
-        """
-        Version of the ruleset to deploy.
-        """
 elif False:
     RulesetRuleArgsDict: TypeAlias = Mapping[str, Any]
 
@@ -19068,11 +19183,9 @@ def __init__(__self__, *,
                  enabled: Optional[pulumi.Input[bool]] = None,
                  exposed_credential_check: Optional[pulumi.Input['RulesetRuleExposedCredentialCheckArgs']] = None,
                  id: Optional[pulumi.Input[str]] = None,
-                 last_updated: Optional[pulumi.Input[str]] = None,
                  logging: Optional[pulumi.Input['RulesetRuleLoggingArgs']] = None,
                  ratelimit: Optional[pulumi.Input['RulesetRuleRatelimitArgs']] = None,
-                 ref: Optional[pulumi.Input[str]] = None,
-                 version: Optional[pulumi.Input[str]] = None):
+                 ref: Optional[pulumi.Input[str]] = None):
         """
         :param pulumi.Input[str] expression: Criteria for an HTTP request to trigger the ruleset rule action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the [Firewall Rules language](https://developers.cloudflare.com/firewall/cf-firewall-language) documentation for all available fields, operators, and functions.
         :param pulumi.Input[str] action: Action to perform in the ruleset rule. Available values: `block`, `challenge`, `compress_response`, `ddos_dynamic`, `ddos_mitigation`, `execute`, `force_connection_close`, `js_challenge`, `log`, `log_custom_field`, `managed_challenge`, `redirect`, `rewrite`, `route`, `score`, `serve_error`, `set_cache_settings`, `set_config`, `skip`.
@@ -19081,11 +19194,9 @@ def __init__(__self__, *,
         :param pulumi.Input[bool] enabled: Whether the rule is active.
         :param pulumi.Input['RulesetRuleExposedCredentialCheckArgs'] exposed_credential_check: List of parameters that configure exposed credential checks.
         :param pulumi.Input[str] id: Unique rule identifier.
-        :param pulumi.Input[str] last_updated: The most recent update to this rule.
         :param pulumi.Input['RulesetRuleLoggingArgs'] logging: List parameters to configure how the rule generates logs. Only valid for skip action.
         :param pulumi.Input['RulesetRuleRatelimitArgs'] ratelimit: List of parameters that configure HTTP rate limiting behaviour.
         :param pulumi.Input[str] ref: Rule reference.
-        :param pulumi.Input[str] version: Version of the ruleset to deploy.
         """
         pulumi.set(__self__, "expression", expression)
         if action is not None:
@@ -19100,16 +19211,12 @@ def __init__(__self__, *,
             pulumi.set(__self__, "exposed_credential_check", exposed_credential_check)
         if id is not None:
             pulumi.set(__self__, "id", id)
-        if last_updated is not None:
-            pulumi.set(__self__, "last_updated", last_updated)
         if logging is not None:
             pulumi.set(__self__, "logging", logging)
         if ratelimit is not None:
             pulumi.set(__self__, "ratelimit", ratelimit)
         if ref is not None:
             pulumi.set(__self__, "ref", ref)
-        if version is not None:
-            pulumi.set(__self__, "version", version)
 
     @property
     @pulumi.getter
@@ -19195,18 +19302,6 @@ def id(self) -> Optional[pulumi.Input[str]]:
     def id(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "id", value)
 
-    @property
-    @pulumi.getter(name="lastUpdated")
-    def last_updated(self) -> Optional[pulumi.Input[str]]:
-        """
-        The most recent update to this rule.
-        """
-        return pulumi.get(self, "last_updated")
-
-    @last_updated.setter
-    def last_updated(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "last_updated", value)
-
     @property
     @pulumi.getter
     def logging(self) -> Optional[pulumi.Input['RulesetRuleLoggingArgs']]:
@@ -19243,18 +19338,6 @@ def ref(self) -> Optional[pulumi.Input[str]]:
     def ref(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "ref", value)
 
-    @property
-    @pulumi.getter
-    def version(self) -> Optional[pulumi.Input[str]]:
-        """
-        Version of the ruleset to deploy.
-        """
-        return pulumi.get(self, "version")
-
-    @version.setter
-    def version(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "version", value)
-
 
 if not MYPY:
     class RulesetRuleActionParametersArgsDict(TypedDict):
@@ -19467,10 +19550,6 @@ class RulesetRuleActionParametersArgsDict(TypedDict):
         """
         List of URI properties to configure for the ruleset rule when performing URL rewrite transformations.
         """
-        version: NotRequired[pulumi.Input[str]]
-        """
-        Version of the ruleset to deploy.
-        """
 elif False:
     RulesetRuleActionParametersArgsDict: TypeAlias = Mapping[str, Any]
 
@@ -19529,8 +19608,7 @@ def __init__(__self__, *,
                  ssl: Optional[pulumi.Input[str]] = None,
                  status_code: Optional[pulumi.Input[int]] = None,
                  sxg: Optional[pulumi.Input[bool]] = None,
-                 uri: Optional[pulumi.Input['RulesetRuleActionParametersUriArgs']] = None,
-                 version: Optional[pulumi.Input[str]] = None):
+                 uri: Optional[pulumi.Input['RulesetRuleActionParametersUriArgs']] = None):
         """
         :param pulumi.Input[Sequence[pulumi.Input[int]]] additional_cacheable_ports: Specifies uncommon ports to allow cacheable assets to be served from.
         :param pulumi.Input[Sequence[pulumi.Input['RulesetRuleActionParametersAlgorithmArgs']]] algorithms: Compression algorithms to use in order of preference.
@@ -19584,7 +19662,6 @@ def __init__(__self__, *,
         :param pulumi.Input[int] status_code: HTTP status code of the custom error response.
         :param pulumi.Input[bool] sxg: Turn on or off the SXG feature.
         :param pulumi.Input['RulesetRuleActionParametersUriArgs'] uri: List of URI properties to configure for the ruleset rule when performing URL rewrite transformations.
-        :param pulumi.Input[str] version: Version of the ruleset to deploy.
         """
         if additional_cacheable_ports is not None:
             pulumi.set(__self__, "additional_cacheable_ports", additional_cacheable_ports)
@@ -19692,8 +19769,6 @@ def __init__(__self__, *,
             pulumi.set(__self__, "sxg", sxg)
         if uri is not None:
             pulumi.set(__self__, "uri", uri)
-        if version is not None:
-            pulumi.set(__self__, "version", version)
 
     @property
     @pulumi.getter(name="additionalCacheablePorts")
@@ -20328,18 +20403,6 @@ def uri(self) -> Optional[pulumi.Input['RulesetRuleActionParametersUriArgs']]:
     def uri(self, value: Optional[pulumi.Input['RulesetRuleActionParametersUriArgs']]):
         pulumi.set(self, "uri", value)
 
-    @property
-    @pulumi.getter
-    def version(self) -> Optional[pulumi.Input[str]]:
-        """
-        Version of the ruleset to deploy.
-        """
-        return pulumi.get(self, "version")
-
-    @version.setter
-    def version(self, value: Optional[pulumi.Input[str]]):
-        pulumi.set(self, "version", value)
-
 
 if not MYPY:
     class RulesetRuleActionParametersAlgorithmArgsDict(TypedDict):
@@ -22454,6 +22517,147 @@ def score_response_header_name(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "score_response_header_name", value)
 
 
+if not MYPY:
+    class SnippetFileArgsDict(TypedDict):
+        name: pulumi.Input[str]
+        """
+        Name of the snippet file.
+        """
+        content: NotRequired[pulumi.Input[str]]
+        """
+        Content of the snippet file.
+        """
+elif False:
+    SnippetFileArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class SnippetFileArgs:
+    def __init__(__self__, *,
+                 name: pulumi.Input[str],
+                 content: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] name: Name of the snippet file.
+        :param pulumi.Input[str] content: Content of the snippet file.
+        """
+        pulumi.set(__self__, "name", name)
+        if content is not None:
+            pulumi.set(__self__, "content", content)
+
+    @property
+    @pulumi.getter
+    def name(self) -> pulumi.Input[str]:
+        """
+        Name of the snippet file.
+        """
+        return pulumi.get(self, "name")
+
+    @name.setter
+    def name(self, value: pulumi.Input[str]):
+        pulumi.set(self, "name", value)
+
+    @property
+    @pulumi.getter
+    def content(self) -> Optional[pulumi.Input[str]]:
+        """
+        Content of the snippet file.
+        """
+        return pulumi.get(self, "content")
+
+    @content.setter
+    def content(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "content", value)
+
+
+if not MYPY:
+    class SnippetRulesRuleArgsDict(TypedDict):
+        expression: pulumi.Input[str]
+        """
+        Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters.
+        """
+        snippet_name: pulumi.Input[str]
+        """
+        Name of the snippet invoked by this rule.
+        """
+        description: NotRequired[pulumi.Input[str]]
+        """
+        Brief summary of the snippet rule and its intended use.
+        """
+        enabled: NotRequired[pulumi.Input[bool]]
+        """
+        Whether the headers rule is active.
+        """
+elif False:
+    SnippetRulesRuleArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class SnippetRulesRuleArgs:
+    def __init__(__self__, *,
+                 expression: pulumi.Input[str],
+                 snippet_name: pulumi.Input[str],
+                 description: Optional[pulumi.Input[str]] = None,
+                 enabled: Optional[pulumi.Input[bool]] = None):
+        """
+        :param pulumi.Input[str] expression: Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters.
+        :param pulumi.Input[str] snippet_name: Name of the snippet invoked by this rule.
+        :param pulumi.Input[str] description: Brief summary of the snippet rule and its intended use.
+        :param pulumi.Input[bool] enabled: Whether the headers rule is active.
+        """
+        pulumi.set(__self__, "expression", expression)
+        pulumi.set(__self__, "snippet_name", snippet_name)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if enabled is not None:
+            pulumi.set(__self__, "enabled", enabled)
+
+    @property
+    @pulumi.getter
+    def expression(self) -> pulumi.Input[str]:
+        """
+        Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters.
+        """
+        return pulumi.get(self, "expression")
+
+    @expression.setter
+    def expression(self, value: pulumi.Input[str]):
+        pulumi.set(self, "expression", value)
+
+    @property
+    @pulumi.getter(name="snippetName")
+    def snippet_name(self) -> pulumi.Input[str]:
+        """
+        Name of the snippet invoked by this rule.
+        """
+        return pulumi.get(self, "snippet_name")
+
+    @snippet_name.setter
+    def snippet_name(self, value: pulumi.Input[str]):
+        pulumi.set(self, "snippet_name", value)
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[pulumi.Input[str]]:
+        """
+        Brief summary of the snippet rule and its intended use.
+        """
+        return pulumi.get(self, "description")
+
+    @description.setter
+    def description(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "description", value)
+
+    @property
+    @pulumi.getter
+    def enabled(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Whether the headers rule is active.
+        """
+        return pulumi.get(self, "enabled")
+
+    @enabled.setter
+    def enabled(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "enabled", value)
+
+
 if not MYPY:
     class SpectrumApplicationDnsArgsDict(TypedDict):
         name: pulumi.Input[str]
@@ -27583,6 +27787,57 @@ def max_age(self, value: Optional[pulumi.Input[int]]):
         pulumi.set(self, "max_age", value)
 
 
+if not MYPY:
+    class ZeroTrustAccessApplicationDestinationArgsDict(TypedDict):
+        uri: pulumi.Input[str]
+        """
+        The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+        """
+        type: NotRequired[pulumi.Input[str]]
+        """
+        The destination type. Available values: `public`, `private`. Defaults to `public`.
+        """
+elif False:
+    ZeroTrustAccessApplicationDestinationArgsDict: TypeAlias = Mapping[str, Any]
+
+@pulumi.input_type
+class ZeroTrustAccessApplicationDestinationArgs:
+    def __init__(__self__, *,
+                 uri: pulumi.Input[str],
+                 type: Optional[pulumi.Input[str]] = None):
+        """
+        :param pulumi.Input[str] uri: The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+        :param pulumi.Input[str] type: The destination type. Available values: `public`, `private`. Defaults to `public`.
+        """
+        pulumi.set(__self__, "uri", uri)
+        if type is not None:
+            pulumi.set(__self__, "type", type)
+
+    @property
+    @pulumi.getter
+    def uri(self) -> pulumi.Input[str]:
+        """
+        The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+        """
+        return pulumi.get(self, "uri")
+
+    @uri.setter
+    def uri(self, value: pulumi.Input[str]):
+        pulumi.set(self, "uri", value)
+
+    @property
+    @pulumi.getter
+    def type(self) -> Optional[pulumi.Input[str]]:
+        """
+        The destination type. Available values: `public`, `private`. Defaults to `public`.
+        """
+        return pulumi.get(self, "type")
+
+    @type.setter
+    def type(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "type", value)
+
+
 if not MYPY:
     class ZeroTrustAccessApplicationFooterLinkArgsDict(TypedDict):
         name: NotRequired[pulumi.Input[str]]
@@ -32252,11 +32507,29 @@ def token_url(self, value: Optional[pulumi.Input[str]]):
 if not MYPY:
     class ZeroTrustAccessIdentityProviderScimConfigArgsDict(TypedDict):
         enabled: NotRequired[pulumi.Input[bool]]
+        """
+        A flag to enable or disable SCIM for the identity provider.
+        """
         group_member_deprovision: NotRequired[pulumi.Input[bool]]
+        """
+        Deprecated. Use `identity_update_behavior`.
+        """
         identity_update_behavior: NotRequired[pulumi.Input[str]]
+        """
+        Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+        """
         seat_deprovision: NotRequired[pulumi.Input[bool]]
+        """
+        A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+        """
         secret: NotRequired[pulumi.Input[str]]
+        """
+        A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+        """
         user_deprovision: NotRequired[pulumi.Input[bool]]
+        """
+        A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+        """
 elif False:
     ZeroTrustAccessIdentityProviderScimConfigArgsDict: TypeAlias = Mapping[str, Any]
 
@@ -32269,6 +32542,14 @@ def __init__(__self__, *,
                  seat_deprovision: Optional[pulumi.Input[bool]] = None,
                  secret: Optional[pulumi.Input[str]] = None,
                  user_deprovision: Optional[pulumi.Input[bool]] = None):
+        """
+        :param pulumi.Input[bool] enabled: A flag to enable or disable SCIM for the identity provider.
+        :param pulumi.Input[bool] group_member_deprovision: Deprecated. Use `identity_update_behavior`.
+        :param pulumi.Input[str] identity_update_behavior: Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+        :param pulumi.Input[bool] seat_deprovision: A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+        :param pulumi.Input[str] secret: A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+        :param pulumi.Input[bool] user_deprovision: A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+        """
         if enabled is not None:
             pulumi.set(__self__, "enabled", enabled)
         if group_member_deprovision is not None:
@@ -32285,6 +32566,9 @@ def __init__(__self__, *,
     @property
     @pulumi.getter
     def enabled(self) -> Optional[pulumi.Input[bool]]:
+        """
+        A flag to enable or disable SCIM for the identity provider.
+        """
         return pulumi.get(self, "enabled")
 
     @enabled.setter
@@ -32294,6 +32578,9 @@ def enabled(self, value: Optional[pulumi.Input[bool]]):
     @property
     @pulumi.getter(name="groupMemberDeprovision")
     def group_member_deprovision(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Deprecated. Use `identity_update_behavior`.
+        """
         return pulumi.get(self, "group_member_deprovision")
 
     @group_member_deprovision.setter
@@ -32303,6 +32590,9 @@ def group_member_deprovision(self, value: Optional[pulumi.Input[bool]]):
     @property
     @pulumi.getter(name="identityUpdateBehavior")
     def identity_update_behavior(self) -> Optional[pulumi.Input[str]]:
+        """
+        Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+        """
         return pulumi.get(self, "identity_update_behavior")
 
     @identity_update_behavior.setter
@@ -32312,6 +32602,9 @@ def identity_update_behavior(self, value: Optional[pulumi.Input[str]]):
     @property
     @pulumi.getter(name="seatDeprovision")
     def seat_deprovision(self) -> Optional[pulumi.Input[bool]]:
+        """
+        A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+        """
         return pulumi.get(self, "seat_deprovision")
 
     @seat_deprovision.setter
@@ -32321,6 +32614,9 @@ def seat_deprovision(self, value: Optional[pulumi.Input[bool]]):
     @property
     @pulumi.getter
     def secret(self) -> Optional[pulumi.Input[str]]:
+        """
+        A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+        """
         return pulumi.get(self, "secret")
 
     @secret.setter
@@ -32330,6 +32626,9 @@ def secret(self, value: Optional[pulumi.Input[str]]):
     @property
     @pulumi.getter(name="userDeprovision")
     def user_deprovision(self) -> Optional[pulumi.Input[bool]]:
+        """
+        A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+        """
         return pulumi.get(self, "user_deprovision")
 
     @user_deprovision.setter
@@ -32673,17 +32972,25 @@ class ZeroTrustAccessPolicyConnectionRulesSshArgsDict(TypedDict):
         """
         Contains the Unix usernames that may be used when connecting over SSH.
         """
+        allow_email_alias: NotRequired[pulumi.Input[bool]]
+        """
+        Allows connecting to Unix username that matches the authenticating email prefix.
+        """
 elif False:
     ZeroTrustAccessPolicyConnectionRulesSshArgsDict: TypeAlias = Mapping[str, Any]
 
 @pulumi.input_type
 class ZeroTrustAccessPolicyConnectionRulesSshArgs:
     def __init__(__self__, *,
-                 usernames: pulumi.Input[Sequence[pulumi.Input[str]]]):
+                 usernames: pulumi.Input[Sequence[pulumi.Input[str]]],
+                 allow_email_alias: Optional[pulumi.Input[bool]] = None):
         """
         :param pulumi.Input[Sequence[pulumi.Input[str]]] usernames: Contains the Unix usernames that may be used when connecting over SSH.
+        :param pulumi.Input[bool] allow_email_alias: Allows connecting to Unix username that matches the authenticating email prefix.
         """
         pulumi.set(__self__, "usernames", usernames)
+        if allow_email_alias is not None:
+            pulumi.set(__self__, "allow_email_alias", allow_email_alias)
 
     @property
     @pulumi.getter
@@ -32697,6 +33004,18 @@ def usernames(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]:
     def usernames(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]):
         pulumi.set(self, "usernames", value)
 
+    @property
+    @pulumi.getter(name="allowEmailAlias")
+    def allow_email_alias(self) -> Optional[pulumi.Input[bool]]:
+        """
+        Allows connecting to Unix username that matches the authenticating email prefix.
+        """
+        return pulumi.get(self, "allow_email_alias")
+
+    @allow_email_alias.setter
+    def allow_email_alias(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "allow_email_alias", value)
+
 
 if not MYPY:
     class ZeroTrustAccessPolicyExcludeArgsDict(TypedDict):
diff --git a/sdk/python/pulumi_cloudflare/access_application.py b/sdk/python/pulumi_cloudflare/access_application.py
index 2fe895fc..8fe88f17 100644
--- a/sdk/python/pulumi_cloudflare/access_application.py
+++ b/sdk/python/pulumi_cloudflare/access_application.py
@@ -33,7 +33,9 @@ def __init__(__self__, *,
                  custom_deny_url: Optional[pulumi.Input[str]] = None,
                  custom_non_identity_deny_url: Optional[pulumi.Input[str]] = None,
                  custom_pages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 destinations: Optional[pulumi.Input[Sequence[pulumi.Input['AccessApplicationDestinationArgs']]]] = None,
                  domain: Optional[pulumi.Input[str]] = None,
+                 domain_type: Optional[pulumi.Input[str]] = None,
                  enable_binding_cookie: Optional[pulumi.Input[bool]] = None,
                  footer_links: Optional[pulumi.Input[Sequence[pulumi.Input['AccessApplicationFooterLinkArgs']]]] = None,
                  header_bg_color: Optional[pulumi.Input[str]] = None,
@@ -69,7 +71,9 @@ def __init__(__self__, *,
         :param pulumi.Input[str] custom_deny_url: Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
         :param pulumi.Input[str] custom_non_identity_deny_url: Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] custom_pages: The custom pages selected for the application.
+        :param pulumi.Input[Sequence[pulumi.Input['AccessApplicationDestinationArgs']]] destinations: A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
         :param pulumi.Input[str] domain: The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
+        :param pulumi.Input[str] domain_type: The type of the primary domain. Available values: `public`, `private`.
         :param pulumi.Input[bool] enable_binding_cookie: Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
         :param pulumi.Input[Sequence[pulumi.Input['AccessApplicationFooterLinkArgs']]] footer_links: The footer links of the app launcher.
         :param pulumi.Input[str] header_bg_color: The background color of the header bar in the app launcher.
@@ -82,7 +86,7 @@ def __init__(__self__, *,
         :param pulumi.Input['AccessApplicationSaasAppArgs'] saas_app: SaaS configuration for the Access Application.
         :param pulumi.Input[str] same_site_cookie_attribute: Defines the same-site cookie setting for access tokens. Available values: `none`, `lax`, `strict`.
         :param pulumi.Input['AccessApplicationScimConfigArgs'] scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] self_hosted_domains: List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] self_hosted_domains: List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
         :param pulumi.Input[bool] service_auth401_redirect: Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`.
         :param pulumi.Input[str] session_duration: How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`. Defaults to `24h`.
         :param pulumi.Input[bool] skip_app_launcher_login_page: Option to skip the App Launcher landing page. Defaults to `false`.
@@ -116,8 +120,12 @@ def __init__(__self__, *,
             pulumi.set(__self__, "custom_non_identity_deny_url", custom_non_identity_deny_url)
         if custom_pages is not None:
             pulumi.set(__self__, "custom_pages", custom_pages)
+        if destinations is not None:
+            pulumi.set(__self__, "destinations", destinations)
         if domain is not None:
             pulumi.set(__self__, "domain", domain)
+        if domain_type is not None:
+            pulumi.set(__self__, "domain_type", domain_type)
         if enable_binding_cookie is not None:
             pulumi.set(__self__, "enable_binding_cookie", enable_binding_cookie)
         if footer_links is not None:
@@ -142,6 +150,9 @@ def __init__(__self__, *,
             pulumi.set(__self__, "same_site_cookie_attribute", same_site_cookie_attribute)
         if scim_config is not None:
             pulumi.set(__self__, "scim_config", scim_config)
+        if self_hosted_domains is not None:
+            warnings.warn("""Use `destinations` instead""", DeprecationWarning)
+            pulumi.log.warn("""self_hosted_domains is deprecated: Use `destinations` instead""")
         if self_hosted_domains is not None:
             pulumi.set(__self__, "self_hosted_domains", self_hosted_domains)
         if service_auth401_redirect is not None:
@@ -305,6 +316,18 @@ def custom_pages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
     def custom_pages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "custom_pages", value)
 
+    @property
+    @pulumi.getter
+    def destinations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AccessApplicationDestinationArgs']]]]:
+        """
+        A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+        """
+        return pulumi.get(self, "destinations")
+
+    @destinations.setter
+    def destinations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AccessApplicationDestinationArgs']]]]):
+        pulumi.set(self, "destinations", value)
+
     @property
     @pulumi.getter
     def domain(self) -> Optional[pulumi.Input[str]]:
@@ -317,6 +340,18 @@ def domain(self) -> Optional[pulumi.Input[str]]:
     def domain(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "domain", value)
 
+    @property
+    @pulumi.getter(name="domainType")
+    def domain_type(self) -> Optional[pulumi.Input[str]]:
+        """
+        The type of the primary domain. Available values: `public`, `private`.
+        """
+        return pulumi.get(self, "domain_type")
+
+    @domain_type.setter
+    def domain_type(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "domain_type", value)
+
     @property
     @pulumi.getter(name="enableBindingCookie")
     def enable_binding_cookie(self) -> Optional[pulumi.Input[bool]]:
@@ -463,9 +498,10 @@ def scim_config(self, value: Optional[pulumi.Input['AccessApplicationScimConfigA
 
     @property
     @pulumi.getter(name="selfHostedDomains")
+    @_utilities.deprecated("""Use `destinations` instead""")
     def self_hosted_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+        List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
         """
         return pulumi.get(self, "self_hosted_domains")
 
@@ -586,7 +622,9 @@ def __init__(__self__, *,
                  custom_deny_url: Optional[pulumi.Input[str]] = None,
                  custom_non_identity_deny_url: Optional[pulumi.Input[str]] = None,
                  custom_pages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 destinations: Optional[pulumi.Input[Sequence[pulumi.Input['AccessApplicationDestinationArgs']]]] = None,
                  domain: Optional[pulumi.Input[str]] = None,
+                 domain_type: Optional[pulumi.Input[str]] = None,
                  enable_binding_cookie: Optional[pulumi.Input[bool]] = None,
                  footer_links: Optional[pulumi.Input[Sequence[pulumi.Input['AccessApplicationFooterLinkArgs']]]] = None,
                  header_bg_color: Optional[pulumi.Input[str]] = None,
@@ -623,7 +661,9 @@ def __init__(__self__, *,
         :param pulumi.Input[str] custom_deny_url: Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
         :param pulumi.Input[str] custom_non_identity_deny_url: Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] custom_pages: The custom pages selected for the application.
+        :param pulumi.Input[Sequence[pulumi.Input['AccessApplicationDestinationArgs']]] destinations: A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
         :param pulumi.Input[str] domain: The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
+        :param pulumi.Input[str] domain_type: The type of the primary domain. Available values: `public`, `private`.
         :param pulumi.Input[bool] enable_binding_cookie: Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
         :param pulumi.Input[Sequence[pulumi.Input['AccessApplicationFooterLinkArgs']]] footer_links: The footer links of the app launcher.
         :param pulumi.Input[str] header_bg_color: The background color of the header bar in the app launcher.
@@ -636,7 +676,7 @@ def __init__(__self__, *,
         :param pulumi.Input['AccessApplicationSaasAppArgs'] saas_app: SaaS configuration for the Access Application.
         :param pulumi.Input[str] same_site_cookie_attribute: Defines the same-site cookie setting for access tokens. Available values: `none`, `lax`, `strict`.
         :param pulumi.Input['AccessApplicationScimConfigArgs'] scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] self_hosted_domains: List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] self_hosted_domains: List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
         :param pulumi.Input[bool] service_auth401_redirect: Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`.
         :param pulumi.Input[str] session_duration: How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`. Defaults to `24h`.
         :param pulumi.Input[bool] skip_app_launcher_login_page: Option to skip the App Launcher landing page. Defaults to `false`.
@@ -672,8 +712,12 @@ def __init__(__self__, *,
             pulumi.set(__self__, "custom_non_identity_deny_url", custom_non_identity_deny_url)
         if custom_pages is not None:
             pulumi.set(__self__, "custom_pages", custom_pages)
+        if destinations is not None:
+            pulumi.set(__self__, "destinations", destinations)
         if domain is not None:
             pulumi.set(__self__, "domain", domain)
+        if domain_type is not None:
+            pulumi.set(__self__, "domain_type", domain_type)
         if enable_binding_cookie is not None:
             pulumi.set(__self__, "enable_binding_cookie", enable_binding_cookie)
         if footer_links is not None:
@@ -698,6 +742,9 @@ def __init__(__self__, *,
             pulumi.set(__self__, "same_site_cookie_attribute", same_site_cookie_attribute)
         if scim_config is not None:
             pulumi.set(__self__, "scim_config", scim_config)
+        if self_hosted_domains is not None:
+            warnings.warn("""Use `destinations` instead""", DeprecationWarning)
+            pulumi.log.warn("""self_hosted_domains is deprecated: Use `destinations` instead""")
         if self_hosted_domains is not None:
             pulumi.set(__self__, "self_hosted_domains", self_hosted_domains)
         if service_auth401_redirect is not None:
@@ -873,6 +920,18 @@ def custom_pages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
     def custom_pages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "custom_pages", value)
 
+    @property
+    @pulumi.getter
+    def destinations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AccessApplicationDestinationArgs']]]]:
+        """
+        A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+        """
+        return pulumi.get(self, "destinations")
+
+    @destinations.setter
+    def destinations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AccessApplicationDestinationArgs']]]]):
+        pulumi.set(self, "destinations", value)
+
     @property
     @pulumi.getter
     def domain(self) -> Optional[pulumi.Input[str]]:
@@ -885,6 +944,18 @@ def domain(self) -> Optional[pulumi.Input[str]]:
     def domain(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "domain", value)
 
+    @property
+    @pulumi.getter(name="domainType")
+    def domain_type(self) -> Optional[pulumi.Input[str]]:
+        """
+        The type of the primary domain. Available values: `public`, `private`.
+        """
+        return pulumi.get(self, "domain_type")
+
+    @domain_type.setter
+    def domain_type(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "domain_type", value)
+
     @property
     @pulumi.getter(name="enableBindingCookie")
     def enable_binding_cookie(self) -> Optional[pulumi.Input[bool]]:
@@ -1031,9 +1102,10 @@ def scim_config(self, value: Optional[pulumi.Input['AccessApplicationScimConfigA
 
     @property
     @pulumi.getter(name="selfHostedDomains")
+    @_utilities.deprecated("""Use `destinations` instead""")
     def self_hosted_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+        List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
         """
         return pulumi.get(self, "self_hosted_domains")
 
@@ -1155,7 +1227,9 @@ def __init__(__self__,
                  custom_deny_url: Optional[pulumi.Input[str]] = None,
                  custom_non_identity_deny_url: Optional[pulumi.Input[str]] = None,
                  custom_pages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 destinations: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AccessApplicationDestinationArgs', 'AccessApplicationDestinationArgsDict']]]]] = None,
                  domain: Optional[pulumi.Input[str]] = None,
+                 domain_type: Optional[pulumi.Input[str]] = None,
                  enable_binding_cookie: Optional[pulumi.Input[bool]] = None,
                  footer_links: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AccessApplicationFooterLinkArgs', 'AccessApplicationFooterLinkArgsDict']]]]] = None,
                  header_bg_color: Optional[pulumi.Input[str]] = None,
@@ -1209,7 +1283,9 @@ def __init__(__self__,
         :param pulumi.Input[str] custom_deny_url: Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
         :param pulumi.Input[str] custom_non_identity_deny_url: Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] custom_pages: The custom pages selected for the application.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['AccessApplicationDestinationArgs', 'AccessApplicationDestinationArgsDict']]]] destinations: A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
         :param pulumi.Input[str] domain: The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
+        :param pulumi.Input[str] domain_type: The type of the primary domain. Available values: `public`, `private`.
         :param pulumi.Input[bool] enable_binding_cookie: Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
         :param pulumi.Input[Sequence[pulumi.Input[Union['AccessApplicationFooterLinkArgs', 'AccessApplicationFooterLinkArgsDict']]]] footer_links: The footer links of the app launcher.
         :param pulumi.Input[str] header_bg_color: The background color of the header bar in the app launcher.
@@ -1222,7 +1298,7 @@ def __init__(__self__,
         :param pulumi.Input[Union['AccessApplicationSaasAppArgs', 'AccessApplicationSaasAppArgsDict']] saas_app: SaaS configuration for the Access Application.
         :param pulumi.Input[str] same_site_cookie_attribute: Defines the same-site cookie setting for access tokens. Available values: `none`, `lax`, `strict`.
         :param pulumi.Input[Union['AccessApplicationScimConfigArgs', 'AccessApplicationScimConfigArgsDict']] scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] self_hosted_domains: List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] self_hosted_domains: List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
         :param pulumi.Input[bool] service_auth401_redirect: Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`.
         :param pulumi.Input[str] session_duration: How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`. Defaults to `24h`.
         :param pulumi.Input[bool] skip_app_launcher_login_page: Option to skip the App Launcher landing page. Defaults to `false`.
@@ -1282,7 +1358,9 @@ def _internal_init(__self__,
                  custom_deny_url: Optional[pulumi.Input[str]] = None,
                  custom_non_identity_deny_url: Optional[pulumi.Input[str]] = None,
                  custom_pages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 destinations: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AccessApplicationDestinationArgs', 'AccessApplicationDestinationArgsDict']]]]] = None,
                  domain: Optional[pulumi.Input[str]] = None,
+                 domain_type: Optional[pulumi.Input[str]] = None,
                  enable_binding_cookie: Optional[pulumi.Input[bool]] = None,
                  footer_links: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AccessApplicationFooterLinkArgs', 'AccessApplicationFooterLinkArgsDict']]]]] = None,
                  header_bg_color: Optional[pulumi.Input[str]] = None,
@@ -1325,7 +1403,9 @@ def _internal_init(__self__,
             __props__.__dict__["custom_deny_url"] = custom_deny_url
             __props__.__dict__["custom_non_identity_deny_url"] = custom_non_identity_deny_url
             __props__.__dict__["custom_pages"] = custom_pages
+            __props__.__dict__["destinations"] = destinations
             __props__.__dict__["domain"] = domain
+            __props__.__dict__["domain_type"] = domain_type
             __props__.__dict__["enable_binding_cookie"] = enable_binding_cookie
             __props__.__dict__["footer_links"] = footer_links
             __props__.__dict__["header_bg_color"] = header_bg_color
@@ -1371,7 +1451,9 @@ def get(resource_name: str,
             custom_deny_url: Optional[pulumi.Input[str]] = None,
             custom_non_identity_deny_url: Optional[pulumi.Input[str]] = None,
             custom_pages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+            destinations: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AccessApplicationDestinationArgs', 'AccessApplicationDestinationArgsDict']]]]] = None,
             domain: Optional[pulumi.Input[str]] = None,
+            domain_type: Optional[pulumi.Input[str]] = None,
             enable_binding_cookie: Optional[pulumi.Input[bool]] = None,
             footer_links: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AccessApplicationFooterLinkArgs', 'AccessApplicationFooterLinkArgsDict']]]]] = None,
             header_bg_color: Optional[pulumi.Input[str]] = None,
@@ -1413,7 +1495,9 @@ def get(resource_name: str,
         :param pulumi.Input[str] custom_deny_url: Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
         :param pulumi.Input[str] custom_non_identity_deny_url: Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] custom_pages: The custom pages selected for the application.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['AccessApplicationDestinationArgs', 'AccessApplicationDestinationArgsDict']]]] destinations: A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
         :param pulumi.Input[str] domain: The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
+        :param pulumi.Input[str] domain_type: The type of the primary domain. Available values: `public`, `private`.
         :param pulumi.Input[bool] enable_binding_cookie: Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
         :param pulumi.Input[Sequence[pulumi.Input[Union['AccessApplicationFooterLinkArgs', 'AccessApplicationFooterLinkArgsDict']]]] footer_links: The footer links of the app launcher.
         :param pulumi.Input[str] header_bg_color: The background color of the header bar in the app launcher.
@@ -1426,7 +1510,7 @@ def get(resource_name: str,
         :param pulumi.Input[Union['AccessApplicationSaasAppArgs', 'AccessApplicationSaasAppArgsDict']] saas_app: SaaS configuration for the Access Application.
         :param pulumi.Input[str] same_site_cookie_attribute: Defines the same-site cookie setting for access tokens. Available values: `none`, `lax`, `strict`.
         :param pulumi.Input[Union['AccessApplicationScimConfigArgs', 'AccessApplicationScimConfigArgsDict']] scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] self_hosted_domains: List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] self_hosted_domains: List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
         :param pulumi.Input[bool] service_auth401_redirect: Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`.
         :param pulumi.Input[str] session_duration: How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`. Defaults to `24h`.
         :param pulumi.Input[bool] skip_app_launcher_login_page: Option to skip the App Launcher landing page. Defaults to `false`.
@@ -1453,7 +1537,9 @@ def get(resource_name: str,
         __props__.__dict__["custom_deny_url"] = custom_deny_url
         __props__.__dict__["custom_non_identity_deny_url"] = custom_non_identity_deny_url
         __props__.__dict__["custom_pages"] = custom_pages
+        __props__.__dict__["destinations"] = destinations
         __props__.__dict__["domain"] = domain
+        __props__.__dict__["domain_type"] = domain_type
         __props__.__dict__["enable_binding_cookie"] = enable_binding_cookie
         __props__.__dict__["footer_links"] = footer_links
         __props__.__dict__["header_bg_color"] = header_bg_color
@@ -1581,6 +1667,14 @@ def custom_pages(self) -> pulumi.Output[Optional[Sequence[str]]]:
         """
         return pulumi.get(self, "custom_pages")
 
+    @property
+    @pulumi.getter
+    def destinations(self) -> pulumi.Output[Optional[Sequence['outputs.AccessApplicationDestination']]]:
+        """
+        A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+        """
+        return pulumi.get(self, "destinations")
+
     @property
     @pulumi.getter
     def domain(self) -> pulumi.Output[str]:
@@ -1589,6 +1683,14 @@ def domain(self) -> pulumi.Output[str]:
         """
         return pulumi.get(self, "domain")
 
+    @property
+    @pulumi.getter(name="domainType")
+    def domain_type(self) -> pulumi.Output[str]:
+        """
+        The type of the primary domain. Available values: `public`, `private`.
+        """
+        return pulumi.get(self, "domain_type")
+
     @property
     @pulumi.getter(name="enableBindingCookie")
     def enable_binding_cookie(self) -> pulumi.Output[Optional[bool]]:
@@ -1687,9 +1789,10 @@ def scim_config(self) -> pulumi.Output[Optional['outputs.AccessApplicationScimCo
 
     @property
     @pulumi.getter(name="selfHostedDomains")
+    @_utilities.deprecated("""Use `destinations` instead""")
     def self_hosted_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
         """
-        List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+        List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
         """
         return pulumi.get(self, "self_hosted_domains")
 
diff --git a/sdk/python/pulumi_cloudflare/leaked_credential_check.py b/sdk/python/pulumi_cloudflare/leaked_credential_check.py
new file mode 100644
index 00000000..d3678562
--- /dev/null
+++ b/sdk/python/pulumi_cloudflare/leaked_credential_check.py
@@ -0,0 +1,235 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from . import _utilities
+
+__all__ = ['LeakedCredentialCheckArgs', 'LeakedCredentialCheck']
+
+@pulumi.input_type
+class LeakedCredentialCheckArgs:
+    def __init__(__self__, *,
+                 enabled: pulumi.Input[bool],
+                 zone_id: pulumi.Input[str]):
+        """
+        The set of arguments for constructing a LeakedCredentialCheck resource.
+        :param pulumi.Input[bool] enabled: State of the Leaked Credential Check detection
+        :param pulumi.Input[str] zone_id: The zone identifier to target for the resource.
+        """
+        pulumi.set(__self__, "enabled", enabled)
+        pulumi.set(__self__, "zone_id", zone_id)
+
+    @property
+    @pulumi.getter
+    def enabled(self) -> pulumi.Input[bool]:
+        """
+        State of the Leaked Credential Check detection
+        """
+        return pulumi.get(self, "enabled")
+
+    @enabled.setter
+    def enabled(self, value: pulumi.Input[bool]):
+        pulumi.set(self, "enabled", value)
+
+    @property
+    @pulumi.getter(name="zoneId")
+    def zone_id(self) -> pulumi.Input[str]:
+        """
+        The zone identifier to target for the resource.
+        """
+        return pulumi.get(self, "zone_id")
+
+    @zone_id.setter
+    def zone_id(self, value: pulumi.Input[str]):
+        pulumi.set(self, "zone_id", value)
+
+
+@pulumi.input_type
+class _LeakedCredentialCheckState:
+    def __init__(__self__, *,
+                 enabled: Optional[pulumi.Input[bool]] = None,
+                 zone_id: Optional[pulumi.Input[str]] = None):
+        """
+        Input properties used for looking up and filtering LeakedCredentialCheck resources.
+        :param pulumi.Input[bool] enabled: State of the Leaked Credential Check detection
+        :param pulumi.Input[str] zone_id: The zone identifier to target for the resource.
+        """
+        if enabled is not None:
+            pulumi.set(__self__, "enabled", enabled)
+        if zone_id is not None:
+            pulumi.set(__self__, "zone_id", zone_id)
+
+    @property
+    @pulumi.getter
+    def enabled(self) -> Optional[pulumi.Input[bool]]:
+        """
+        State of the Leaked Credential Check detection
+        """
+        return pulumi.get(self, "enabled")
+
+    @enabled.setter
+    def enabled(self, value: Optional[pulumi.Input[bool]]):
+        pulumi.set(self, "enabled", value)
+
+    @property
+    @pulumi.getter(name="zoneId")
+    def zone_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        The zone identifier to target for the resource.
+        """
+        return pulumi.get(self, "zone_id")
+
+    @zone_id.setter
+    def zone_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "zone_id", value)
+
+
+class LeakedCredentialCheck(pulumi.CustomResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 enabled: Optional[pulumi.Input[bool]] = None,
+                 zone_id: Optional[pulumi.Input[str]] = None,
+                 __props__=None):
+        """
+        Provides a Cloudflare Leaked Credential Check resource to be used for managing the status of the Cloudflare Leaked Credential detection within a specific zone.
+
+        ## Example Usage
+
+        ```python
+        import pulumi
+        import pulumi_cloudflare as cloudflare
+
+        # Enable the Leaked Credentials Check detection
+        example = cloudflare.LeakedCredentialCheck("example",
+            zone_id="399c6f4950c01a5a141b99ff7fbcbd8b",
+            enabled=True)
+        ```
+
+        ## Import
+
+        ```sh
+        $ pulumi import cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck example 
+        ```
+
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[bool] enabled: State of the Leaked Credential Check detection
+        :param pulumi.Input[str] zone_id: The zone identifier to target for the resource.
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: LeakedCredentialCheckArgs,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        Provides a Cloudflare Leaked Credential Check resource to be used for managing the status of the Cloudflare Leaked Credential detection within a specific zone.
+
+        ## Example Usage
+
+        ```python
+        import pulumi
+        import pulumi_cloudflare as cloudflare
+
+        # Enable the Leaked Credentials Check detection
+        example = cloudflare.LeakedCredentialCheck("example",
+            zone_id="399c6f4950c01a5a141b99ff7fbcbd8b",
+            enabled=True)
+        ```
+
+        ## Import
+
+        ```sh
+        $ pulumi import cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck example 
+        ```
+
+        :param str resource_name: The name of the resource.
+        :param LeakedCredentialCheckArgs args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(LeakedCredentialCheckArgs, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 enabled: Optional[pulumi.Input[bool]] = None,
+                 zone_id: Optional[pulumi.Input[str]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is None:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = LeakedCredentialCheckArgs.__new__(LeakedCredentialCheckArgs)
+
+            if enabled is None and not opts.urn:
+                raise TypeError("Missing required property 'enabled'")
+            __props__.__dict__["enabled"] = enabled
+            if zone_id is None and not opts.urn:
+                raise TypeError("Missing required property 'zone_id'")
+            __props__.__dict__["zone_id"] = zone_id
+        super(LeakedCredentialCheck, __self__).__init__(
+            'cloudflare:index/leakedCredentialCheck:LeakedCredentialCheck',
+            resource_name,
+            __props__,
+            opts)
+
+    @staticmethod
+    def get(resource_name: str,
+            id: pulumi.Input[str],
+            opts: Optional[pulumi.ResourceOptions] = None,
+            enabled: Optional[pulumi.Input[bool]] = None,
+            zone_id: Optional[pulumi.Input[str]] = None) -> 'LeakedCredentialCheck':
+        """
+        Get an existing LeakedCredentialCheck resource's state with the given name, id, and optional extra
+        properties used to qualify the lookup.
+
+        :param str resource_name: The unique name of the resulting resource.
+        :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[bool] enabled: State of the Leaked Credential Check detection
+        :param pulumi.Input[str] zone_id: The zone identifier to target for the resource.
+        """
+        opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
+
+        __props__ = _LeakedCredentialCheckState.__new__(_LeakedCredentialCheckState)
+
+        __props__.__dict__["enabled"] = enabled
+        __props__.__dict__["zone_id"] = zone_id
+        return LeakedCredentialCheck(resource_name, opts=opts, __props__=__props__)
+
+    @property
+    @pulumi.getter
+    def enabled(self) -> pulumi.Output[bool]:
+        """
+        State of the Leaked Credential Check detection
+        """
+        return pulumi.get(self, "enabled")
+
+    @property
+    @pulumi.getter(name="zoneId")
+    def zone_id(self) -> pulumi.Output[str]:
+        """
+        The zone identifier to target for the resource.
+        """
+        return pulumi.get(self, "zone_id")
+
diff --git a/sdk/python/pulumi_cloudflare/leaked_credential_check_rule.py b/sdk/python/pulumi_cloudflare/leaked_credential_check_rule.py
new file mode 100644
index 00000000..93ebb160
--- /dev/null
+++ b/sdk/python/pulumi_cloudflare/leaked_credential_check_rule.py
@@ -0,0 +1,293 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from . import _utilities
+
+__all__ = ['LeakedCredentialCheckRuleArgs', 'LeakedCredentialCheckRule']
+
+@pulumi.input_type
+class LeakedCredentialCheckRuleArgs:
+    def __init__(__self__, *,
+                 password: pulumi.Input[str],
+                 username: pulumi.Input[str],
+                 zone_id: pulumi.Input[str]):
+        """
+        The set of arguments for constructing a LeakedCredentialCheckRule resource.
+        :param pulumi.Input[str] password: The ruleset expression to use in matching the password in a request
+        :param pulumi.Input[str] username: The ruleset expression to use in matching the username in a request.
+        :param pulumi.Input[str] zone_id: The zone identifier to target for the resource.
+        """
+        pulumi.set(__self__, "password", password)
+        pulumi.set(__self__, "username", username)
+        pulumi.set(__self__, "zone_id", zone_id)
+
+    @property
+    @pulumi.getter
+    def password(self) -> pulumi.Input[str]:
+        """
+        The ruleset expression to use in matching the password in a request
+        """
+        return pulumi.get(self, "password")
+
+    @password.setter
+    def password(self, value: pulumi.Input[str]):
+        pulumi.set(self, "password", value)
+
+    @property
+    @pulumi.getter
+    def username(self) -> pulumi.Input[str]:
+        """
+        The ruleset expression to use in matching the username in a request.
+        """
+        return pulumi.get(self, "username")
+
+    @username.setter
+    def username(self, value: pulumi.Input[str]):
+        pulumi.set(self, "username", value)
+
+    @property
+    @pulumi.getter(name="zoneId")
+    def zone_id(self) -> pulumi.Input[str]:
+        """
+        The zone identifier to target for the resource.
+        """
+        return pulumi.get(self, "zone_id")
+
+    @zone_id.setter
+    def zone_id(self, value: pulumi.Input[str]):
+        pulumi.set(self, "zone_id", value)
+
+
+@pulumi.input_type
+class _LeakedCredentialCheckRuleState:
+    def __init__(__self__, *,
+                 password: Optional[pulumi.Input[str]] = None,
+                 username: Optional[pulumi.Input[str]] = None,
+                 zone_id: Optional[pulumi.Input[str]] = None):
+        """
+        Input properties used for looking up and filtering LeakedCredentialCheckRule resources.
+        :param pulumi.Input[str] password: The ruleset expression to use in matching the password in a request
+        :param pulumi.Input[str] username: The ruleset expression to use in matching the username in a request.
+        :param pulumi.Input[str] zone_id: The zone identifier to target for the resource.
+        """
+        if password is not None:
+            pulumi.set(__self__, "password", password)
+        if username is not None:
+            pulumi.set(__self__, "username", username)
+        if zone_id is not None:
+            pulumi.set(__self__, "zone_id", zone_id)
+
+    @property
+    @pulumi.getter
+    def password(self) -> Optional[pulumi.Input[str]]:
+        """
+        The ruleset expression to use in matching the password in a request
+        """
+        return pulumi.get(self, "password")
+
+    @password.setter
+    def password(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "password", value)
+
+    @property
+    @pulumi.getter
+    def username(self) -> Optional[pulumi.Input[str]]:
+        """
+        The ruleset expression to use in matching the username in a request.
+        """
+        return pulumi.get(self, "username")
+
+    @username.setter
+    def username(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "username", value)
+
+    @property
+    @pulumi.getter(name="zoneId")
+    def zone_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        The zone identifier to target for the resource.
+        """
+        return pulumi.get(self, "zone_id")
+
+    @zone_id.setter
+    def zone_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "zone_id", value)
+
+
+class LeakedCredentialCheckRule(pulumi.CustomResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 password: Optional[pulumi.Input[str]] = None,
+                 username: Optional[pulumi.Input[str]] = None,
+                 zone_id: Optional[pulumi.Input[str]] = None,
+                 __props__=None):
+        """
+        Provides a Cloudflare Leaked Credential Check Rule resource for managing user-defined Leaked Credential detection patterns within a specific zone.
+
+        ## Example Usage
+
+        ```python
+        import pulumi
+        import pulumi_cloudflare as cloudflare
+
+        # Enable the Leaked Credentials Check detection before trying
+        # to add detections.
+        example = cloudflare.LeakedCredentialCheck("example",
+            zone_id="399c6f4950c01a5a141b99ff7fbcbd8b",
+            enabled=True)
+        example_leaked_credential_check_rule = cloudflare.LeakedCredentialCheckRule("example",
+            zone_id=example.zone_id,
+            username="lookup_json_string(http.request.body.raw, \\"user\\")",
+            password="lookup_json_string(http.request.body.raw, \\"pass\\")")
+        ```
+
+        ## Import
+
+        ```sh
+        $ pulumi import cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule example /
+        ```
+
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[str] password: The ruleset expression to use in matching the password in a request
+        :param pulumi.Input[str] username: The ruleset expression to use in matching the username in a request.
+        :param pulumi.Input[str] zone_id: The zone identifier to target for the resource.
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: LeakedCredentialCheckRuleArgs,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        Provides a Cloudflare Leaked Credential Check Rule resource for managing user-defined Leaked Credential detection patterns within a specific zone.
+
+        ## Example Usage
+
+        ```python
+        import pulumi
+        import pulumi_cloudflare as cloudflare
+
+        # Enable the Leaked Credentials Check detection before trying
+        # to add detections.
+        example = cloudflare.LeakedCredentialCheck("example",
+            zone_id="399c6f4950c01a5a141b99ff7fbcbd8b",
+            enabled=True)
+        example_leaked_credential_check_rule = cloudflare.LeakedCredentialCheckRule("example",
+            zone_id=example.zone_id,
+            username="lookup_json_string(http.request.body.raw, \\"user\\")",
+            password="lookup_json_string(http.request.body.raw, \\"pass\\")")
+        ```
+
+        ## Import
+
+        ```sh
+        $ pulumi import cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule example /
+        ```
+
+        :param str resource_name: The name of the resource.
+        :param LeakedCredentialCheckRuleArgs args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(LeakedCredentialCheckRuleArgs, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 password: Optional[pulumi.Input[str]] = None,
+                 username: Optional[pulumi.Input[str]] = None,
+                 zone_id: Optional[pulumi.Input[str]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is None:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = LeakedCredentialCheckRuleArgs.__new__(LeakedCredentialCheckRuleArgs)
+
+            if password is None and not opts.urn:
+                raise TypeError("Missing required property 'password'")
+            __props__.__dict__["password"] = password
+            if username is None and not opts.urn:
+                raise TypeError("Missing required property 'username'")
+            __props__.__dict__["username"] = username
+            if zone_id is None and not opts.urn:
+                raise TypeError("Missing required property 'zone_id'")
+            __props__.__dict__["zone_id"] = zone_id
+        super(LeakedCredentialCheckRule, __self__).__init__(
+            'cloudflare:index/leakedCredentialCheckRule:LeakedCredentialCheckRule',
+            resource_name,
+            __props__,
+            opts)
+
+    @staticmethod
+    def get(resource_name: str,
+            id: pulumi.Input[str],
+            opts: Optional[pulumi.ResourceOptions] = None,
+            password: Optional[pulumi.Input[str]] = None,
+            username: Optional[pulumi.Input[str]] = None,
+            zone_id: Optional[pulumi.Input[str]] = None) -> 'LeakedCredentialCheckRule':
+        """
+        Get an existing LeakedCredentialCheckRule resource's state with the given name, id, and optional extra
+        properties used to qualify the lookup.
+
+        :param str resource_name: The unique name of the resulting resource.
+        :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[str] password: The ruleset expression to use in matching the password in a request
+        :param pulumi.Input[str] username: The ruleset expression to use in matching the username in a request.
+        :param pulumi.Input[str] zone_id: The zone identifier to target for the resource.
+        """
+        opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
+
+        __props__ = _LeakedCredentialCheckRuleState.__new__(_LeakedCredentialCheckRuleState)
+
+        __props__.__dict__["password"] = password
+        __props__.__dict__["username"] = username
+        __props__.__dict__["zone_id"] = zone_id
+        return LeakedCredentialCheckRule(resource_name, opts=opts, __props__=__props__)
+
+    @property
+    @pulumi.getter
+    def password(self) -> pulumi.Output[str]:
+        """
+        The ruleset expression to use in matching the password in a request
+        """
+        return pulumi.get(self, "password")
+
+    @property
+    @pulumi.getter
+    def username(self) -> pulumi.Output[str]:
+        """
+        The ruleset expression to use in matching the username in a request.
+        """
+        return pulumi.get(self, "username")
+
+    @property
+    @pulumi.getter(name="zoneId")
+    def zone_id(self) -> pulumi.Output[str]:
+        """
+        The zone identifier to target for the resource.
+        """
+        return pulumi.get(self, "zone_id")
+
diff --git a/sdk/python/pulumi_cloudflare/outputs.py b/sdk/python/pulumi_cloudflare/outputs.py
index 83f5f737..f8b9c3f9 100644
--- a/sdk/python/pulumi_cloudflare/outputs.py
+++ b/sdk/python/pulumi_cloudflare/outputs.py
@@ -17,6 +17,7 @@
 
 __all__ = [
     'AccessApplicationCorsHeader',
+    'AccessApplicationDestination',
     'AccessApplicationFooterLink',
     'AccessApplicationLandingPageDesign',
     'AccessApplicationSaasApp',
@@ -223,6 +224,8 @@
     'RulesetRuleExposedCredentialCheck',
     'RulesetRuleLogging',
     'RulesetRuleRatelimit',
+    'SnippetFile',
+    'SnippetRulesRule',
     'SpectrumApplicationDns',
     'SpectrumApplicationEdgeIps',
     'SpectrumApplicationOriginDns',
@@ -293,6 +296,7 @@
     'WorkersScriptServiceBinding',
     'WorkersScriptWebassemblyBinding',
     'ZeroTrustAccessApplicationCorsHeader',
+    'ZeroTrustAccessApplicationDestination',
     'ZeroTrustAccessApplicationFooterLink',
     'ZeroTrustAccessApplicationLandingPageDesign',
     'ZeroTrustAccessApplicationSaasApp',
@@ -625,6 +629,36 @@ def max_age(self) -> Optional[int]:
         return pulumi.get(self, "max_age")
 
 
+@pulumi.output_type
+class AccessApplicationDestination(dict):
+    def __init__(__self__, *,
+                 uri: str,
+                 type: Optional[str] = None):
+        """
+        :param str uri: The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+        :param str type: The destination type. Available values: `public`, `private`. Defaults to `public`.
+        """
+        pulumi.set(__self__, "uri", uri)
+        if type is not None:
+            pulumi.set(__self__, "type", type)
+
+    @property
+    @pulumi.getter
+    def uri(self) -> str:
+        """
+        The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+        """
+        return pulumi.get(self, "uri")
+
+    @property
+    @pulumi.getter
+    def type(self) -> Optional[str]:
+        """
+        The destination type. Available values: `public`, `private`. Defaults to `public`.
+        """
+        return pulumi.get(self, "type")
+
+
 @pulumi.output_type
 class AccessApplicationFooterLink(dict):
     def __init__(__self__, *,
@@ -4234,6 +4268,14 @@ def __init__(__self__, *,
                  seat_deprovision: Optional[bool] = None,
                  secret: Optional[str] = None,
                  user_deprovision: Optional[bool] = None):
+        """
+        :param bool enabled: A flag to enable or disable SCIM for the identity provider.
+        :param bool group_member_deprovision: Deprecated. Use `identity_update_behavior`.
+        :param str identity_update_behavior: Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+        :param bool seat_deprovision: A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+        :param str secret: A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+        :param bool user_deprovision: A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+        """
         if enabled is not None:
             pulumi.set(__self__, "enabled", enabled)
         if group_member_deprovision is not None:
@@ -4250,31 +4292,49 @@ def __init__(__self__, *,
     @property
     @pulumi.getter
     def enabled(self) -> Optional[bool]:
+        """
+        A flag to enable or disable SCIM for the identity provider.
+        """
         return pulumi.get(self, "enabled")
 
     @property
     @pulumi.getter(name="groupMemberDeprovision")
     def group_member_deprovision(self) -> Optional[bool]:
+        """
+        Deprecated. Use `identity_update_behavior`.
+        """
         return pulumi.get(self, "group_member_deprovision")
 
     @property
     @pulumi.getter(name="identityUpdateBehavior")
     def identity_update_behavior(self) -> Optional[str]:
+        """
+        Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+        """
         return pulumi.get(self, "identity_update_behavior")
 
     @property
     @pulumi.getter(name="seatDeprovision")
     def seat_deprovision(self) -> Optional[bool]:
+        """
+        A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+        """
         return pulumi.get(self, "seat_deprovision")
 
     @property
     @pulumi.getter
     def secret(self) -> Optional[str]:
+        """
+        A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+        """
         return pulumi.get(self, "secret")
 
     @property
     @pulumi.getter(name="userDeprovision")
     def user_deprovision(self) -> Optional[bool]:
+        """
+        A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+        """
         return pulumi.get(self, "user_deprovision")
 
 
@@ -4558,12 +4618,33 @@ def ssh(self) -> 'outputs.AccessPolicyConnectionRulesSsh':
 
 @pulumi.output_type
 class AccessPolicyConnectionRulesSsh(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "allowEmailAlias":
+            suggest = "allow_email_alias"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in AccessPolicyConnectionRulesSsh. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        AccessPolicyConnectionRulesSsh.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        AccessPolicyConnectionRulesSsh.__key_warning(key)
+        return super().get(key, default)
+
     def __init__(__self__, *,
-                 usernames: Sequence[str]):
+                 usernames: Sequence[str],
+                 allow_email_alias: Optional[bool] = None):
         """
         :param Sequence[str] usernames: Contains the Unix usernames that may be used when connecting over SSH.
+        :param bool allow_email_alias: Allows connecting to Unix username that matches the authenticating email prefix.
         """
         pulumi.set(__self__, "usernames", usernames)
+        if allow_email_alias is not None:
+            pulumi.set(__self__, "allow_email_alias", allow_email_alias)
 
     @property
     @pulumi.getter
@@ -4573,6 +4654,14 @@ def usernames(self) -> Sequence[str]:
         """
         return pulumi.get(self, "usernames")
 
+    @property
+    @pulumi.getter(name="allowEmailAlias")
+    def allow_email_alias(self) -> Optional[bool]:
+        """
+        Allows connecting to Unix username that matches the authenticating email prefix.
+        """
+        return pulumi.get(self, "allow_email_alias")
+
 
 @pulumi.output_type
 class AccessPolicyExclude(dict):
@@ -11134,7 +11223,7 @@ def __init__(__self__, *,
                  zones: Optional[Sequence[str]] = None):
         """
         :param Sequence[str] actions: Targeted actions for alert.
-        :param Sequence[str] affected_components: Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
+        :param Sequence[str] affected_components: Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
         :param Sequence[str] airport_codes: Filter on Points of Presence.
         :param Sequence[str] alert_trigger_preferences: Alert trigger preferences. Example: `slo`.
         :param Sequence[str] enableds: State of the pool to alert on.
@@ -11248,7 +11337,7 @@ def actions(self) -> Optional[Sequence[str]]:
     @pulumi.getter(name="affectedComponents")
     def affected_components(self) -> Optional[Sequence[str]]:
         """
-        Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
+        Affected components for alert. Available values: `API`, `API Shield`, `Access`, `Always Online`, `Analytics`, `Apps Marketplace`, `Argo Smart Routing`, `Audit Logs`, `Authoritative DNS`, `Billing`, `Bot Management`, `Bring Your Own IP (BYOIP)`, `Browser Isolation`, `CDN Cache Purge`, `CDN/Cache`, `Cache Reserve`, `Challenge Platform`, `Cloud Access Security Broker (CASB)`, `Community Site`, `D1`, `DNS Root Servers`, `DNS Updates`, `Dashboard`, `Data Loss Prevention (DLP)`, `Developer's Site`, `Digital Experience Monitoring (DEX)`, `Distributed Web Gateway`, `Durable Objects`, `Email Routing`, `Ethereum Gateway`, `Firewall`, `Gateway`, `Geo-Key Manager`, `Image Resizing`, `Images`, `Infrastructure`, `Lists`, `Load Balancing and Monitoring`, `Logs`, `Magic Firewall`, `Magic Transit`, `Magic WAN`, `Magic WAN Connector`, `Marketing Site`, `Mirage`, `Network`, `Notifications`, `Observatory`, `Page Shield`, `Pages`, `R2`, `Radar`, `Randomness Beacon`, `Recursive DNS`, `Registrar`, `Registration Data Access Protocol (RDAP)`, `SSL Certificate Provisioning`, `SSL for SaaS Provisioning`, `Security Center`, `Snippets`, `Spectrum`, `Speed Optimizations`, `Stream`, `Support Site`, `Time Services`, `Trace`, `Tunnel`, `Turnstile`, `WARP`, `Waiting Room`, `Web Analytics`, `Workers`, `Workers KV`, `Workers Preview`, `Zaraz`, `Zero Trust`, `Zero Trust Dashboard`, `Zone Versioning`.
         """
         return pulumi.get(self, "affected_components")
 
@@ -14111,8 +14200,6 @@ def __key_warning(key: str):
             suggest = "action_parameters"
         elif key == "exposedCredentialCheck":
             suggest = "exposed_credential_check"
-        elif key == "lastUpdated":
-            suggest = "last_updated"
 
         if suggest:
             pulumi.log.warn(f"Key '{key}' not found in RulesetRule. Access the value via the '{suggest}' property getter instead.")
@@ -14133,11 +14220,9 @@ def __init__(__self__, *,
                  enabled: Optional[bool] = None,
                  exposed_credential_check: Optional['outputs.RulesetRuleExposedCredentialCheck'] = None,
                  id: Optional[str] = None,
-                 last_updated: Optional[str] = None,
                  logging: Optional['outputs.RulesetRuleLogging'] = None,
                  ratelimit: Optional['outputs.RulesetRuleRatelimit'] = None,
-                 ref: Optional[str] = None,
-                 version: Optional[str] = None):
+                 ref: Optional[str] = None):
         """
         :param str expression: Criteria for an HTTP request to trigger the ruleset rule action. Uses the Firewall Rules expression language based on Wireshark display filters. Refer to the [Firewall Rules language](https://developers.cloudflare.com/firewall/cf-firewall-language) documentation for all available fields, operators, and functions.
         :param str action: Action to perform in the ruleset rule. Available values: `block`, `challenge`, `compress_response`, `ddos_dynamic`, `ddos_mitigation`, `execute`, `force_connection_close`, `js_challenge`, `log`, `log_custom_field`, `managed_challenge`, `redirect`, `rewrite`, `route`, `score`, `serve_error`, `set_cache_settings`, `set_config`, `skip`.
@@ -14146,11 +14231,9 @@ def __init__(__self__, *,
         :param bool enabled: Whether the rule is active.
         :param 'RulesetRuleExposedCredentialCheckArgs' exposed_credential_check: List of parameters that configure exposed credential checks.
         :param str id: Unique rule identifier.
-        :param str last_updated: The most recent update to this rule.
         :param 'RulesetRuleLoggingArgs' logging: List parameters to configure how the rule generates logs. Only valid for skip action.
         :param 'RulesetRuleRatelimitArgs' ratelimit: List of parameters that configure HTTP rate limiting behaviour.
         :param str ref: Rule reference.
-        :param str version: Version of the ruleset to deploy.
         """
         pulumi.set(__self__, "expression", expression)
         if action is not None:
@@ -14165,16 +14248,12 @@ def __init__(__self__, *,
             pulumi.set(__self__, "exposed_credential_check", exposed_credential_check)
         if id is not None:
             pulumi.set(__self__, "id", id)
-        if last_updated is not None:
-            pulumi.set(__self__, "last_updated", last_updated)
         if logging is not None:
             pulumi.set(__self__, "logging", logging)
         if ratelimit is not None:
             pulumi.set(__self__, "ratelimit", ratelimit)
         if ref is not None:
             pulumi.set(__self__, "ref", ref)
-        if version is not None:
-            pulumi.set(__self__, "version", version)
 
     @property
     @pulumi.getter
@@ -14232,14 +14311,6 @@ def id(self) -> Optional[str]:
         """
         return pulumi.get(self, "id")
 
-    @property
-    @pulumi.getter(name="lastUpdated")
-    def last_updated(self) -> Optional[str]:
-        """
-        The most recent update to this rule.
-        """
-        return pulumi.get(self, "last_updated")
-
     @property
     @pulumi.getter
     def logging(self) -> Optional['outputs.RulesetRuleLogging']:
@@ -14264,14 +14335,6 @@ def ref(self) -> Optional[str]:
         """
         return pulumi.get(self, "ref")
 
-    @property
-    @pulumi.getter
-    def version(self) -> Optional[str]:
-        """
-        Version of the ruleset to deploy.
-        """
-        return pulumi.get(self, "version")
-
 
 @pulumi.output_type
 class RulesetRuleActionParameters(dict):
@@ -14403,8 +14466,7 @@ def __init__(__self__, *,
                  ssl: Optional[str] = None,
                  status_code: Optional[int] = None,
                  sxg: Optional[bool] = None,
-                 uri: Optional['outputs.RulesetRuleActionParametersUri'] = None,
-                 version: Optional[str] = None):
+                 uri: Optional['outputs.RulesetRuleActionParametersUri'] = None):
         """
         :param Sequence[int] additional_cacheable_ports: Specifies uncommon ports to allow cacheable assets to be served from.
         :param Sequence['RulesetRuleActionParametersAlgorithmArgs'] algorithms: Compression algorithms to use in order of preference.
@@ -14458,7 +14520,6 @@ def __init__(__self__, *,
         :param int status_code: HTTP status code of the custom error response.
         :param bool sxg: Turn on or off the SXG feature.
         :param 'RulesetRuleActionParametersUriArgs' uri: List of URI properties to configure for the ruleset rule when performing URL rewrite transformations.
-        :param str version: Version of the ruleset to deploy.
         """
         if additional_cacheable_ports is not None:
             pulumi.set(__self__, "additional_cacheable_ports", additional_cacheable_ports)
@@ -14566,8 +14627,6 @@ def __init__(__self__, *,
             pulumi.set(__self__, "sxg", sxg)
         if uri is not None:
             pulumi.set(__self__, "uri", uri)
-        if version is not None:
-            pulumi.set(__self__, "version", version)
 
     @property
     @pulumi.getter(name="additionalCacheablePorts")
@@ -14990,14 +15049,6 @@ def uri(self) -> Optional['outputs.RulesetRuleActionParametersUri']:
         """
         return pulumi.get(self, "uri")
 
-    @property
-    @pulumi.getter
-    def version(self) -> Optional[str]:
-        """
-        Version of the ruleset to deploy.
-        """
-        return pulumi.get(self, "version")
-
 
 @pulumi.output_type
 class RulesetRuleActionParametersAlgorithm(dict):
@@ -16578,6 +16629,106 @@ def score_response_header_name(self) -> Optional[str]:
         return pulumi.get(self, "score_response_header_name")
 
 
+@pulumi.output_type
+class SnippetFile(dict):
+    def __init__(__self__, *,
+                 name: str,
+                 content: Optional[str] = None):
+        """
+        :param str name: Name of the snippet file.
+        :param str content: Content of the snippet file.
+        """
+        pulumi.set(__self__, "name", name)
+        if content is not None:
+            pulumi.set(__self__, "content", content)
+
+    @property
+    @pulumi.getter
+    def name(self) -> str:
+        """
+        Name of the snippet file.
+        """
+        return pulumi.get(self, "name")
+
+    @property
+    @pulumi.getter
+    def content(self) -> Optional[str]:
+        """
+        Content of the snippet file.
+        """
+        return pulumi.get(self, "content")
+
+
+@pulumi.output_type
+class SnippetRulesRule(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "snippetName":
+            suggest = "snippet_name"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in SnippetRulesRule. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        SnippetRulesRule.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        SnippetRulesRule.__key_warning(key)
+        return super().get(key, default)
+
+    def __init__(__self__, *,
+                 expression: str,
+                 snippet_name: str,
+                 description: Optional[str] = None,
+                 enabled: Optional[bool] = None):
+        """
+        :param str expression: Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters.
+        :param str snippet_name: Name of the snippet invoked by this rule.
+        :param str description: Brief summary of the snippet rule and its intended use.
+        :param bool enabled: Whether the headers rule is active.
+        """
+        pulumi.set(__self__, "expression", expression)
+        pulumi.set(__self__, "snippet_name", snippet_name)
+        if description is not None:
+            pulumi.set(__self__, "description", description)
+        if enabled is not None:
+            pulumi.set(__self__, "enabled", enabled)
+
+    @property
+    @pulumi.getter
+    def expression(self) -> str:
+        """
+        Criteria for an HTTP request to trigger the snippet rule. Uses the Firewall Rules expression language based on Wireshark display filters.
+        """
+        return pulumi.get(self, "expression")
+
+    @property
+    @pulumi.getter(name="snippetName")
+    def snippet_name(self) -> str:
+        """
+        Name of the snippet invoked by this rule.
+        """
+        return pulumi.get(self, "snippet_name")
+
+    @property
+    @pulumi.getter
+    def description(self) -> Optional[str]:
+        """
+        Brief summary of the snippet rule and its intended use.
+        """
+        return pulumi.get(self, "description")
+
+    @property
+    @pulumi.getter
+    def enabled(self) -> Optional[bool]:
+        """
+        Whether the headers rule is active.
+        """
+        return pulumi.get(self, "enabled")
+
+
 @pulumi.output_type
 class SpectrumApplicationDns(dict):
     def __init__(__self__, *,
@@ -20311,6 +20462,36 @@ def max_age(self) -> Optional[int]:
         return pulumi.get(self, "max_age")
 
 
+@pulumi.output_type
+class ZeroTrustAccessApplicationDestination(dict):
+    def __init__(__self__, *,
+                 uri: str,
+                 type: Optional[str] = None):
+        """
+        :param str uri: The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+        :param str type: The destination type. Available values: `public`, `private`. Defaults to `public`.
+        """
+        pulumi.set(__self__, "uri", uri)
+        if type is not None:
+            pulumi.set(__self__, "type", type)
+
+    @property
+    @pulumi.getter
+    def uri(self) -> str:
+        """
+        The URI of the destination. Public destinations can include a domain and path with wildcards. Private destinations are an early access feature and gated behind a feature flag. Private destinations support private IPv4, IPv6, and Server Name Indications (SNI) with optional port ranges.
+        """
+        return pulumi.get(self, "uri")
+
+    @property
+    @pulumi.getter
+    def type(self) -> Optional[str]:
+        """
+        The destination type. Available values: `public`, `private`. Defaults to `public`.
+        """
+        return pulumi.get(self, "type")
+
+
 @pulumi.output_type
 class ZeroTrustAccessApplicationFooterLink(dict):
     def __init__(__self__, *,
@@ -23920,6 +24101,14 @@ def __init__(__self__, *,
                  seat_deprovision: Optional[bool] = None,
                  secret: Optional[str] = None,
                  user_deprovision: Optional[bool] = None):
+        """
+        :param bool enabled: A flag to enable or disable SCIM for the identity provider.
+        :param bool group_member_deprovision: Deprecated. Use `identity_update_behavior`.
+        :param str identity_update_behavior: Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+        :param bool seat_deprovision: A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+        :param str secret: A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+        :param bool user_deprovision: A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+        """
         if enabled is not None:
             pulumi.set(__self__, "enabled", enabled)
         if group_member_deprovision is not None:
@@ -23936,31 +24125,49 @@ def __init__(__self__, *,
     @property
     @pulumi.getter
     def enabled(self) -> Optional[bool]:
+        """
+        A flag to enable or disable SCIM for the identity provider.
+        """
         return pulumi.get(self, "enabled")
 
     @property
     @pulumi.getter(name="groupMemberDeprovision")
     def group_member_deprovision(self) -> Optional[bool]:
+        """
+        Deprecated. Use `identity_update_behavior`.
+        """
         return pulumi.get(self, "group_member_deprovision")
 
     @property
     @pulumi.getter(name="identityUpdateBehavior")
     def identity_update_behavior(self) -> Optional[str]:
+        """
+        Indicates how a SCIM event updates a user identity used for policy evaluation. Use "automatic" to automatically update a user's identity and augment it with fields from the SCIM user resource. Use "reauth" to force re-authentication on group membership updates, user identity update will only occur after successful re-authentication. With "reauth" identities will not contain fields from the SCIM user resource. With "no_action" identities will not be changed by SCIM updates in any way and users will not be prompted to reauthenticate.
+        """
         return pulumi.get(self, "identity_update_behavior")
 
     @property
     @pulumi.getter(name="seatDeprovision")
     def seat_deprovision(self) -> Optional[bool]:
+        """
+        A flag to remove a user's seat in Zero Trust when they have been deprovisioned in the Identity Provider.  This cannot be enabled unless user_deprovision is also enabled.
+        """
         return pulumi.get(self, "seat_deprovision")
 
     @property
     @pulumi.getter
     def secret(self) -> Optional[str]:
+        """
+        A read-only token generated when the SCIM integration is enabled for the first time.  It is redacted on subsequent requests.  If you lose this you will need to refresh it token at /access/identity*providers/:idpID/refresh*scim_secret.
+        """
         return pulumi.get(self, "secret")
 
     @property
     @pulumi.getter(name="userDeprovision")
     def user_deprovision(self) -> Optional[bool]:
+        """
+        A flag to enable revoking a user's session in Access and Gateway when they have been deprovisioned in the Identity Provider.
+        """
         return pulumi.get(self, "user_deprovision")
 
 
@@ -24244,12 +24451,33 @@ def ssh(self) -> 'outputs.ZeroTrustAccessPolicyConnectionRulesSsh':
 
 @pulumi.output_type
 class ZeroTrustAccessPolicyConnectionRulesSsh(dict):
+    @staticmethod
+    def __key_warning(key: str):
+        suggest = None
+        if key == "allowEmailAlias":
+            suggest = "allow_email_alias"
+
+        if suggest:
+            pulumi.log.warn(f"Key '{key}' not found in ZeroTrustAccessPolicyConnectionRulesSsh. Access the value via the '{suggest}' property getter instead.")
+
+    def __getitem__(self, key: str) -> Any:
+        ZeroTrustAccessPolicyConnectionRulesSsh.__key_warning(key)
+        return super().__getitem__(key)
+
+    def get(self, key: str, default = None) -> Any:
+        ZeroTrustAccessPolicyConnectionRulesSsh.__key_warning(key)
+        return super().get(key, default)
+
     def __init__(__self__, *,
-                 usernames: Sequence[str]):
+                 usernames: Sequence[str],
+                 allow_email_alias: Optional[bool] = None):
         """
         :param Sequence[str] usernames: Contains the Unix usernames that may be used when connecting over SSH.
+        :param bool allow_email_alias: Allows connecting to Unix username that matches the authenticating email prefix.
         """
         pulumi.set(__self__, "usernames", usernames)
+        if allow_email_alias is not None:
+            pulumi.set(__self__, "allow_email_alias", allow_email_alias)
 
     @property
     @pulumi.getter
@@ -24259,6 +24487,14 @@ def usernames(self) -> Sequence[str]:
         """
         return pulumi.get(self, "usernames")
 
+    @property
+    @pulumi.getter(name="allowEmailAlias")
+    def allow_email_alias(self) -> Optional[bool]:
+        """
+        Allows connecting to Unix username that matches the authenticating email prefix.
+        """
+        return pulumi.get(self, "allow_email_alias")
+
 
 @pulumi.output_type
 class ZeroTrustAccessPolicyExclude(dict):
diff --git a/sdk/python/pulumi_cloudflare/snippet.py b/sdk/python/pulumi_cloudflare/snippet.py
new file mode 100644
index 00000000..2fe418de
--- /dev/null
+++ b/sdk/python/pulumi_cloudflare/snippet.py
@@ -0,0 +1,294 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from . import _utilities
+from . import outputs
+from ._inputs import *
+
+__all__ = ['SnippetArgs', 'Snippet']
+
+@pulumi.input_type
+class SnippetArgs:
+    def __init__(__self__, *,
+                 main_module: pulumi.Input[str],
+                 name: pulumi.Input[str],
+                 zone_id: pulumi.Input[str],
+                 files: Optional[pulumi.Input[Sequence[pulumi.Input['SnippetFileArgs']]]] = None):
+        """
+        The set of arguments for constructing a Snippet resource.
+        :param pulumi.Input[str] main_module: Main module file name of the snippet.
+        :param pulumi.Input[str] name: Name of the snippet.
+        :param pulumi.Input[str] zone_id: The zone identifier to target for the resource.
+        :param pulumi.Input[Sequence[pulumi.Input['SnippetFileArgs']]] files: List of Snippet Files
+        """
+        pulumi.set(__self__, "main_module", main_module)
+        pulumi.set(__self__, "name", name)
+        pulumi.set(__self__, "zone_id", zone_id)
+        if files is not None:
+            pulumi.set(__self__, "files", files)
+
+    @property
+    @pulumi.getter(name="mainModule")
+    def main_module(self) -> pulumi.Input[str]:
+        """
+        Main module file name of the snippet.
+        """
+        return pulumi.get(self, "main_module")
+
+    @main_module.setter
+    def main_module(self, value: pulumi.Input[str]):
+        pulumi.set(self, "main_module", value)
+
+    @property
+    @pulumi.getter
+    def name(self) -> pulumi.Input[str]:
+        """
+        Name of the snippet.
+        """
+        return pulumi.get(self, "name")
+
+    @name.setter
+    def name(self, value: pulumi.Input[str]):
+        pulumi.set(self, "name", value)
+
+    @property
+    @pulumi.getter(name="zoneId")
+    def zone_id(self) -> pulumi.Input[str]:
+        """
+        The zone identifier to target for the resource.
+        """
+        return pulumi.get(self, "zone_id")
+
+    @zone_id.setter
+    def zone_id(self, value: pulumi.Input[str]):
+        pulumi.set(self, "zone_id", value)
+
+    @property
+    @pulumi.getter
+    def files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SnippetFileArgs']]]]:
+        """
+        List of Snippet Files
+        """
+        return pulumi.get(self, "files")
+
+    @files.setter
+    def files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SnippetFileArgs']]]]):
+        pulumi.set(self, "files", value)
+
+
+@pulumi.input_type
+class _SnippetState:
+    def __init__(__self__, *,
+                 files: Optional[pulumi.Input[Sequence[pulumi.Input['SnippetFileArgs']]]] = None,
+                 main_module: Optional[pulumi.Input[str]] = None,
+                 name: Optional[pulumi.Input[str]] = None,
+                 zone_id: Optional[pulumi.Input[str]] = None):
+        """
+        Input properties used for looking up and filtering Snippet resources.
+        :param pulumi.Input[Sequence[pulumi.Input['SnippetFileArgs']]] files: List of Snippet Files
+        :param pulumi.Input[str] main_module: Main module file name of the snippet.
+        :param pulumi.Input[str] name: Name of the snippet.
+        :param pulumi.Input[str] zone_id: The zone identifier to target for the resource.
+        """
+        if files is not None:
+            pulumi.set(__self__, "files", files)
+        if main_module is not None:
+            pulumi.set(__self__, "main_module", main_module)
+        if name is not None:
+            pulumi.set(__self__, "name", name)
+        if zone_id is not None:
+            pulumi.set(__self__, "zone_id", zone_id)
+
+    @property
+    @pulumi.getter
+    def files(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SnippetFileArgs']]]]:
+        """
+        List of Snippet Files
+        """
+        return pulumi.get(self, "files")
+
+    @files.setter
+    def files(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SnippetFileArgs']]]]):
+        pulumi.set(self, "files", value)
+
+    @property
+    @pulumi.getter(name="mainModule")
+    def main_module(self) -> Optional[pulumi.Input[str]]:
+        """
+        Main module file name of the snippet.
+        """
+        return pulumi.get(self, "main_module")
+
+    @main_module.setter
+    def main_module(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "main_module", value)
+
+    @property
+    @pulumi.getter
+    def name(self) -> Optional[pulumi.Input[str]]:
+        """
+        Name of the snippet.
+        """
+        return pulumi.get(self, "name")
+
+    @name.setter
+    def name(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "name", value)
+
+    @property
+    @pulumi.getter(name="zoneId")
+    def zone_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        The zone identifier to target for the resource.
+        """
+        return pulumi.get(self, "zone_id")
+
+    @zone_id.setter
+    def zone_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "zone_id", value)
+
+
+class Snippet(pulumi.CustomResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 files: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SnippetFileArgs', 'SnippetFileArgsDict']]]]] = None,
+                 main_module: Optional[pulumi.Input[str]] = None,
+                 name: Optional[pulumi.Input[str]] = None,
+                 zone_id: Optional[pulumi.Input[str]] = None,
+                 __props__=None):
+        """
+        Create a Snippet resource with the given unique name, props, and options.
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SnippetFileArgs', 'SnippetFileArgsDict']]]] files: List of Snippet Files
+        :param pulumi.Input[str] main_module: Main module file name of the snippet.
+        :param pulumi.Input[str] name: Name of the snippet.
+        :param pulumi.Input[str] zone_id: The zone identifier to target for the resource.
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: SnippetArgs,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        Create a Snippet resource with the given unique name, props, and options.
+        :param str resource_name: The name of the resource.
+        :param SnippetArgs args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(SnippetArgs, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 files: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SnippetFileArgs', 'SnippetFileArgsDict']]]]] = None,
+                 main_module: Optional[pulumi.Input[str]] = None,
+                 name: Optional[pulumi.Input[str]] = None,
+                 zone_id: Optional[pulumi.Input[str]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is None:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = SnippetArgs.__new__(SnippetArgs)
+
+            __props__.__dict__["files"] = files
+            if main_module is None and not opts.urn:
+                raise TypeError("Missing required property 'main_module'")
+            __props__.__dict__["main_module"] = main_module
+            if name is None and not opts.urn:
+                raise TypeError("Missing required property 'name'")
+            __props__.__dict__["name"] = name
+            if zone_id is None and not opts.urn:
+                raise TypeError("Missing required property 'zone_id'")
+            __props__.__dict__["zone_id"] = zone_id
+        super(Snippet, __self__).__init__(
+            'cloudflare:index/snippet:Snippet',
+            resource_name,
+            __props__,
+            opts)
+
+    @staticmethod
+    def get(resource_name: str,
+            id: pulumi.Input[str],
+            opts: Optional[pulumi.ResourceOptions] = None,
+            files: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SnippetFileArgs', 'SnippetFileArgsDict']]]]] = None,
+            main_module: Optional[pulumi.Input[str]] = None,
+            name: Optional[pulumi.Input[str]] = None,
+            zone_id: Optional[pulumi.Input[str]] = None) -> 'Snippet':
+        """
+        Get an existing Snippet resource's state with the given name, id, and optional extra
+        properties used to qualify the lookup.
+
+        :param str resource_name: The unique name of the resulting resource.
+        :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SnippetFileArgs', 'SnippetFileArgsDict']]]] files: List of Snippet Files
+        :param pulumi.Input[str] main_module: Main module file name of the snippet.
+        :param pulumi.Input[str] name: Name of the snippet.
+        :param pulumi.Input[str] zone_id: The zone identifier to target for the resource.
+        """
+        opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
+
+        __props__ = _SnippetState.__new__(_SnippetState)
+
+        __props__.__dict__["files"] = files
+        __props__.__dict__["main_module"] = main_module
+        __props__.__dict__["name"] = name
+        __props__.__dict__["zone_id"] = zone_id
+        return Snippet(resource_name, opts=opts, __props__=__props__)
+
+    @property
+    @pulumi.getter
+    def files(self) -> pulumi.Output[Optional[Sequence['outputs.SnippetFile']]]:
+        """
+        List of Snippet Files
+        """
+        return pulumi.get(self, "files")
+
+    @property
+    @pulumi.getter(name="mainModule")
+    def main_module(self) -> pulumi.Output[str]:
+        """
+        Main module file name of the snippet.
+        """
+        return pulumi.get(self, "main_module")
+
+    @property
+    @pulumi.getter
+    def name(self) -> pulumi.Output[str]:
+        """
+        Name of the snippet.
+        """
+        return pulumi.get(self, "name")
+
+    @property
+    @pulumi.getter(name="zoneId")
+    def zone_id(self) -> pulumi.Output[str]:
+        """
+        The zone identifier to target for the resource.
+        """
+        return pulumi.get(self, "zone_id")
+
diff --git a/sdk/python/pulumi_cloudflare/snippet_rules.py b/sdk/python/pulumi_cloudflare/snippet_rules.py
new file mode 100644
index 00000000..4dbc242b
--- /dev/null
+++ b/sdk/python/pulumi_cloudflare/snippet_rules.py
@@ -0,0 +1,198 @@
+# coding=utf-8
+# *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+# *** Do not edit by hand unless you're certain you know what you are doing! ***
+
+import copy
+import warnings
+import sys
+import pulumi
+import pulumi.runtime
+from typing import Any, Mapping, Optional, Sequence, Union, overload
+if sys.version_info >= (3, 11):
+    from typing import NotRequired, TypedDict, TypeAlias
+else:
+    from typing_extensions import NotRequired, TypedDict, TypeAlias
+from . import _utilities
+from . import outputs
+from ._inputs import *
+
+__all__ = ['SnippetRulesArgs', 'SnippetRules']
+
+@pulumi.input_type
+class SnippetRulesArgs:
+    def __init__(__self__, *,
+                 zone_id: pulumi.Input[str],
+                 rules: Optional[pulumi.Input[Sequence[pulumi.Input['SnippetRulesRuleArgs']]]] = None):
+        """
+        The set of arguments for constructing a SnippetRules resource.
+        :param pulumi.Input[str] zone_id: The zone identifier to target for the resource.
+        :param pulumi.Input[Sequence[pulumi.Input['SnippetRulesRuleArgs']]] rules: List of Snippet Rules
+        """
+        pulumi.set(__self__, "zone_id", zone_id)
+        if rules is not None:
+            pulumi.set(__self__, "rules", rules)
+
+    @property
+    @pulumi.getter(name="zoneId")
+    def zone_id(self) -> pulumi.Input[str]:
+        """
+        The zone identifier to target for the resource.
+        """
+        return pulumi.get(self, "zone_id")
+
+    @zone_id.setter
+    def zone_id(self, value: pulumi.Input[str]):
+        pulumi.set(self, "zone_id", value)
+
+    @property
+    @pulumi.getter
+    def rules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SnippetRulesRuleArgs']]]]:
+        """
+        List of Snippet Rules
+        """
+        return pulumi.get(self, "rules")
+
+    @rules.setter
+    def rules(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SnippetRulesRuleArgs']]]]):
+        pulumi.set(self, "rules", value)
+
+
+@pulumi.input_type
+class _SnippetRulesState:
+    def __init__(__self__, *,
+                 rules: Optional[pulumi.Input[Sequence[pulumi.Input['SnippetRulesRuleArgs']]]] = None,
+                 zone_id: Optional[pulumi.Input[str]] = None):
+        """
+        Input properties used for looking up and filtering SnippetRules resources.
+        :param pulumi.Input[Sequence[pulumi.Input['SnippetRulesRuleArgs']]] rules: List of Snippet Rules
+        :param pulumi.Input[str] zone_id: The zone identifier to target for the resource.
+        """
+        if rules is not None:
+            pulumi.set(__self__, "rules", rules)
+        if zone_id is not None:
+            pulumi.set(__self__, "zone_id", zone_id)
+
+    @property
+    @pulumi.getter
+    def rules(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['SnippetRulesRuleArgs']]]]:
+        """
+        List of Snippet Rules
+        """
+        return pulumi.get(self, "rules")
+
+    @rules.setter
+    def rules(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['SnippetRulesRuleArgs']]]]):
+        pulumi.set(self, "rules", value)
+
+    @property
+    @pulumi.getter(name="zoneId")
+    def zone_id(self) -> Optional[pulumi.Input[str]]:
+        """
+        The zone identifier to target for the resource.
+        """
+        return pulumi.get(self, "zone_id")
+
+    @zone_id.setter
+    def zone_id(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "zone_id", value)
+
+
+class SnippetRules(pulumi.CustomResource):
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SnippetRulesRuleArgs', 'SnippetRulesRuleArgsDict']]]]] = None,
+                 zone_id: Optional[pulumi.Input[str]] = None,
+                 __props__=None):
+        """
+        Create a SnippetRules resource with the given unique name, props, and options.
+        :param str resource_name: The name of the resource.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SnippetRulesRuleArgs', 'SnippetRulesRuleArgsDict']]]] rules: List of Snippet Rules
+        :param pulumi.Input[str] zone_id: The zone identifier to target for the resource.
+        """
+        ...
+    @overload
+    def __init__(__self__,
+                 resource_name: str,
+                 args: SnippetRulesArgs,
+                 opts: Optional[pulumi.ResourceOptions] = None):
+        """
+        Create a SnippetRules resource with the given unique name, props, and options.
+        :param str resource_name: The name of the resource.
+        :param SnippetRulesArgs args: The arguments to use to populate this resource's properties.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        """
+        ...
+    def __init__(__self__, resource_name: str, *args, **kwargs):
+        resource_args, opts = _utilities.get_resource_args_opts(SnippetRulesArgs, pulumi.ResourceOptions, *args, **kwargs)
+        if resource_args is not None:
+            __self__._internal_init(resource_name, opts, **resource_args.__dict__)
+        else:
+            __self__._internal_init(resource_name, *args, **kwargs)
+
+    def _internal_init(__self__,
+                 resource_name: str,
+                 opts: Optional[pulumi.ResourceOptions] = None,
+                 rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SnippetRulesRuleArgs', 'SnippetRulesRuleArgsDict']]]]] = None,
+                 zone_id: Optional[pulumi.Input[str]] = None,
+                 __props__=None):
+        opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
+        if not isinstance(opts, pulumi.ResourceOptions):
+            raise TypeError('Expected resource options to be a ResourceOptions instance')
+        if opts.id is None:
+            if __props__ is not None:
+                raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
+            __props__ = SnippetRulesArgs.__new__(SnippetRulesArgs)
+
+            __props__.__dict__["rules"] = rules
+            if zone_id is None and not opts.urn:
+                raise TypeError("Missing required property 'zone_id'")
+            __props__.__dict__["zone_id"] = zone_id
+        super(SnippetRules, __self__).__init__(
+            'cloudflare:index/snippetRules:SnippetRules',
+            resource_name,
+            __props__,
+            opts)
+
+    @staticmethod
+    def get(resource_name: str,
+            id: pulumi.Input[str],
+            opts: Optional[pulumi.ResourceOptions] = None,
+            rules: Optional[pulumi.Input[Sequence[pulumi.Input[Union['SnippetRulesRuleArgs', 'SnippetRulesRuleArgsDict']]]]] = None,
+            zone_id: Optional[pulumi.Input[str]] = None) -> 'SnippetRules':
+        """
+        Get an existing SnippetRules resource's state with the given name, id, and optional extra
+        properties used to qualify the lookup.
+
+        :param str resource_name: The unique name of the resulting resource.
+        :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
+        :param pulumi.ResourceOptions opts: Options for the resource.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['SnippetRulesRuleArgs', 'SnippetRulesRuleArgsDict']]]] rules: List of Snippet Rules
+        :param pulumi.Input[str] zone_id: The zone identifier to target for the resource.
+        """
+        opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
+
+        __props__ = _SnippetRulesState.__new__(_SnippetRulesState)
+
+        __props__.__dict__["rules"] = rules
+        __props__.__dict__["zone_id"] = zone_id
+        return SnippetRules(resource_name, opts=opts, __props__=__props__)
+
+    @property
+    @pulumi.getter
+    def rules(self) -> pulumi.Output[Optional[Sequence['outputs.SnippetRulesRule']]]:
+        """
+        List of Snippet Rules
+        """
+        return pulumi.get(self, "rules")
+
+    @property
+    @pulumi.getter(name="zoneId")
+    def zone_id(self) -> pulumi.Output[str]:
+        """
+        The zone identifier to target for the resource.
+        """
+        return pulumi.get(self, "zone_id")
+
diff --git a/sdk/python/pulumi_cloudflare/zero_trust_access_application.py b/sdk/python/pulumi_cloudflare/zero_trust_access_application.py
index b4a5adca..5128a6eb 100644
--- a/sdk/python/pulumi_cloudflare/zero_trust_access_application.py
+++ b/sdk/python/pulumi_cloudflare/zero_trust_access_application.py
@@ -33,7 +33,9 @@ def __init__(__self__, *,
                  custom_deny_url: Optional[pulumi.Input[str]] = None,
                  custom_non_identity_deny_url: Optional[pulumi.Input[str]] = None,
                  custom_pages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 destinations: Optional[pulumi.Input[Sequence[pulumi.Input['ZeroTrustAccessApplicationDestinationArgs']]]] = None,
                  domain: Optional[pulumi.Input[str]] = None,
+                 domain_type: Optional[pulumi.Input[str]] = None,
                  enable_binding_cookie: Optional[pulumi.Input[bool]] = None,
                  footer_links: Optional[pulumi.Input[Sequence[pulumi.Input['ZeroTrustAccessApplicationFooterLinkArgs']]]] = None,
                  header_bg_color: Optional[pulumi.Input[str]] = None,
@@ -69,7 +71,9 @@ def __init__(__self__, *,
         :param pulumi.Input[str] custom_deny_url: Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
         :param pulumi.Input[str] custom_non_identity_deny_url: Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] custom_pages: The custom pages selected for the application.
+        :param pulumi.Input[Sequence[pulumi.Input['ZeroTrustAccessApplicationDestinationArgs']]] destinations: A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
         :param pulumi.Input[str] domain: The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
+        :param pulumi.Input[str] domain_type: The type of the primary domain. Available values: `public`, `private`.
         :param pulumi.Input[bool] enable_binding_cookie: Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
         :param pulumi.Input[Sequence[pulumi.Input['ZeroTrustAccessApplicationFooterLinkArgs']]] footer_links: The footer links of the app launcher.
         :param pulumi.Input[str] header_bg_color: The background color of the header bar in the app launcher.
@@ -82,7 +86,7 @@ def __init__(__self__, *,
         :param pulumi.Input['ZeroTrustAccessApplicationSaasAppArgs'] saas_app: SaaS configuration for the Access Application.
         :param pulumi.Input[str] same_site_cookie_attribute: Defines the same-site cookie setting for access tokens. Available values: `none`, `lax`, `strict`.
         :param pulumi.Input['ZeroTrustAccessApplicationScimConfigArgs'] scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] self_hosted_domains: List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] self_hosted_domains: List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
         :param pulumi.Input[bool] service_auth401_redirect: Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`.
         :param pulumi.Input[str] session_duration: How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`. Defaults to `24h`.
         :param pulumi.Input[bool] skip_app_launcher_login_page: Option to skip the App Launcher landing page. Defaults to `false`.
@@ -116,8 +120,12 @@ def __init__(__self__, *,
             pulumi.set(__self__, "custom_non_identity_deny_url", custom_non_identity_deny_url)
         if custom_pages is not None:
             pulumi.set(__self__, "custom_pages", custom_pages)
+        if destinations is not None:
+            pulumi.set(__self__, "destinations", destinations)
         if domain is not None:
             pulumi.set(__self__, "domain", domain)
+        if domain_type is not None:
+            pulumi.set(__self__, "domain_type", domain_type)
         if enable_binding_cookie is not None:
             pulumi.set(__self__, "enable_binding_cookie", enable_binding_cookie)
         if footer_links is not None:
@@ -142,6 +150,9 @@ def __init__(__self__, *,
             pulumi.set(__self__, "same_site_cookie_attribute", same_site_cookie_attribute)
         if scim_config is not None:
             pulumi.set(__self__, "scim_config", scim_config)
+        if self_hosted_domains is not None:
+            warnings.warn("""Use `destinations` instead""", DeprecationWarning)
+            pulumi.log.warn("""self_hosted_domains is deprecated: Use `destinations` instead""")
         if self_hosted_domains is not None:
             pulumi.set(__self__, "self_hosted_domains", self_hosted_domains)
         if service_auth401_redirect is not None:
@@ -305,6 +316,18 @@ def custom_pages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
     def custom_pages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "custom_pages", value)
 
+    @property
+    @pulumi.getter
+    def destinations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ZeroTrustAccessApplicationDestinationArgs']]]]:
+        """
+        A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+        """
+        return pulumi.get(self, "destinations")
+
+    @destinations.setter
+    def destinations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ZeroTrustAccessApplicationDestinationArgs']]]]):
+        pulumi.set(self, "destinations", value)
+
     @property
     @pulumi.getter
     def domain(self) -> Optional[pulumi.Input[str]]:
@@ -317,6 +340,18 @@ def domain(self) -> Optional[pulumi.Input[str]]:
     def domain(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "domain", value)
 
+    @property
+    @pulumi.getter(name="domainType")
+    def domain_type(self) -> Optional[pulumi.Input[str]]:
+        """
+        The type of the primary domain. Available values: `public`, `private`.
+        """
+        return pulumi.get(self, "domain_type")
+
+    @domain_type.setter
+    def domain_type(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "domain_type", value)
+
     @property
     @pulumi.getter(name="enableBindingCookie")
     def enable_binding_cookie(self) -> Optional[pulumi.Input[bool]]:
@@ -463,9 +498,10 @@ def scim_config(self, value: Optional[pulumi.Input['ZeroTrustAccessApplicationSc
 
     @property
     @pulumi.getter(name="selfHostedDomains")
+    @_utilities.deprecated("""Use `destinations` instead""")
     def self_hosted_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+        List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
         """
         return pulumi.get(self, "self_hosted_domains")
 
@@ -586,7 +622,9 @@ def __init__(__self__, *,
                  custom_deny_url: Optional[pulumi.Input[str]] = None,
                  custom_non_identity_deny_url: Optional[pulumi.Input[str]] = None,
                  custom_pages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 destinations: Optional[pulumi.Input[Sequence[pulumi.Input['ZeroTrustAccessApplicationDestinationArgs']]]] = None,
                  domain: Optional[pulumi.Input[str]] = None,
+                 domain_type: Optional[pulumi.Input[str]] = None,
                  enable_binding_cookie: Optional[pulumi.Input[bool]] = None,
                  footer_links: Optional[pulumi.Input[Sequence[pulumi.Input['ZeroTrustAccessApplicationFooterLinkArgs']]]] = None,
                  header_bg_color: Optional[pulumi.Input[str]] = None,
@@ -623,7 +661,9 @@ def __init__(__self__, *,
         :param pulumi.Input[str] custom_deny_url: Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
         :param pulumi.Input[str] custom_non_identity_deny_url: Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] custom_pages: The custom pages selected for the application.
+        :param pulumi.Input[Sequence[pulumi.Input['ZeroTrustAccessApplicationDestinationArgs']]] destinations: A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
         :param pulumi.Input[str] domain: The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
+        :param pulumi.Input[str] domain_type: The type of the primary domain. Available values: `public`, `private`.
         :param pulumi.Input[bool] enable_binding_cookie: Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
         :param pulumi.Input[Sequence[pulumi.Input['ZeroTrustAccessApplicationFooterLinkArgs']]] footer_links: The footer links of the app launcher.
         :param pulumi.Input[str] header_bg_color: The background color of the header bar in the app launcher.
@@ -636,7 +676,7 @@ def __init__(__self__, *,
         :param pulumi.Input['ZeroTrustAccessApplicationSaasAppArgs'] saas_app: SaaS configuration for the Access Application.
         :param pulumi.Input[str] same_site_cookie_attribute: Defines the same-site cookie setting for access tokens. Available values: `none`, `lax`, `strict`.
         :param pulumi.Input['ZeroTrustAccessApplicationScimConfigArgs'] scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] self_hosted_domains: List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] self_hosted_domains: List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
         :param pulumi.Input[bool] service_auth401_redirect: Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`.
         :param pulumi.Input[str] session_duration: How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`. Defaults to `24h`.
         :param pulumi.Input[bool] skip_app_launcher_login_page: Option to skip the App Launcher landing page. Defaults to `false`.
@@ -672,8 +712,12 @@ def __init__(__self__, *,
             pulumi.set(__self__, "custom_non_identity_deny_url", custom_non_identity_deny_url)
         if custom_pages is not None:
             pulumi.set(__self__, "custom_pages", custom_pages)
+        if destinations is not None:
+            pulumi.set(__self__, "destinations", destinations)
         if domain is not None:
             pulumi.set(__self__, "domain", domain)
+        if domain_type is not None:
+            pulumi.set(__self__, "domain_type", domain_type)
         if enable_binding_cookie is not None:
             pulumi.set(__self__, "enable_binding_cookie", enable_binding_cookie)
         if footer_links is not None:
@@ -698,6 +742,9 @@ def __init__(__self__, *,
             pulumi.set(__self__, "same_site_cookie_attribute", same_site_cookie_attribute)
         if scim_config is not None:
             pulumi.set(__self__, "scim_config", scim_config)
+        if self_hosted_domains is not None:
+            warnings.warn("""Use `destinations` instead""", DeprecationWarning)
+            pulumi.log.warn("""self_hosted_domains is deprecated: Use `destinations` instead""")
         if self_hosted_domains is not None:
             pulumi.set(__self__, "self_hosted_domains", self_hosted_domains)
         if service_auth401_redirect is not None:
@@ -873,6 +920,18 @@ def custom_pages(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
     def custom_pages(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]):
         pulumi.set(self, "custom_pages", value)
 
+    @property
+    @pulumi.getter
+    def destinations(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['ZeroTrustAccessApplicationDestinationArgs']]]]:
+        """
+        A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+        """
+        return pulumi.get(self, "destinations")
+
+    @destinations.setter
+    def destinations(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['ZeroTrustAccessApplicationDestinationArgs']]]]):
+        pulumi.set(self, "destinations", value)
+
     @property
     @pulumi.getter
     def domain(self) -> Optional[pulumi.Input[str]]:
@@ -885,6 +944,18 @@ def domain(self) -> Optional[pulumi.Input[str]]:
     def domain(self, value: Optional[pulumi.Input[str]]):
         pulumi.set(self, "domain", value)
 
+    @property
+    @pulumi.getter(name="domainType")
+    def domain_type(self) -> Optional[pulumi.Input[str]]:
+        """
+        The type of the primary domain. Available values: `public`, `private`.
+        """
+        return pulumi.get(self, "domain_type")
+
+    @domain_type.setter
+    def domain_type(self, value: Optional[pulumi.Input[str]]):
+        pulumi.set(self, "domain_type", value)
+
     @property
     @pulumi.getter(name="enableBindingCookie")
     def enable_binding_cookie(self) -> Optional[pulumi.Input[bool]]:
@@ -1031,9 +1102,10 @@ def scim_config(self, value: Optional[pulumi.Input['ZeroTrustAccessApplicationSc
 
     @property
     @pulumi.getter(name="selfHostedDomains")
+    @_utilities.deprecated("""Use `destinations` instead""")
     def self_hosted_domains(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]:
         """
-        List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+        List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
         """
         return pulumi.get(self, "self_hosted_domains")
 
@@ -1155,7 +1227,9 @@ def __init__(__self__,
                  custom_deny_url: Optional[pulumi.Input[str]] = None,
                  custom_non_identity_deny_url: Optional[pulumi.Input[str]] = None,
                  custom_pages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 destinations: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ZeroTrustAccessApplicationDestinationArgs', 'ZeroTrustAccessApplicationDestinationArgsDict']]]]] = None,
                  domain: Optional[pulumi.Input[str]] = None,
+                 domain_type: Optional[pulumi.Input[str]] = None,
                  enable_binding_cookie: Optional[pulumi.Input[bool]] = None,
                  footer_links: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ZeroTrustAccessApplicationFooterLinkArgs', 'ZeroTrustAccessApplicationFooterLinkArgsDict']]]]] = None,
                  header_bg_color: Optional[pulumi.Input[str]] = None,
@@ -1209,7 +1283,9 @@ def __init__(__self__,
         :param pulumi.Input[str] custom_deny_url: Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
         :param pulumi.Input[str] custom_non_identity_deny_url: Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] custom_pages: The custom pages selected for the application.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['ZeroTrustAccessApplicationDestinationArgs', 'ZeroTrustAccessApplicationDestinationArgsDict']]]] destinations: A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
         :param pulumi.Input[str] domain: The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
+        :param pulumi.Input[str] domain_type: The type of the primary domain. Available values: `public`, `private`.
         :param pulumi.Input[bool] enable_binding_cookie: Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
         :param pulumi.Input[Sequence[pulumi.Input[Union['ZeroTrustAccessApplicationFooterLinkArgs', 'ZeroTrustAccessApplicationFooterLinkArgsDict']]]] footer_links: The footer links of the app launcher.
         :param pulumi.Input[str] header_bg_color: The background color of the header bar in the app launcher.
@@ -1222,7 +1298,7 @@ def __init__(__self__,
         :param pulumi.Input[Union['ZeroTrustAccessApplicationSaasAppArgs', 'ZeroTrustAccessApplicationSaasAppArgsDict']] saas_app: SaaS configuration for the Access Application.
         :param pulumi.Input[str] same_site_cookie_attribute: Defines the same-site cookie setting for access tokens. Available values: `none`, `lax`, `strict`.
         :param pulumi.Input[Union['ZeroTrustAccessApplicationScimConfigArgs', 'ZeroTrustAccessApplicationScimConfigArgsDict']] scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] self_hosted_domains: List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] self_hosted_domains: List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
         :param pulumi.Input[bool] service_auth401_redirect: Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`.
         :param pulumi.Input[str] session_duration: How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`. Defaults to `24h`.
         :param pulumi.Input[bool] skip_app_launcher_login_page: Option to skip the App Launcher landing page. Defaults to `false`.
@@ -1282,7 +1358,9 @@ def _internal_init(__self__,
                  custom_deny_url: Optional[pulumi.Input[str]] = None,
                  custom_non_identity_deny_url: Optional[pulumi.Input[str]] = None,
                  custom_pages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+                 destinations: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ZeroTrustAccessApplicationDestinationArgs', 'ZeroTrustAccessApplicationDestinationArgsDict']]]]] = None,
                  domain: Optional[pulumi.Input[str]] = None,
+                 domain_type: Optional[pulumi.Input[str]] = None,
                  enable_binding_cookie: Optional[pulumi.Input[bool]] = None,
                  footer_links: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ZeroTrustAccessApplicationFooterLinkArgs', 'ZeroTrustAccessApplicationFooterLinkArgsDict']]]]] = None,
                  header_bg_color: Optional[pulumi.Input[str]] = None,
@@ -1325,7 +1403,9 @@ def _internal_init(__self__,
             __props__.__dict__["custom_deny_url"] = custom_deny_url
             __props__.__dict__["custom_non_identity_deny_url"] = custom_non_identity_deny_url
             __props__.__dict__["custom_pages"] = custom_pages
+            __props__.__dict__["destinations"] = destinations
             __props__.__dict__["domain"] = domain
+            __props__.__dict__["domain_type"] = domain_type
             __props__.__dict__["enable_binding_cookie"] = enable_binding_cookie
             __props__.__dict__["footer_links"] = footer_links
             __props__.__dict__["header_bg_color"] = header_bg_color
@@ -1371,7 +1451,9 @@ def get(resource_name: str,
             custom_deny_url: Optional[pulumi.Input[str]] = None,
             custom_non_identity_deny_url: Optional[pulumi.Input[str]] = None,
             custom_pages: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
+            destinations: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ZeroTrustAccessApplicationDestinationArgs', 'ZeroTrustAccessApplicationDestinationArgsDict']]]]] = None,
             domain: Optional[pulumi.Input[str]] = None,
+            domain_type: Optional[pulumi.Input[str]] = None,
             enable_binding_cookie: Optional[pulumi.Input[bool]] = None,
             footer_links: Optional[pulumi.Input[Sequence[pulumi.Input[Union['ZeroTrustAccessApplicationFooterLinkArgs', 'ZeroTrustAccessApplicationFooterLinkArgsDict']]]]] = None,
             header_bg_color: Optional[pulumi.Input[str]] = None,
@@ -1413,7 +1495,9 @@ def get(resource_name: str,
         :param pulumi.Input[str] custom_deny_url: Option that redirects to a custom URL when a user is denied access to the application via identity based rules.
         :param pulumi.Input[str] custom_non_identity_deny_url: Option that redirects to a custom URL when a user is denied access to the application via non identity rules.
         :param pulumi.Input[Sequence[pulumi.Input[str]]] custom_pages: The custom pages selected for the application.
+        :param pulumi.Input[Sequence[pulumi.Input[Union['ZeroTrustAccessApplicationDestinationArgs', 'ZeroTrustAccessApplicationDestinationArgsDict']]]] destinations: A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
         :param pulumi.Input[str] domain: The primary hostname and path that Access will secure. If the app is visible in the App Launcher dashboard, this is the domain that will be displayed.
+        :param pulumi.Input[str] domain_type: The type of the primary domain. Available values: `public`, `private`.
         :param pulumi.Input[bool] enable_binding_cookie: Option to provide increased security against compromised authorization tokens and CSRF attacks by requiring an additional "binding" cookie on requests. Defaults to `false`.
         :param pulumi.Input[Sequence[pulumi.Input[Union['ZeroTrustAccessApplicationFooterLinkArgs', 'ZeroTrustAccessApplicationFooterLinkArgsDict']]]] footer_links: The footer links of the app launcher.
         :param pulumi.Input[str] header_bg_color: The background color of the header bar in the app launcher.
@@ -1426,7 +1510,7 @@ def get(resource_name: str,
         :param pulumi.Input[Union['ZeroTrustAccessApplicationSaasAppArgs', 'ZeroTrustAccessApplicationSaasAppArgsDict']] saas_app: SaaS configuration for the Access Application.
         :param pulumi.Input[str] same_site_cookie_attribute: Defines the same-site cookie setting for access tokens. Available values: `none`, `lax`, `strict`.
         :param pulumi.Input[Union['ZeroTrustAccessApplicationScimConfigArgs', 'ZeroTrustAccessApplicationScimConfigArgsDict']] scim_config: Configuration for provisioning to this application via SCIM. This is currently in closed beta.
-        :param pulumi.Input[Sequence[pulumi.Input[str]]] self_hosted_domains: List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+        :param pulumi.Input[Sequence[pulumi.Input[str]]] self_hosted_domains: List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
         :param pulumi.Input[bool] service_auth401_redirect: Option to return a 401 status code in service authentication rules on failed requests. Defaults to `false`.
         :param pulumi.Input[str] session_duration: How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`. Defaults to `24h`.
         :param pulumi.Input[bool] skip_app_launcher_login_page: Option to skip the App Launcher landing page. Defaults to `false`.
@@ -1453,7 +1537,9 @@ def get(resource_name: str,
         __props__.__dict__["custom_deny_url"] = custom_deny_url
         __props__.__dict__["custom_non_identity_deny_url"] = custom_non_identity_deny_url
         __props__.__dict__["custom_pages"] = custom_pages
+        __props__.__dict__["destinations"] = destinations
         __props__.__dict__["domain"] = domain
+        __props__.__dict__["domain_type"] = domain_type
         __props__.__dict__["enable_binding_cookie"] = enable_binding_cookie
         __props__.__dict__["footer_links"] = footer_links
         __props__.__dict__["header_bg_color"] = header_bg_color
@@ -1581,6 +1667,14 @@ def custom_pages(self) -> pulumi.Output[Optional[Sequence[str]]]:
         """
         return pulumi.get(self, "custom_pages")
 
+    @property
+    @pulumi.getter
+    def destinations(self) -> pulumi.Output[Optional[Sequence['outputs.ZeroTrustAccessApplicationDestination']]]:
+        """
+        A destination secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Supersedes `self_hosted_domains` to allow for more flexibility in defining different types of destinations. Conflicts with `self_hosted_domains`.
+        """
+        return pulumi.get(self, "destinations")
+
     @property
     @pulumi.getter
     def domain(self) -> pulumi.Output[str]:
@@ -1589,6 +1683,14 @@ def domain(self) -> pulumi.Output[str]:
         """
         return pulumi.get(self, "domain")
 
+    @property
+    @pulumi.getter(name="domainType")
+    def domain_type(self) -> pulumi.Output[str]:
+        """
+        The type of the primary domain. Available values: `public`, `private`.
+        """
+        return pulumi.get(self, "domain_type")
+
     @property
     @pulumi.getter(name="enableBindingCookie")
     def enable_binding_cookie(self) -> pulumi.Output[Optional[bool]]:
@@ -1687,9 +1789,10 @@ def scim_config(self) -> pulumi.Output[Optional['outputs.ZeroTrustAccessApplicat
 
     @property
     @pulumi.getter(name="selfHostedDomains")
+    @_utilities.deprecated("""Use `destinations` instead""")
     def self_hosted_domains(self) -> pulumi.Output[Optional[Sequence[str]]]:
         """
-        List of domains that access will secure. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`.
+        List of public domains secured by Access. Only present for self_hosted, vnc, and ssh applications. Always includes the value set as `domain`. Deprecated in favor of `destinations` and will be removed in the next major version. Conflicts with `destinations`.
         """
         return pulumi.get(self, "self_hosted_domains")
 
diff --git a/upstream b/upstream
index e9e6d6aa..2e721b56 160000
--- a/upstream
+++ b/upstream
@@ -1 +1 @@
-Subproject commit e9e6d6aa4374a1dbded5ce0efda3825576f6f0b4
+Subproject commit 2e721b565f0dfac52378e4cba25fad69b328125c