Merge branch 'master' into imobbs/ACCT-4459-domain-scoped-roles

.changelog/1089.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+user-agent-blocking-rules: add missing managed_challenge validation and removed the deprecated whitelist one
+```

.changelog/1090.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+devices_policy: Add support for additional device settings policies
+```

.changelog/1091.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+load_balancing: support adaptive_routing and location_strategy
+```

.changelog/1093.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+rulesets: add support for `sensitivity_level` to override all rule sensitivity
+```

.changelog/1094.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.16.3 to 2.17.1
+```

.changelog/1097.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps dependabot/fetch-metadata from 1.3.3 to 1.3.4
+```

.changelog/1103.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.17.1 to 2.19.2
+```

.changelog/1104.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+access: add UI read-only field to organizations
+```

.devcontainer/devcontainer.json

@@ -10,7 +10,7 @@
   "remoteEnv": {
     "GOPATH": "${containerEnv:GOPATH}"
   },
-  "updateContentCommand": "go generate -tags tools internal/tools/tools.go",
+  "onCreateCommand": "go generate -tags tools internal/tools/tools.go",
   "customizations": {
     "vscode": {
       "settings": {

.github/workflows/dependabot-changelog.yml

@@ -12,7 +12,7 @@ jobs:
     steps:
       - name: Fetch dependabot metadata
         id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v1.3.3
+        uses: dependabot/fetch-metadata@v1.3.4
       - uses: actions/checkout@v3
       - run: |
           gh pr checkout $PR_URL

.golintci.yaml

@@ -16,17 +16,22 @@ run:
 
 linters:
   enable:
-    - bodyclose    # ensure HTTP response bodies are successfully closed.
-    - contextcheck # check we are passing context an inherited context.
-    - gofmt        # checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification.
-    - errname      # checks that sentinel errors are prefixed with the `Err`` and error types are suffixed with the `Error``.
-    - errorlint    # used to find code that will cause problems with the error wrapping scheme introduced in Go 1.13.
-    - godot        # check if comments end in a period.
-    - misspell     # finds commonly misspelled English words in comments.
-    - nilerr       # checks that there is no simultaneous return of nil error and an invalid value.
-    - tparallel    # detects inappropriate usage of t.Parallel() method in your Go test codes.
-    - unparam      # reports unused function parameters.
-    - whitespace   # detection of leading and trailing whitespace.
+    - bodyclose      # ensure HTTP response bodies are successfully closed.
+    - contextcheck   # check we are passing context an inherited context.
+    - gofmt          # checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification.
+    - errname        # checks that sentinel errors are prefixed with the `Err`` and error types are suffixed with the `Error``.
+    - errorlint      # used to find code that will cause problems with the error wrapping scheme introduced in Go 1.13.
+    - godot          # check if comments end in a period.
+    - misspell       # finds commonly misspelled English words in comments.
+    - nilerr         # checks that there is no simultaneous return of nil error and an invalid value.
+    - tparallel      # detects inappropriate usage of t.Parallel() method in your Go test codes.
+    - unparam        # reports unused function parameters.
+    - whitespace     # detection of leading and trailing whitespace.
+    - gosec          # inspects source code for security problems.
+    - bidichk        # checks for dangerous unicode character sequences.
+    - exportloopref  # prevent scope issues with pointers in loops.
+    - goconst        # use constants where values are repeated.
+    - reassign       # checks that package variables are not reassigned.
 
 output:
   format: colored-line-number

CHANGELOG.md

@@ -1,4 +1,20 @@
-## 0.51.0 (Unreleased)
+## 0.53.0 (Unreleased)
+
+## 0.52.0 (October 12th, 2022)
+
+ENHANCEMENTS:
+
+* access: add UI read-only field to organizations ([#1104](https://github.com/cloudflare/cloudflare-go/issues/1104))
+* devices_policy: Add support for additional device settings policies ([#1090](https://github.com/cloudflare/cloudflare-go/issues/1090))
+* rulesets: add support for `sensitivity_level` to override all rule sensitivity ([#1093](https://github.com/cloudflare/cloudflare-go/issues/1093))
+
+DEPENDENCIES:
+
+* deps: bumps dependabot/fetch-metadata from 1.3.3 to 1.3.4 ([#1097](https://github.com/cloudflare/cloudflare-go/issues/1097))
+* deps: bumps github.com/urfave/cli/v2 from 2.16.3 to 2.17.1 ([#1094](https://github.com/cloudflare/cloudflare-go/issues/1094))
+* deps: bumps github.com/urfave/cli/v2 from 2.17.1 to 2.19.2 ([#1103](https://github.com/cloudflare/cloudflare-go/issues/1103))
+
+## 0.51.0 (September 28th, 2022)
 
 BREAKING CHANGES:
 
@@ -7,6 +23,11 @@ BREAKING CHANGES:
 ENHANCEMENTS:
 
 * device_posture_rule: add input fields for linux OS ([#1087](https://github.com/cloudflare/cloudflare-go/issues/1087))
+* load_balancing: support adaptive_routing and location_strategy ([#1091](https://github.com/cloudflare/cloudflare-go/issues/1091))
+
+BUG FIXES:
+
+* user-agent-blocking-rules: add missing managed_challenge validation and removed the deprecated whitelist one ([#1089](https://github.com/cloudflare/cloudflare-go/issues/1089))
 
 ## 0.50.0 (September 14, 2022)
 

access_organization.go

@@ -10,11 +10,12 @@ import (
 
 // AccessOrganization represents an Access organization.
 type AccessOrganization struct {
-	CreatedAt   *time.Time                    `json:"created_at"`
-	UpdatedAt   *time.Time                    `json:"updated_at"`
-	Name        string                        `json:"name"`
-	AuthDomain  string                        `json:"auth_domain"`
-	LoginDesign AccessOrganizationLoginDesign `json:"login_design"`
+	CreatedAt    *time.Time                    `json:"created_at"`
+	UpdatedAt    *time.Time                    `json:"updated_at"`
+	Name         string                        `json:"name"`
+	AuthDomain   string                        `json:"auth_domain"`
+	LoginDesign  AccessOrganizationLoginDesign `json:"login_design"`
+	IsUIReadOnly *bool                         `json:"is_ui_read_only,omitempty"`
 }
 
 // AccessOrganizationLoginDesign represents the login design options.

access_organization_test.go

@@ -26,6 +26,7 @@ func TestAccessOrganization(t *testing.T) {
 				"updated_at": "2014-01-01T05:20:00.12345Z",
 				"name": "Widget Corps Internal Applications",
 				"auth_domain": "test.cloudflareaccess.com",
+				"is_ui_read_only": false,
 				"login_design": {
 					"background_color": "#c5ed1b",
 					"logo_path": "https://example.com/logo.png",
@@ -53,6 +54,7 @@ func TestAccessOrganization(t *testing.T) {
 			HeaderText:      "Widget Corp",
 			FooterText:      "© Widget Corp",
 		},
+		IsUIReadOnly: BoolPtr(false),
 	}
 
 	mux.HandleFunc("/accounts/"+testAccountID+"/access/organizations", handler)
@@ -88,6 +90,7 @@ func TestCreateAccessOrganization(t *testing.T) {
 				"updated_at": "2014-01-01T05:20:00.12345Z",
 				"name": "Widget Corps Internal Applications",
 				"auth_domain": "test.cloudflareaccess.com",
+				"is_ui_read_only": true,
 				"login_design": {
 					"background_color": "#c5ed1b",
 					"logo_path": "https://example.com/logo.png",
@@ -115,6 +118,7 @@ func TestCreateAccessOrganization(t *testing.T) {
 			HeaderText:      "Widget Corp",
 			FooterText:      "© Widget Corp",
 		},
+		IsUIReadOnly: BoolPtr(true),
 	}
 
 	mux.HandleFunc("/accounts/"+testAccountID+"/access/organizations", handler)
@@ -156,7 +160,8 @@ func TestUpdateAccessOrganization(t *testing.T) {
 					"text_color": "#c5ed1b",
 					"header_text": "Widget Corp",
 					"footer_text": "© Widget Corp"
-				}
+				},
+				"is_ui_read_only": false
 			}
 		}
 		`)
@@ -177,6 +182,7 @@ func TestUpdateAccessOrganization(t *testing.T) {
 			HeaderText:      "Widget Corp",
 			FooterText:      "© Widget Corp",
 		},
+		IsUIReadOnly: BoolPtr(false),
 	}
 
 	mux.HandleFunc("/accounts/"+testAccountID+"/access/organizations", handler)

devices_policy.go

@@ -17,6 +17,59 @@ type DeviceClientCertificatesZone struct {
 	Result Enabled
 }
 
+type ServiceModeV2 struct {
+	Mode string `json:"mode,omitempty"`
+	Port int    `json:"port,omitempty"`
+}
+
+type DeviceSettingsPolicy struct {
+	ServiceModeV2       *ServiceModeV2    `json:"service_mode_v2"`
+	DisableAutoFallback *bool             `json:"disable_auto_fallback"`
+	FallbackDomains     *[]FallbackDomain `json:"fallback_domains"`
+	Include             *[]SplitTunnel    `json:"include"`
+	Exclude             *[]SplitTunnel    `json:"exclude"`
+	GatewayUniqueID     *string           `json:"gateway_unique_id"`
+	SupportURL          *string           `json:"support_url"`
+	CaptivePortal       *int              `json:"captive_portal"`
+	AllowModeSwitch     *bool             `json:"allow_mode_switch"`
+	SwitchLocked        *bool             `json:"switch_locked"`
+	AllowUpdates        *bool             `json:"allow_updates"`
+	AutoConnect         *int              `json:"auto_connect"`
+	AllowedToLeave      *bool             `json:"allowed_to_leave"`
+	PolicyID            *string           `json:"policy_id"`
+	Enabled             *bool             `json:"enabled"`
+	Name                *string           `json:"name"`
+	Match               *string           `json:"match"`
+	Precedence          *int              `json:"precedence"`
+	Default             bool              `json:"default"`
+}
+
+type DeviceSettingsPolicyResponse struct {
+	Response
+	Result DeviceSettingsPolicy
+}
+
+type DeleteDeviceSettingsPolicyResponse struct {
+	Response
+	Result []DeviceSettingsPolicy
+}
+
+type DeviceSettingsPolicyRequest struct {
+	DisableAutoFallback *bool          `json:"disable_auto_fallback,omitempty"`
+	CaptivePortal       *int           `json:"captive_portal,omitempty"`
+	AllowModeSwitch     *bool          `json:"allow_mode_switch,omitempty"`
+	SwitchLocked        *bool          `json:"switch_locked,omitempty"`
+	AllowUpdates        *bool          `json:"allow_updates,omitempty"`
+	AutoConnect         *int           `json:"auto_connect,omitempty"`
+	AllowedToLeave      *bool          `json:"allowed_to_leave,omitempty"`
+	SupportURL          *string        `json:"support_url,omitempty"`
+	ServiceModeV2       *ServiceModeV2 `json:"service_mode_v2,omitempty"`
+	Precedence          *int           `json:"precedence,omitempty"`
+	Name                *string        `json:"name,omitempty"`
+	Match               *string        `json:"match,omitempty"`
+	Enabled             *bool          `json:"enabled,omitempty"`
+}
+
 // UpdateDeviceClientCertificates controls the zero trust zone used to provision client certificates.
 //
 // API reference: https://api.cloudflare.com/#device-client-certificates
@@ -54,3 +107,117 @@ func (api *API) GetDeviceClientCertificatesZone(ctx context.Context, zoneID stri
 
 	return result, err
 }
+
+// CreateDeviceSettingsPolicy creates a settings policy against devices that match the policy
+//
+// API reference: https://api.cloudflare.com/#devices-create-device-settings-policy
+func (api *API) CreateDeviceSettingsPolicy(ctx context.Context, accountID string, req DeviceSettingsPolicyRequest) (DeviceSettingsPolicyResponse, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/policy", AccountRouteRoot, accountID)
+
+	result := DeviceSettingsPolicyResponse{}
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, req)
+	if err != nil {
+		return result, err
+	}
+
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, err
+}
+
+// UpdateDefaultDeviceSettingsPolicy updates the default settings policy for an account
+//
+// API reference: https://api.cloudflare.com/#devices-update-default-device-settings-policy
+func (api *API) UpdateDefaultDeviceSettingsPolicy(ctx context.Context, accountID string, req DeviceSettingsPolicyRequest) (DeviceSettingsPolicyResponse, error) {
+	result := DeviceSettingsPolicyResponse{}
+	uri := fmt.Sprintf("/%s/%s/devices/policy", AccountRouteRoot, accountID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, req)
+	if err != nil {
+		return result, err
+	}
+
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, err
+}
+
+// UpdateDeviceSettingsPolicy updates a settings policy
+//
+// API reference: https://api.cloudflare.com/#devices-update-device-settings-policy
+func (api *API) UpdateDeviceSettingsPolicy(ctx context.Context, accountID, policyID string, req DeviceSettingsPolicyRequest) (DeviceSettingsPolicyResponse, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/policy/%s", AccountRouteRoot, accountID, policyID)
+
+	result := DeviceSettingsPolicyResponse{}
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, req)
+	if err != nil {
+		return result, err
+	}
+
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, err
+}
+
+// DeleteDeviceSettingsPolicy deletes a settings policy and returns a list
+// of all of the other policies in the account
+//
+// API reference: https://api.cloudflare.com/#devices-delete-device-settings-policy
+func (api *API) DeleteDeviceSettingsPolicy(ctx context.Context, accountID, policyID string) (DeleteDeviceSettingsPolicyResponse, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/policy/%s", AccountRouteRoot, accountID, policyID)
+
+	result := DeleteDeviceSettingsPolicyResponse{}
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return result, err
+	}
+
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, err
+}
+
+// GetDefaultDeviceSettings gets the default device settings policy
+//
+// API reference: https://api.cloudflare.com/#devices-get-default-device-settings-policy
+func (api *API) GetDefaultDeviceSettingsPolicy(ctx context.Context, accountID string) (DeviceSettingsPolicyResponse, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/policy", AccountRouteRoot, accountID)
+
+	result := DeviceSettingsPolicyResponse{}
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return result, err
+	}
+
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, err
+}
+
+// GetDefaultDeviceSettings gets the device settings policy by its policyID
+//
+// API reference: https://api.cloudflare.com/#devices-get-device-settings-policy-by-id
+func (api *API) GetDeviceSettingsPolicy(ctx context.Context, accountID, policyID string) (DeviceSettingsPolicyResponse, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/policy/%s", AccountRouteRoot, accountID, policyID)
+
+	result := DeviceSettingsPolicyResponse{}
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return result, err
+	}
+
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, err
+}