chore(api): update composite API spec

2026-01-11 19:56:37 +00:00 · 2025-12-16 12:00:00 +00:00 · 2025-12-16 12:00:00 +00:00 · 5741fd0ed9
commit 5741fd0ed9
parent 44577911b3
13 changed files with 75 additions and 10 deletions
--- a/.stats.yml
+++ b/.stats.yml
@ -1,4 +1,4 @@
 configured_endpoints: 1923
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-e9f56c1e9b8b79a05854f5e9f43976df3c02a5672fe93b2c2e86a518e94cee1a.yml
-openapi_spec_hash: 1e7811bf5d8d9d0a40fe8fe36e66966b
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-d3b3813ba8fb0b5303cfad8fcbd363941c494711e4cce61069553692b664774f.yml
+openapi_spec_hash: 4f467a53fd61500db4f7561dcfaaa088
 config_hash: 3e9cdaaf8fbff19639d218f89b85a116
--- a/examples/resources/cloudflare_zero_trust_gateway_policy/resource.tf
+++ b/examples/resources/cloudflare_zero_trust_gateway_policy/resource.tf
@ -65,6 +65,9 @@ resource "cloudflare_zero_trust_gateway_policy" "example_zero_trust_gateway_poli
      ipv4_fallback = "192.0.2.3"
      ipv6 = "2001:DB8::/64"
    }
+    forensic_copy = {
+      enabled = true
+    }
    ignore_cname_category_matches = true
    insecure_disable_dnssec_validation = false
    ip_categories = true
--- a/go.mod
+++ b/go.mod
@ -10,7 +10,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.34
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.63.0
 	github.com/cloudflare/cloudflare-go v0.115.0
-	github.com/cloudflare/cloudflare-go/v6 v6.4.1-0.20251212175112-9d95c4baab20
+	github.com/cloudflare/cloudflare-go/v6 v6.4.1-0.20251216115809-2020995fcd4a
 	github.com/davecgh/go-spew v1.1.1
 	github.com/hashicorp/go-uuid v1.0.3
 	github.com/hashicorp/terraform-plugin-docs v0.21.0
--- a/go.sum
+++ b/go.sum
@ -67,8 +67,8 @@ github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ
 github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
 github.com/cloudflare/cloudflare-go v0.115.0 h1:84/dxeeXweCc0PN5Cto44iTA8AkG1fyT11yPO5ZB7sM=
 github.com/cloudflare/cloudflare-go v0.115.0/go.mod h1:Ds6urDwn/TF2uIU24mu7H91xkKP8gSAHxQ44DSZgVmU=
-github.com/cloudflare/cloudflare-go/v6 v6.4.1-0.20251212175112-9d95c4baab20 h1:BnrVMipBfEM6GJ982o/IMw7nm79lQi2qPBqu94T+b/Y=
-github.com/cloudflare/cloudflare-go/v6 v6.4.1-0.20251212175112-9d95c4baab20/go.mod h1:Lj3MUqjvKctXRpdRhLQxZYRrNZHuRs0XYuH8JtQGyoI=
+github.com/cloudflare/cloudflare-go/v6 v6.4.1-0.20251216115809-2020995fcd4a h1:q3m7CCBvA8QECbKWrHI4F6ZKMMyYeEW70AeH7VJKMnA=
+github.com/cloudflare/cloudflare-go/v6 v6.4.1-0.20251216115809-2020995fcd4a/go.mod h1:Lj3MUqjvKctXRpdRhLQxZYRrNZHuRs0XYuH8JtQGyoI=
 github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s=
 github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
--- a/internal/services/zero_trust_gateway_policy/data_source_model.go
+++ b/internal/services/zero_trust_gateway_policy/data_source_model.go
@ -69,6 +69,7 @@ type ZeroTrustGatewayPolicyRuleSettingsDataSourceModel struct {
 	CheckSession                    customfield.NestedObject[ZeroTrustGatewayPolicyRuleSettingsCheckSessionDataSourceModel]         `tfsdk:"check_session" json:"check_session,computed"`
 	DNSResolvers                    customfield.NestedObject[ZeroTrustGatewayPolicyRuleSettingsDNSResolversDataSourceModel]         `tfsdk:"dns_resolvers" json:"dns_resolvers,computed"`
 	Egress                          customfield.NestedObject[ZeroTrustGatewayPolicyRuleSettingsEgressDataSourceModel]               `tfsdk:"egress" json:"egress,computed"`
+	ForensicCopy                    customfield.NestedObject[ZeroTrustGatewayPolicyRuleSettingsForensicCopyDataSourceModel]         `tfsdk:"forensic_copy" json:"forensic_copy,computed"`
 	IgnoreCNAMECategoryMatches      types.Bool                                                                                      `tfsdk:"ignore_cname_category_matches" json:"ignore_cname_category_matches,computed"`
 	InsecureDisableDNSSECValidation types.Bool                                                                                      `tfsdk:"insecure_disable_dnssec_validation" json:"insecure_disable_dnssec_validation,computed"`
 	IPCategories                    types.Bool                                                                                      `tfsdk:"ip_categories" json:"ip_categories,computed"`
@ -139,6 +140,10 @@ type ZeroTrustGatewayPolicyRuleSettingsEgressDataSourceModel struct {
 	IPV6         types.String `tfsdk:"ipv6" json:"ipv6,computed"`
 }

+type ZeroTrustGatewayPolicyRuleSettingsForensicCopyDataSourceModel struct {
+	Enabled types.Bool `tfsdk:"enabled" json:"enabled,computed"`
+}
+
 type ZeroTrustGatewayPolicyRuleSettingsL4overrideDataSourceModel struct {
 	IP   types.String `tfsdk:"ip" json:"ip,computed"`
 	Port types.Int64  `tfsdk:"port" json:"port,computed"`
--- a/internal/services/zero_trust_gateway_policy/data_source_schema.go
+++ b/internal/services/zero_trust_gateway_policy/data_source_schema.go
@ -389,6 +389,17 @@ func DataSourceSchema(ctx context.Context) schema.Schema {
 							},
 						},
 					},
+					"forensic_copy": schema.SingleNestedAttribute{
+						Description: "Configure whether a copy of the HTTP request will be sent to storage when the rule matches.",
+						Computed:    true,
+						CustomType:  customfield.NewNestedObjectType[ZeroTrustGatewayPolicyRuleSettingsForensicCopyDataSourceModel](ctx),
+						Attributes: map[string]schema.Attribute{
+							"enabled": schema.BoolAttribute{
+								Description: "Enable sending the copy to storage.",
+								Computed:    true,
+							},
+						},
+					},
 					"ignore_cname_category_matches": schema.BoolAttribute{
 						Description: "Ignore category matches at CNAME domains in a response. When off, evaluate categories in this rule against all CNAME domain categories in the response. Settable only for `dns` and `dns_resolver` rules.",
 						Computed:    true,
--- a/internal/services/zero_trust_gateway_policy/list_data_source_model.go
+++ b/internal/services/zero_trust_gateway_policy/list_data_source_model.go
@ -73,6 +73,7 @@ type ZeroTrustGatewayPoliciesRuleSettingsDataSourceModel struct {
 	CheckSession                    customfield.NestedObject[ZeroTrustGatewayPoliciesRuleSettingsCheckSessionDataSourceModel]         `tfsdk:"check_session" json:"check_session,computed"`
 	DNSResolvers                    customfield.NestedObject[ZeroTrustGatewayPoliciesRuleSettingsDNSResolversDataSourceModel]         `tfsdk:"dns_resolvers" json:"dns_resolvers,computed"`
 	Egress                          customfield.NestedObject[ZeroTrustGatewayPoliciesRuleSettingsEgressDataSourceModel]               `tfsdk:"egress" json:"egress,computed"`
+	ForensicCopy                    customfield.NestedObject[ZeroTrustGatewayPoliciesRuleSettingsForensicCopyDataSourceModel]         `tfsdk:"forensic_copy" json:"forensic_copy,computed"`
 	IgnoreCNAMECategoryMatches      types.Bool                                                                                        `tfsdk:"ignore_cname_category_matches" json:"ignore_cname_category_matches,computed"`
 	InsecureDisableDNSSECValidation types.Bool                                                                                        `tfsdk:"insecure_disable_dnssec_validation" json:"insecure_disable_dnssec_validation,computed"`
 	IPCategories                    types.Bool                                                                                        `tfsdk:"ip_categories" json:"ip_categories,computed"`
@ -143,6 +144,10 @@ type ZeroTrustGatewayPoliciesRuleSettingsEgressDataSourceModel struct {
 	IPV6         types.String `tfsdk:"ipv6" json:"ipv6,computed"`
 }

+type ZeroTrustGatewayPoliciesRuleSettingsForensicCopyDataSourceModel struct {
+	Enabled types.Bool `tfsdk:"enabled" json:"enabled,computed"`
+}
+
 type ZeroTrustGatewayPoliciesRuleSettingsL4overrideDataSourceModel struct {
 	IP   types.String `tfsdk:"ip" json:"ip,computed"`
 	Port types.Int64  `tfsdk:"port" json:"port,computed"`
--- a/internal/services/zero_trust_gateway_policy/list_data_source_schema.go
+++ b/internal/services/zero_trust_gateway_policy/list_data_source_schema.go
@ -378,6 +378,17 @@ func ListDataSourceSchema(ctx context.Context) schema.Schema {
 										},
 									},
 								},
+								"forensic_copy": schema.SingleNestedAttribute{
+									Description: "Configure whether a copy of the HTTP request will be sent to storage when the rule matches.",
+									Computed:    true,
+									CustomType:  customfield.NewNestedObjectType[ZeroTrustGatewayPoliciesRuleSettingsForensicCopyDataSourceModel](ctx),
+									Attributes: map[string]schema.Attribute{
+										"enabled": schema.BoolAttribute{
+											Description: "Enable sending the copy to storage.",
+											Computed:    true,
+										},
+									},
+								},
 								"ignore_cname_category_matches": schema.BoolAttribute{
 									Description: "Ignore category matches at CNAME domains in a response. When off, evaluate categories in this rule against all CNAME domain categories in the response. Settable only for `dns` and `dns_resolver` rules.",
 									Computed:    true,
--- a/internal/services/zero_trust_gateway_policy/model.go
+++ b/internal/services/zero_trust_gateway_policy/model.go
@ -64,6 +64,7 @@ type ZeroTrustGatewayPolicyRuleSettingsModel struct {
 	CheckSession                    *ZeroTrustGatewayPolicyRuleSettingsCheckSessionModel         `tfsdk:"check_session" json:"check_session,optional"`
 	DNSResolvers                    *ZeroTrustGatewayPolicyRuleSettingsDNSResolversModel         `tfsdk:"dns_resolvers" json:"dns_resolvers,optional"`
 	Egress                          *ZeroTrustGatewayPolicyRuleSettingsEgressModel               `tfsdk:"egress" json:"egress,optional"`
+	ForensicCopy                    *ZeroTrustGatewayPolicyRuleSettingsForensicCopyModel         `tfsdk:"forensic_copy" json:"forensic_copy,optional"`
 	IgnoreCNAMECategoryMatches      types.Bool                                                   `tfsdk:"ignore_cname_category_matches" json:"ignore_cname_category_matches,computed_optional"`
 	InsecureDisableDNSSECValidation types.Bool                                                   `tfsdk:"insecure_disable_dnssec_validation" json:"insecure_disable_dnssec_validation,computed_optional"`
 	IPCategories                    types.Bool                                                   `tfsdk:"ip_categories" json:"ip_categories,computed_optional"`
@ -134,6 +135,10 @@ type ZeroTrustGatewayPolicyRuleSettingsEgressModel struct {
 	IPV6         types.String `tfsdk:"ipv6" json:"ipv6,optional"`
 }

+type ZeroTrustGatewayPolicyRuleSettingsForensicCopyModel struct {
+	Enabled types.Bool `tfsdk:"enabled" json:"enabled,optional"`
+}
+
 type ZeroTrustGatewayPolicyRuleSettingsL4overrideModel struct {
 	IP   types.String `tfsdk:"ip" json:"ip,optional"`
 	Port types.Int64  `tfsdk:"port" json:"port,optional"`
--- a/internal/services/zero_trust_gateway_policy/schema.go
+++ b/internal/services/zero_trust_gateway_policy/schema.go
@ -364,6 +364,16 @@ func ResourceSchema(ctx context.Context) schema.Schema {
 							},
 						},
 					},
+					"forensic_copy": schema.SingleNestedAttribute{
+						Description: "Configure whether a copy of the HTTP request will be sent to storage when the rule matches.",
+						Optional:    true,
+						Attributes: map[string]schema.Attribute{
+							"enabled": schema.BoolAttribute{
+								Description: "Enable sending the copy to storage.",
+								Optional:    true,
+							},
+						},
+					},
 					"ignore_cname_category_matches": schema.BoolAttribute{
 						Description: "Ignore category matches at CNAME domains in a response. When off, evaluate categories in this rule against all CNAME domain categories in the response. Settable only for `dns` and `dns_resolver` rules.",
 						Optional:    true,
--- a/internal/services/zero_trust_list/data_source_schema.go
+++ b/internal/services/zero_trust_list/data_source_schema.go
@ -48,7 +48,7 @@ func DataSourceSchema(ctx context.Context) schema.Schema {
 				Computed:    true,
 			},
 			"type": schema.StringAttribute{
-				Description: "Specify the list type.\nAvailable values: \"SERIAL\", \"URL\", \"DOMAIN\", \"EMAIL\", \"IP\".",
+				Description: "Specify the list type.\nAvailable values: \"SERIAL\", \"URL\", \"DOMAIN\", \"EMAIL\", \"IP\", \"CATEGORY\", \"LOCATION\", \"DEVICE\".",
 				Computed:    true,
 				Validators: []validator.String{
 					stringvalidator.OneOfCaseInsensitive(
@ -57,6 +57,9 @@ func DataSourceSchema(ctx context.Context) schema.Schema {
 						"DOMAIN",
 						"EMAIL",
 						"IP",
+						"CATEGORY",
+						"LOCATION",
+						"DEVICE",
 					),
 				},
 			},
@ -89,7 +92,7 @@ func DataSourceSchema(ctx context.Context) schema.Schema {
 				Optional: true,
 				Attributes: map[string]schema.Attribute{
 					"type": schema.StringAttribute{
-						Description: "Specify the list type.\nAvailable values: \"SERIAL\", \"URL\", \"DOMAIN\", \"EMAIL\", \"IP\".",
+						Description: "Specify the list type.\nAvailable values: \"SERIAL\", \"URL\", \"DOMAIN\", \"EMAIL\", \"IP\", \"CATEGORY\", \"LOCATION\", \"DEVICE\".",
 						Optional:    true,
 						Validators: []validator.String{
 							stringvalidator.OneOfCaseInsensitive(
@ -98,6 +101,9 @@ func DataSourceSchema(ctx context.Context) schema.Schema {
 								"DOMAIN",
 								"EMAIL",
 								"IP",
+								"CATEGORY",
+								"LOCATION",
+								"DEVICE",
 							),
 						},
 					},
--- a/internal/services/zero_trust_list/list_data_source_schema.go
+++ b/internal/services/zero_trust_list/list_data_source_schema.go
@ -23,7 +23,7 @@ func ListDataSourceSchema(ctx context.Context) schema.Schema {
 				Required: true,
 			},
 			"type": schema.StringAttribute{
-				Description: "Specify the list type.\nAvailable values: \"SERIAL\", \"URL\", \"DOMAIN\", \"EMAIL\", \"IP\".",
+				Description: "Specify the list type.\nAvailable values: \"SERIAL\", \"URL\", \"DOMAIN\", \"EMAIL\", \"IP\", \"CATEGORY\", \"LOCATION\", \"DEVICE\".",
 				Optional:    true,
 				Validators: []validator.String{
 					stringvalidator.OneOfCaseInsensitive(
@ -32,6 +32,9 @@ func ListDataSourceSchema(ctx context.Context) schema.Schema {
 						"DOMAIN",
 						"EMAIL",
 						"IP",
+						"CATEGORY",
+						"LOCATION",
+						"DEVICE",
 					),
 				},
 			},
@ -90,7 +93,7 @@ func ListDataSourceSchema(ctx context.Context) schema.Schema {
 							Computed:    true,
 						},
 						"type": schema.StringAttribute{
-							Description: "Specify the list type.\nAvailable values: \"SERIAL\", \"URL\", \"DOMAIN\", \"EMAIL\", \"IP\".",
+							Description: "Specify the list type.\nAvailable values: \"SERIAL\", \"URL\", \"DOMAIN\", \"EMAIL\", \"IP\", \"CATEGORY\", \"LOCATION\", \"DEVICE\".",
 							Computed:    true,
 							Validators: []validator.String{
 								stringvalidator.OneOfCaseInsensitive(
@ -99,6 +102,9 @@ func ListDataSourceSchema(ctx context.Context) schema.Schema {
 									"DOMAIN",
 									"EMAIL",
 									"IP",
+									"CATEGORY",
+									"LOCATION",
+									"DEVICE",
 								),
 							},
 						},
--- a/internal/services/zero_trust_list/schema.go
+++ b/internal/services/zero_trust_list/schema.go
@ -29,7 +29,7 @@ func ResourceSchema(ctx context.Context) schema.Schema {
 				PlanModifiers: []planmodifier.String{stringplanmodifier.RequiresReplace()},
 			},
 			"type": schema.StringAttribute{
-				Description: "Specify the list type.\nAvailable values: \"SERIAL\", \"URL\", \"DOMAIN\", \"EMAIL\", \"IP\".",
+				Description: "Specify the list type.\nAvailable values: \"SERIAL\", \"URL\", \"DOMAIN\", \"EMAIL\", \"IP\", \"CATEGORY\", \"LOCATION\", \"DEVICE\".",
 				Required:    true,
 				Validators: []validator.String{
 					stringvalidator.OneOfCaseInsensitive(
@ -38,6 +38,9 @@ func ResourceSchema(ctx context.Context) schema.Schema {
 						"DOMAIN",
 						"EMAIL",
 						"IP",
+						"CATEGORY",
+						"LOCATION",
+						"DEVICE",
 					),
 				},
 				PlanModifiers: []planmodifier.String{stringplanmodifier.RequiresReplace()},