feat(api): api update (#2245)

Author: stainless-app[bot]

.stats.yml

@@ -1,2 +1,2 @@
 configured_endpoints: 1448
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-5d9269029aa80ea06158ff1156ec30914cbeca10b8893ba9ef2df46511e10aae.yml
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-0530d6510c5b139af850d24a4f932d5139c8d321a955ffa101b0debafbd75465.yml

api.md

@@ -5131,7 +5131,7 @@ Methods:
 
 - <code title="post /{account_or_zone}/{account_or_zone_id}/access/identity_providers">client.zero_trust.identity_providers.<a href="./src/cloudflare/resources/zero_trust/identity_providers.py">create</a>(\*, account_id, zone_id, \*\*<a href="src/cloudflare/types/zero_trust/identity_provider_create_params.py">params</a>) -> <a href="./src/cloudflare/types/zero_trust/identity_provider.py">Optional[IdentityProvider]</a></code>
 - <code title="put /{account_or_zone}/{account_or_zone_id}/access/identity_providers/{identity_provider_id}">client.zero_trust.identity_providers.<a href="./src/cloudflare/resources/zero_trust/identity_providers.py">update</a>(identity_provider_id, \*, account_id, zone_id, \*\*<a href="src/cloudflare/types/zero_trust/identity_provider_update_params.py">params</a>) -> <a href="./src/cloudflare/types/zero_trust/identity_provider.py">Optional[IdentityProvider]</a></code>
-- <code title="get /{account_or_zone}/{account_or_zone_id}/access/identity_providers">client.zero_trust.identity_providers.<a href="./src/cloudflare/resources/zero_trust/identity_providers.py">list</a>(\*, account_id, zone_id) -> <a href="./src/cloudflare/types/zero_trust/identity_provider_list_response.py">SyncSinglePage[IdentityProviderListResponse]</a></code>
+- <code title="get /{account_or_zone}/{account_or_zone_id}/access/identity_providers">client.zero_trust.identity_providers.<a href="./src/cloudflare/resources/zero_trust/identity_providers.py">list</a>(\*, account_id, zone_id, \*\*<a href="src/cloudflare/types/zero_trust/identity_provider_list_params.py">params</a>) -> <a href="./src/cloudflare/types/zero_trust/identity_provider_list_response.py">SyncSinglePage[IdentityProviderListResponse]</a></code>
 - <code title="delete /{account_or_zone}/{account_or_zone_id}/access/identity_providers/{identity_provider_id}">client.zero_trust.identity_providers.<a href="./src/cloudflare/resources/zero_trust/identity_providers.py">delete</a>(identity_provider_id, \*, account_id, zone_id) -> <a href="./src/cloudflare/types/zero_trust/identity_provider_delete_response.py">Optional[IdentityProviderDeleteResponse]</a></code>
 - <code title="get /{account_or_zone}/{account_or_zone_id}/access/identity_providers/{identity_provider_id}">client.zero_trust.identity_providers.<a href="./src/cloudflare/resources/zero_trust/identity_providers.py">get</a>(identity_provider_id, \*, account_id, zone_id) -> <a href="./src/cloudflare/types/zero_trust/identity_provider.py">Optional[IdentityProvider]</a></code>
 

src/cloudflare/resources/zero_trust/identity_providers.py

@@ -26,6 +26,7 @@
 from ..._base_client import AsyncPaginator, make_request_options
 from ...types.zero_trust import (
     IdentityProviderType,
+    identity_provider_list_params,
     identity_provider_create_params,
     identity_provider_update_params,
 )
@@ -1585,6 +1586,7 @@ def list(
         *,
         account_id: str | NotGiven = NOT_GIVEN,
         zone_id: str | NotGiven = NOT_GIVEN,
+        scim_enabled: str | NotGiven = NOT_GIVEN,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
         # The extra values given here take precedence over values defined on the client or passed to this method.
         extra_headers: Headers | None = None,
@@ -1600,6 +1602,9 @@ def list(
 
           zone_id: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
 
+          scim_enabled: Indicates to Access to only retrieve identity providers that have the System for
+              Cross-Domain Identity Management (SCIM) enabled.
+
           extra_headers: Send extra headers
 
           extra_query: Add additional query parameters to the request
@@ -1624,7 +1629,13 @@ def list(
             f"/{account_or_zone}/{account_or_zone_id}/access/identity_providers",
             page=SyncSinglePage[IdentityProviderListResponse],
             options=make_request_options(
-                extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout
+                extra_headers=extra_headers,
+                extra_query=extra_query,
+                extra_body=extra_body,
+                timeout=timeout,
+                query=maybe_transform(
+                    {"scim_enabled": scim_enabled}, identity_provider_list_params.IdentityProviderListParams
+                ),
             ),
             model=cast(
                 Any, IdentityProviderListResponse
@@ -3301,6 +3312,7 @@ def list(
         *,
         account_id: str | NotGiven = NOT_GIVEN,
         zone_id: str | NotGiven = NOT_GIVEN,
+        scim_enabled: str | NotGiven = NOT_GIVEN,
         # Use the following arguments if you need to pass additional parameters to the API that aren't available via kwargs.
         # The extra values given here take precedence over values defined on the client or passed to this method.
         extra_headers: Headers | None = None,
@@ -3316,6 +3328,9 @@ def list(
 
           zone_id: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.
 
+          scim_enabled: Indicates to Access to only retrieve identity providers that have the System for
+              Cross-Domain Identity Management (SCIM) enabled.
+
           extra_headers: Send extra headers
 
           extra_query: Add additional query parameters to the request
@@ -3340,7 +3355,13 @@ def list(
             f"/{account_or_zone}/{account_or_zone_id}/access/identity_providers",
             page=AsyncSinglePage[IdentityProviderListResponse],
             options=make_request_options(
-                extra_headers=extra_headers, extra_query=extra_query, extra_body=extra_body, timeout=timeout
+                extra_headers=extra_headers,
+                extra_query=extra_query,
+                extra_body=extra_body,
+                timeout=timeout,
+                query=maybe_transform(
+                    {"scim_enabled": scim_enabled}, identity_provider_list_params.IdentityProviderListParams
+                ),
             ),
             model=cast(
                 Any, IdentityProviderListResponse

src/cloudflare/types/zero_trust/__init__.py

@@ -67,6 +67,7 @@
 from .organization_create_params import OrganizationCreateParams as OrganizationCreateParams
 from .organization_update_params import OrganizationUpdateParams as OrganizationUpdateParams
 from .any_valid_service_token_rule import AnyValidServiceTokenRule as AnyValidServiceTokenRule
+from .identity_provider_list_params import IdentityProviderListParams as IdentityProviderListParams
 from .identity_provider_scim_config import IdentityProviderSCIMConfig as IdentityProviderSCIMConfig
 from .external_evaluation_rule_param import ExternalEvaluationRuleParam as ExternalEvaluationRuleParam
 from .github_organization_rule_param import GitHubOrganizationRuleParam as GitHubOrganizationRuleParam

src/cloudflare/types/zero_trust/identity_provider.py

@@ -275,6 +275,9 @@ class AccessOIDCConfig(BaseModel):
     email_claim_name: Optional[str] = None
     """The claim name for email in the id_token response."""
 
+    pkce_enabled: Optional[bool] = None
+    """Enable Proof Key for Code Exchange (PKCE)"""
+
     scopes: Optional[List[str]] = None
     """OAuth scopes"""
 

src/cloudflare/types/zero_trust/identity_provider_create_params.py

@@ -393,6 +393,9 @@ class AccessOIDCConfig(TypedDict, total=False):
     email_claim_name: str
     """The claim name for email in the id_token response."""
 
+    pkce_enabled: bool
+    """Enable Proof Key for Code Exchange (PKCE)"""
+
     scopes: List[str]
     """OAuth scopes"""
 

src/cloudflare/types/zero_trust/identity_provider_list_params.py

@@ -0,0 +1,21 @@
+# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+from __future__ import annotations
+
+from typing_extensions import TypedDict
+
+__all__ = ["IdentityProviderListParams"]
+
+
+class IdentityProviderListParams(TypedDict, total=False):
+    account_id: str
+    """The Account ID to use for this endpoint. Mutually exclusive with the Zone ID."""
+
+    zone_id: str
+    """The Zone ID to use for this endpoint. Mutually exclusive with the Account ID."""
+
+    scim_enabled: str
+    """
+    Indicates to Access to only retrieve identity providers that have the System for
+    Cross-Domain Identity Management (SCIM) enabled.
+    """

src/cloudflare/types/zero_trust/identity_provider_list_response.py

@@ -273,6 +273,9 @@ class AccessOIDCConfig(BaseModel):
     email_claim_name: Optional[str] = None
     """The claim name for email in the id_token response."""
 
+    pkce_enabled: Optional[bool] = None
+    """Enable Proof Key for Code Exchange (PKCE)"""
+
     scopes: Optional[List[str]] = None
     """OAuth scopes"""
 

src/cloudflare/types/zero_trust/identity_provider_scim_config.py

@@ -12,13 +12,15 @@ class IdentityProviderSCIMConfig(BaseModel):
     enabled: Optional[bool] = None
     """A flag to enable or disable SCIM for the identity provider."""
 
-    identity_update_behavior: Optional[Literal["automatic", "reauth"]] = None
-    """Indicates how a SCIM event updates an Access identity.
-
-    Use "automatic" to automatically update a user's Access identity and augment it
-    with fields from the SCIM user resource. Use "reauth" to force re-authentication
-    on group membership updates. With "reauth" Access identities will not contain
-    fields from the SCIM user resource.
+    identity_update_behavior: Optional[Literal["automatic", "reauth", "no_action"]] = None
+    """Indicates how a SCIM event updates a user identity used for policy evaluation.
+
+    Use "automatic" to automatically update a user's identity and augment it with
+    fields from the SCIM user resource. Use "reauth" to force re-authentication on
+    group membership updates, user identity update will only occur after successful
+    re-authentication. With "reauth" identities will not contain fields from the
+    SCIM user resource. With "no_action" identities will not be changed by SCIM
+    updates in any way and users will not be prompted to reauthenticate.
     """
 
     seat_deprovision: Optional[bool] = None

src/cloudflare/types/zero_trust/identity_provider_scim_config_param.py

@@ -11,13 +11,15 @@ class IdentityProviderSCIMConfigParam(TypedDict, total=False):
     enabled: bool
     """A flag to enable or disable SCIM for the identity provider."""
 
-    identity_update_behavior: Literal["automatic", "reauth"]
-    """Indicates how a SCIM event updates an Access identity.
-
-    Use "automatic" to automatically update a user's Access identity and augment it
-    with fields from the SCIM user resource. Use "reauth" to force re-authentication
-    on group membership updates. With "reauth" Access identities will not contain
-    fields from the SCIM user resource.
+    identity_update_behavior: Literal["automatic", "reauth", "no_action"]
+    """Indicates how a SCIM event updates a user identity used for policy evaluation.
+
+    Use "automatic" to automatically update a user's identity and augment it with
+    fields from the SCIM user resource. Use "reauth" to force re-authentication on
+    group membership updates, user identity update will only occur after successful
+    re-authentication. With "reauth" identities will not contain fields from the
+    SCIM user resource. With "no_action" identities will not be changed by SCIM
+    updates in any way and users will not be prompted to reauthenticate.
     """
 
     seat_deprovision: bool

src/cloudflare/types/zero_trust/identity_provider_update_params.py

@@ -393,6 +393,9 @@ class AccessOIDCConfig(TypedDict, total=False):
     email_claim_name: str
     """The claim name for email in the id_token response."""
 
+    pkce_enabled: bool
+    """Enable Proof Key for Code Exchange (PKCE)"""
+
     scopes: List[str]
     """OAuth scopes"""
 

tests/api_resources/zero_trust/test_identity_providers.py

@@ -633,6 +633,7 @@ def test_method_create_with_all_params_overload_8(self, client: Cloudflare) -> N
                 "client_id": "<your client id>",
                 "client_secret": "<your client secret>",
                 "email_claim_name": "custom_claim_name",
+                "pkce_enabled": True,
                 "scopes": ["openid", "email", "profile"],
                 "token_url": "https://accounts.google.com/o/oauth2/token",
             },
@@ -1926,6 +1927,7 @@ def test_method_update_with_all_params_overload_8(self, client: Cloudflare) -> N
                 "client_id": "<your client id>",
                 "client_secret": "<your client secret>",
                 "email_claim_name": "custom_claim_name",
+                "pkce_enabled": True,
                 "scopes": ["openid", "email", "profile"],
                 "token_url": "https://accounts.google.com/o/oauth2/token",
             },
@@ -2617,6 +2619,7 @@ def test_method_list(self, client: Cloudflare) -> None:
     def test_method_list_with_all_params(self, client: Cloudflare) -> None:
         identity_provider = client.zero_trust.identity_providers.list(
             account_id="account_id",
+            scim_enabled="scim_enabled",
         )
         assert_matches_type(SyncSinglePage[IdentityProviderListResponse], identity_provider, path=["response"])
 
@@ -3408,6 +3411,7 @@ async def test_method_create_with_all_params_overload_8(self, async_client: Asyn
                 "client_id": "<your client id>",
                 "client_secret": "<your client secret>",
                 "email_claim_name": "custom_claim_name",
+                "pkce_enabled": True,
                 "scopes": ["openid", "email", "profile"],
                 "token_url": "https://accounts.google.com/o/oauth2/token",
             },
@@ -4701,6 +4705,7 @@ async def test_method_update_with_all_params_overload_8(self, async_client: Asyn
                 "client_id": "<your client id>",
                 "client_secret": "<your client secret>",
                 "email_claim_name": "custom_claim_name",
+                "pkce_enabled": True,
                 "scopes": ["openid", "email", "profile"],
                 "token_url": "https://accounts.google.com/o/oauth2/token",
             },
@@ -5392,6 +5397,7 @@ async def test_method_list(self, async_client: AsyncCloudflare) -> None:
     async def test_method_list_with_all_params(self, async_client: AsyncCloudflare) -> None:
         identity_provider = await async_client.zero_trust.identity_providers.list(
             account_id="account_id",
+            scim_enabled="scim_enabled",
         )
         assert_matches_type(AsyncSinglePage[IdentityProviderListResponse], identity_provider, path=["response"])