Merge branch 'master' into create-or-update-fix

.changelog/1832.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+ruleset: add support for action parameters `fonts` and `disable_rum`
+```

.changelog/1921.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_application: add support for `scim_config`
+```

.changelog/1956.txt

@@ -0,0 +1,7 @@
+```release-note:enhancement
+access_policy: add support for reusable policies
+```
+
+```release-note:enhancement
+access_application: add support for `policies` array
+```

.changelog/1959.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+access_application: fix scim configuration authentication json marshalling
+```

.changelog/1974.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.24.0 to 0.25.0
+```

.changelog/1975.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golangci/golangci-lint-action from 5 to 6
+```

.changelog/1981.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+Add Refresh Token, Custom Claims, and PKCE Without Client Secret support to Access OIDC SaaS Applications
+```

.changelog/1991.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps bflad/action-milestone-comment from 1 to 2
+```

.changelog/1992.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps goreleaser/goreleaser-action from 5.0.0 to 5.1.0
+```

.changelog/1993.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.6
+```

.github/workflows/lint.yml

@@ -17,7 +17,7 @@ jobs:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go${{ matrix.go-version }}-${{ hashFiles('**/go.mod') }}-${{ hashFiles('**/go.sum') }}
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v5
+        uses: golangci/golangci-lint-action@v6
         with:
           version: latest
           args: "--config .golintci.yaml"

.github/workflows/milestone-closed.yml

@@ -15,7 +15,7 @@ jobs:
       ids: ${{ steps.milestone-comment.outputs.ids }}
     steps:
       - id: milestone-comment
-        uses: bflad/action-milestone-comment@v1
+        uses: bflad/action-milestone-comment@v2
         with:
           body: |
             This functionality has been released in [${{ github.event.milestone.title }}](https://github.com/${{ github.repository }}/releases/tag/${{ github.event.milestone.title }}).

.github/workflows/release.yml

@@ -17,7 +17,7 @@ jobs:
         with:
           go-version-file: 'go.mod'
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v5.0.0
+        uses: goreleaser/goreleaser-action@v5.1.0
         with:
           version: latest
           args: release --rm-dist

CHANGELOG.md

@@ -1,4 +1,25 @@
-## 0.95.0 (Unreleased)
+## 0.96.0 (Unreleased)
+
+## 0.95.0 (May 8th, 2024)
+
+ENHANCEMENTS:
+
+* access_application: add support for `policies` array ([#1956](https://github.com/cloudflare/cloudflare-go/issues/1956))
+* access_application: add support for `scim_config` ([#1921](https://github.com/cloudflare/cloudflare-go/issues/1921))
+* access_policy: add support for reusable policies ([#1956](https://github.com/cloudflare/cloudflare-go/issues/1956))
+* dlp: add support for zt risk behavior configuration ([#1887](https://github.com/cloudflare/cloudflare-go/issues/1887))
+
+BUG FIXES:
+
+* access_application: fix scim configuration authentication json marshalling ([#1959](https://github.com/cloudflare/cloudflare-go/issues/1959))
+
+DEPENDENCIES:
+
+* deps: bumps dependabot/fetch-metadata from 2.0.0 to 2.1.0 ([#1839](https://github.com/cloudflare/cloudflare-go/issues/1839))
+* deps: bumps github.com/urfave/cli/v2 from 2.27.1 to 2.27.2 ([#1861](https://github.com/cloudflare/cloudflare-go/issues/1861))
+* deps: bumps golang.org/x/net from 0.24.0 to 0.25.0 ([#1974](https://github.com/cloudflare/cloudflare-go/issues/1974))
+* deps: bumps golangci/golangci-lint-action from 4 to 5 ([#1845](https://github.com/cloudflare/cloudflare-go/issues/1845))
+* deps: bumps golangci/golangci-lint-action from 5 to 6 ([#1975](https://github.com/cloudflare/cloudflare-go/issues/1975))
 
 ## 0.94.0 (April 24th, 2024)
 

access_application.go

@@ -2,6 +2,7 @@ package cloudflare
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"net/http"
 	"time"
@@ -56,6 +57,8 @@ type AccessApplication struct {
 	OptionsPreflightBypass   *bool                          `json:"options_preflight_bypass,omitempty"`
 	CustomPages              []string                       `json:"custom_pages,omitempty"`
 	Tags                     []string                       `json:"tags,omitempty"`
+	SCIMConfig               *AccessApplicationSCIMConfig   `json:"scim_config,omitempty"`
+	Policies                 []AccessPolicy                 `json:"policies,omitempty"`
 	AccessAppLauncherCustomization
 }
 
@@ -76,6 +79,96 @@ type AccessApplicationCorsHeaders struct {
 	MaxAge           int      `json:"max_age,omitempty"`
 }
 
+// AccessApplicationSCIMConfig represents the configuration for provisioning to an Access Application via SCIM.
+type AccessApplicationSCIMConfig struct {
+	Enabled            *bool                                    `json:"enabled,omitempty"`
+	RemoteURI          string                                   `json:"remote_uri,omitempty"`
+	Authentication     *AccessApplicationScimAuthenticationJson `json:"authentication,omitempty"`
+	IdPUID             string                                   `json:"idp_uid,omitempty"`
+	DeactivateOnDelete *bool                                    `json:"deactivate_on_delete,omitempty"`
+	Mappings           []*AccessApplicationScimMapping          `json:"mappings,omitempty"`
+}
+
+type AccessApplicationScimAuthenticationScheme string
+
+const (
+	AccessApplicationScimAuthenticationSchemeHttpBasic        AccessApplicationScimAuthenticationScheme = "httpbasic"
+	AccessApplicationScimAuthenticationSchemeOauthBearerToken AccessApplicationScimAuthenticationScheme = "oauthbearertoken"
+	AccessApplicationScimAuthenticationSchemeOauth2           AccessApplicationScimAuthenticationScheme = "oauth2"
+)
+
+type AccessApplicationScimAuthenticationJson struct {
+	Value AccessApplicationScimAuthentication
+}
+
+func (a *AccessApplicationScimAuthenticationJson) UnmarshalJSON(buf []byte) error {
+	var scheme baseScimAuthentication
+	if err := json.Unmarshal(buf, &scheme); err != nil {
+		return err
+	}
+
+	switch scheme.Scheme {
+	case AccessApplicationScimAuthenticationSchemeHttpBasic:
+		a.Value = new(AccessApplicationScimAuthenticationHttpBasic)
+	case AccessApplicationScimAuthenticationSchemeOauthBearerToken:
+		a.Value = new(AccessApplicationScimAuthenticationOauthBearerToken)
+	case AccessApplicationScimAuthenticationSchemeOauth2:
+		a.Value = new(AccessApplicationScimAuthenticationOauth2)
+	default:
+		return errors.New("invalid authentication scheme")
+	}
+
+	return json.Unmarshal(buf, a.Value)
+}
+
+func (a *AccessApplicationScimAuthenticationJson) MarshalJSON() ([]byte, error) {
+	return json.Marshal(a.Value)
+}
+
+type AccessApplicationScimAuthentication interface {
+	isScimAuthentication()
+}
+
+type baseScimAuthentication struct {
+	Scheme AccessApplicationScimAuthenticationScheme `json:"scheme"`
+}
+
+func (baseScimAuthentication) isScimAuthentication() {}
+
+type AccessApplicationScimAuthenticationHttpBasic struct {
+	baseScimAuthentication
+	User     string `json:"user"`
+	Password string `json:"password"`
+}
+
+type AccessApplicationScimAuthenticationOauthBearerToken struct {
+	baseScimAuthentication
+	Token string `json:"token"`
+}
+
+type AccessApplicationScimAuthenticationOauth2 struct {
+	baseScimAuthentication
+	ClientID         string   `json:"client_id"`
+	ClientSecret     string   `json:"client_secret"`
+	AuthorizationURL string   `json:"authorization_url"`
+	TokenURL         string   `json:"token_url"`
+	Scopes           []string `json:"scopes,omitempty"`
+}
+
+type AccessApplicationScimMapping struct {
+	Schema           string                                  `json:"schema"`
+	Enabled          *bool                                   `json:"enabled,omitempty"`
+	Filter           string                                  `json:"filter,omitempty"`
+	TransformJsonata string                                  `json:"transform_jsonata,omitempty"`
+	Operations       *AccessApplicationScimMappingOperations `json:"operations,omitempty"`
+}
+
+type AccessApplicationScimMappingOperations struct {
+	Create *bool `json:"create,omitempty"`
+	Update *bool `json:"update,omitempty"`
+	Delete *bool `json:"delete,omitempty"`
+}
+
 // AccessApplicationListResponse represents the response from the list
 // access applications endpoint.
 type AccessApplicationListResponse struct {
@@ -106,6 +199,17 @@ type SAMLAttributeConfig struct {
 	Source       SourceConfig `json:"source"`
 }
 
+type OIDCClaimConfig struct {
+	Name     string       `json:"name,omitempty"`
+	Source   SourceConfig `json:"source"`
+	Required *bool        `json:"required,omitempty"`
+	Scope    string       `json:"scope,omitempty"`
+}
+
+type RefreshTokenOptions struct {
+	Lifetime string `json:"lifetime,omitempty"`
+}
+
 type SaasApplication struct {
 	// Items common to both SAML and OIDC
 	AppID     string     `json:"app_id,omitempty"`
@@ -126,13 +230,16 @@ type SaasApplication struct {
 	SamlAttributeTransformJsonata string                `json:"saml_attribute_transform_jsonata"`
 
 	// OIDC saas app
-	ClientID         string   `json:"client_id,omitempty"`
-	ClientSecret     string   `json:"client_secret,omitempty"`
-	RedirectURIs     []string `json:"redirect_uris,omitempty"`
-	GrantTypes       []string `json:"grant_types,omitempty"`
-	Scopes           []string `json:"scopes,omitempty"`
-	AppLauncherURL   string   `json:"app_launcher_url,omitempty"`
-	GroupFilterRegex string   `json:"group_filter_regex,omitempty"`
+	ClientID                     string               `json:"client_id,omitempty"`
+	ClientSecret                 string               `json:"client_secret,omitempty"`
+	RedirectURIs                 []string             `json:"redirect_uris,omitempty"`
+	GrantTypes                   []string             `json:"grant_types,omitempty"`
+	Scopes                       []string             `json:"scopes,omitempty"`
+	AppLauncherURL               string               `json:"app_launcher_url,omitempty"`
+	GroupFilterRegex             string               `json:"group_filter_regex,omitempty"`
+	CustomClaims                 []OIDCClaimConfig    `json:"custom_claims,omitempty"`
+	AllowPKCEWithoutClientSecret *bool                `json:"allow_pkce_without_client_secret,omitempty"`
+	RefreshTokenOptions          *RefreshTokenOptions `json:"refresh_token_options,omitempty"`
 }
 
 type AccessAppLauncherCustomization struct {
@@ -155,6 +262,7 @@ type AccessLandingPageDesign struct {
 	ButtonColor     string `json:"button_color"`
 	ButtonTextColor string `json:"button_text_color"`
 }
+
 type ListAccessApplicationsParams struct {
 	ResultInfo
 }
@@ -187,6 +295,9 @@ type CreateAccessApplicationParams struct {
 	AllowAuthenticateViaWarp *bool                          `json:"allow_authenticate_via_warp,omitempty"`
 	CustomPages              []string                       `json:"custom_pages,omitempty"`
 	Tags                     []string                       `json:"tags,omitempty"`
+	SCIMConfig               *AccessApplicationSCIMConfig   `json:"scim_config,omitempty"`
+	// List of policy ids to link to this application in ascending order of precedence.
+	Policies []string `json:"policies,omitempty"`
 	AccessAppLauncherCustomization
 }
 
@@ -219,6 +330,11 @@ type UpdateAccessApplicationParams struct {
 	OptionsPreflightBypass   *bool                          `json:"options_preflight_bypass,omitempty"`
 	CustomPages              []string                       `json:"custom_pages,omitempty"`
 	Tags                     []string                       `json:"tags,omitempty"`
+	SCIMConfig               *AccessApplicationSCIMConfig   `json:"scim_config,omitempty"`
+	// List of policy ids to link to this application in ascending order of precedence.
+	// Can reference reusable policies and policies specific to this application.
+	// If this field is not provided, the existing policies will not be modified.
+	Policies *[]string `json:"policies,omitempty"`
 	AccessAppLauncherCustomization
 }