update to latest stable master

.github/CODEOWNERS

@@ -0,0 +1,5 @@
+
+# Own a service and want to be defined as an owner here? Open a PR or 
+# hit up @jacobbednarz to add your team.
+
+*  @jacobbednarz

.github/workflows/codeql-analysis.yml

@@ -42,7 +42,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,7 +53,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -67,4 +67,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/lint.yml

@@ -12,15 +12,15 @@ jobs:
           version: latest
           args: "--config .golintci.yaml"
           only-new-issues: true # only show new issues in the PR, not all.
-  structslop:
-    name: structslop
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v2
-        with:
-          go-version: ^1.17
-      - name: structslop
-        run: |
-          go generate -tags tools tools/tools.go
-          $(go env GOPATH)/bin/structslop .
+  #structslop:
+  #  name: structslop
+  #  runs-on: ubuntu-latest
+  #  steps:
+  #    - uses: actions/checkout@v3
+  #    - uses: actions/setup-go@v3
+  #      with:
+  #        go-version: ^1.17
+  #    - name: structslop
+  #      run: |
+  #        go generate -tags tools tools/tools.go
+  #        $(go env GOPATH)/bin/structslop .

.github/workflows/release.yml

@@ -13,7 +13,7 @@ jobs:
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
-      - uses: actions/setup-go@v2
+      - uses: actions/setup-go@v3
         with:
           go-version: ^1.17
       - name: Run GoReleaser

.github/workflows/test.yml

@@ -8,7 +8,7 @@ jobs:
         os: [ubuntu-latest, macos-latest, windows-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/setup-go@v2
+      - uses: actions/setup-go@v3
         with:
           go-version: ${{ matrix.go-version }}
       - name: Checkout code

access_application.go

@@ -44,7 +44,7 @@ type AccessApplication struct {
 	SkipInterstitial        bool                           `json:"skip_interstitial,omitempty"`
 	AppLauncherVisible      bool                           `json:"app_launcher_visible,omitempty"`
 	EnableBindingCookie     bool                           `json:"enable_binding_cookie,omitempty"`
-	HttpOnlyCookieAttribute bool                           `json:"http_only_cookie_attribute,omitempty"`
+	HttpOnlyCookieAttribute *bool                          `json:"http_only_cookie_attribute,omitempty"`
 	ServiceAuth401Redirect  bool                           `json:"service_auth_401_redirect,omitempty"`
 }
 

access_application_test.go

@@ -74,7 +74,7 @@ func TestAccessApplications(t *testing.T) {
 		CustomDenyMessage:       "denied!",
 		CustomDenyURL:           "https://www.example.com",
 		SameSiteCookieAttribute: "strict",
-		HttpOnlyCookieAttribute: true,
+		HttpOnlyCookieAttribute: BoolPtr(true),
 		LogoURL:                 "https://www.example.com/example.png",
 		SkipInterstitial:        true,
 	}}
@@ -124,7 +124,8 @@ func TestAccessApplication(t *testing.T) {
 				"logo_url": "https://www.example.com/example.png",
 				"skip_interstitial": true,
 				"app_launcher_visible": true,
-				"service_auth_401_redirect": true
+				"service_auth_401_redirect": true,
+				"http_only_cookie_attribute": false
 			}
 		}
 		`)
@@ -134,23 +135,24 @@ func TestAccessApplication(t *testing.T) {
 	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
 
 	want := AccessApplication{
-		ID:                     "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		CreatedAt:              &createdAt,
-		UpdatedAt:              &updatedAt,
-		AUD:                    "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		Name:                   "Admin Site",
-		Domain:                 "test.example.com/admin",
-		Type:                   "self_hosted",
-		SessionDuration:        "24h",
-		AllowedIdps:            []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
-		AutoRedirectToIdentity: false,
-		EnableBindingCookie:    false,
-		AppLauncherVisible:     true,
-		ServiceAuth401Redirect: true,
-		CustomDenyMessage:      "denied!",
-		CustomDenyURL:          "https://www.example.com",
-		LogoURL:                "https://www.example.com/example.png",
-		SkipInterstitial:       true,
+		ID:                      "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		CreatedAt:               &createdAt,
+		UpdatedAt:               &updatedAt,
+		AUD:                     "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		Name:                    "Admin Site",
+		Domain:                  "test.example.com/admin",
+		Type:                    "self_hosted",
+		SessionDuration:         "24h",
+		AllowedIdps:             []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
+		AutoRedirectToIdentity:  false,
+		EnableBindingCookie:     false,
+		AppLauncherVisible:      true,
+		ServiceAuth401Redirect:  true,
+		CustomDenyMessage:       "denied!",
+		CustomDenyURL:           "https://www.example.com",
+		LogoURL:                 "https://www.example.com/example.png",
+		SkipInterstitial:        true,
+		HttpOnlyCookieAttribute: BoolPtr(false),
 	}
 
 	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)

access_organization.go

@@ -22,8 +22,10 @@ type AccessOrganization struct {
 // AccessOrganizationLoginDesign represents the login design options.
 type AccessOrganizationLoginDesign struct {
 	BackgroundColor string `json:"background_color"`
-	TextColor       string `json:"text_color"`
 	LogoPath        string `json:"logo_path"`
+	TextColor       string `json:"text_color"`
+	HeaderText      string `json:"header_text"`
+	FooterText      string `json:"footer_text"`
 }
 
 // AccessOrganizationListResponse represents the response from the list

access_organization_test.go

@@ -28,8 +28,10 @@ func TestAccessOrganization(t *testing.T) {
 				"auth_domain": "test.cloudflareaccess.com",
 				"login_design": {
 					"background_color": "#c5ed1b",
+					"logo_path": "https://example.com/logo.png",
 					"text_color": "#c5ed1b",
-					"logo_path": "https://example.com/logo.png"
+					"header_text": "Widget Corp",
+					"footer_text": "© Widget Corp"
 				}
 			}
 		}
@@ -46,8 +48,10 @@ func TestAccessOrganization(t *testing.T) {
 		AuthDomain: "test.cloudflareaccess.com",
 		LoginDesign: AccessOrganizationLoginDesign{
 			BackgroundColor: "#c5ed1b",
-			TextColor:       "#c5ed1b",
 			LogoPath:        "https://example.com/logo.png",
+			TextColor:       "#c5ed1b",
+			HeaderText:      "Widget Corp",
+			FooterText:      "© Widget Corp",
 		},
 	}
 
@@ -86,8 +90,10 @@ func TestCreateAccessOrganization(t *testing.T) {
 				"auth_domain": "test.cloudflareaccess.com",
 				"login_design": {
 					"background_color": "#c5ed1b",
+					"logo_path": "https://example.com/logo.png",
 					"text_color": "#c5ed1b",
-					"logo_path": "https://example.com/logo.png"
+					"header_text": "Widget Corp",
+					"footer_text": "© Widget Corp"
 				}
 			}
 		}
@@ -104,8 +110,10 @@ func TestCreateAccessOrganization(t *testing.T) {
 		AuthDomain: "test.cloudflareaccess.com",
 		LoginDesign: AccessOrganizationLoginDesign{
 			BackgroundColor: "#c5ed1b",
-			TextColor:       "#c5ed1b",
 			LogoPath:        "https://example.com/logo.png",
+			TextColor:       "#c5ed1b",
+			HeaderText:      "Widget Corp",
+			FooterText:      "© Widget Corp",
 		},
 	}
 
@@ -144,8 +152,10 @@ func TestUpdateAccessOrganization(t *testing.T) {
 				"auth_domain": "test.cloudflareaccess.com",
 				"login_design": {
 					"background_color": "#c5ed1b",
+					"logo_path": "https://example.com/logo.png",
 					"text_color": "#c5ed1b",
-					"logo_path": "https://example.com/logo.png"
+					"header_text": "Widget Corp",
+					"footer_text": "© Widget Corp"
 				}
 			}
 		}
@@ -162,8 +172,10 @@ func TestUpdateAccessOrganization(t *testing.T) {
 		AuthDomain: "test.cloudflareaccess.com",
 		LoginDesign: AccessOrganizationLoginDesign{
 			BackgroundColor: "#c5ed1b",
-			TextColor:       "#c5ed1b",
 			LogoPath:        "https://example.com/logo.png",
+			TextColor:       "#c5ed1b",
+			HeaderText:      "Widget Corp",
+			FooterText:      "© Widget Corp",
 		},
 	}
 

argo_tunnel.go

@@ -44,8 +44,10 @@ type ArgoTunnelDetailResponse struct {
 // ArgoTunnels lists all tunnels.
 //
 // API reference: https://api.cloudflare.com/#argo-tunnel-list-argo-tunnels
+//
+// Deprecated: Use `Tunnels` instead.
 func (api *API) ArgoTunnels(ctx context.Context, accountID string) ([]ArgoTunnel, error) {
-	uri := fmt.Sprintf("/accounts/%s/tunnels", accountID)
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel", accountID)
 
 	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodGet, uri, nil, argoV1Header())
 	if err != nil {
@@ -63,8 +65,10 @@ func (api *API) ArgoTunnels(ctx context.Context, accountID string) ([]ArgoTunnel
 // ArgoTunnel returns a single Argo tunnel.
 //
 // API reference: https://api.cloudflare.com/#argo-tunnel-get-argo-tunnel
+//
+// Deprecated: Use `Tunnel` instead.
 func (api *API) ArgoTunnel(ctx context.Context, accountID, tunnelUUID string) (ArgoTunnel, error) {
-	uri := fmt.Sprintf("/accounts/%s/tunnels/%s", accountID, tunnelUUID)
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s", accountID, tunnelUUID)
 
 	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodGet, uri, nil, argoV1Header())
 	if err != nil {
@@ -82,8 +86,10 @@ func (api *API) ArgoTunnel(ctx context.Context, accountID, tunnelUUID string) (A
 // CreateArgoTunnel creates a new tunnel for the account.
 //
 // API reference: https://api.cloudflare.com/#argo-tunnel-create-argo-tunnel
+//
+// Deprecated: Use `CreateTunnel` instead.
 func (api *API) CreateArgoTunnel(ctx context.Context, accountID, name, secret string) (ArgoTunnel, error) {
-	uri := fmt.Sprintf("/accounts/%s/tunnels", accountID)
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel", accountID)
 
 	tunnel := ArgoTunnel{Name: name, Secret: secret}
 
@@ -104,8 +110,10 @@ func (api *API) CreateArgoTunnel(ctx context.Context, accountID, name, secret st
 // DeleteArgoTunnel removes a single Argo tunnel.
 //
 // API reference: https://api.cloudflare.com/#argo-tunnel-delete-argo-tunnel
+//
+// Deprecated: Use `DeleteTunnel` instead.
 func (api *API) DeleteArgoTunnel(ctx context.Context, accountID, tunnelUUID string) error {
-	uri := fmt.Sprintf("/accounts/%s/tunnels/%s", accountID, tunnelUUID)
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s", accountID, tunnelUUID)
 
 	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodDelete, uri, nil, argoV1Header())
 	if err != nil {
@@ -124,8 +132,10 @@ func (api *API) DeleteArgoTunnel(ctx context.Context, accountID, tunnelUUID stri
 // CleanupArgoTunnelConnections deletes any inactive connections on a tunnel.
 //
 // API reference: https://api.cloudflare.com/#argo-tunnel-clean-up-argo-tunnel-connections
+//
+// Deprecated: Use `CleanupTunnelConnections` instead.
 func (api *API) CleanupArgoTunnelConnections(ctx context.Context, accountID, tunnelUUID string) error {
-	uri := fmt.Sprintf("/accounts/%s/tunnels/%s/connections", accountID, tunnelUUID)
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/connections", accountID, tunnelUUID)
 
 	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodDelete, uri, nil, argoV1Header())
 	if err != nil {

argo_tunnel_test.go

@@ -40,7 +40,7 @@ func TestArgoTunnels(t *testing.T) {
 		`)
 	}
 
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/tunnels", handler)
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/cfd_tunnel", handler)
 
 	createdAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
 	deletedAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
@@ -91,7 +91,7 @@ func TestArgoTunnel(t *testing.T) {
 		`)
 	}
 
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/tunnels/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/cfd_tunnel/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
 
 	createdAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
 	deletedAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
@@ -142,7 +142,7 @@ func TestCreateArgoTunnel(t *testing.T) {
 		`)
 	}
 
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/tunnels", handler)
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/cfd_tunnel", handler)
 
 	createdAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
 	deletedAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
@@ -193,7 +193,7 @@ func TestDeleteArgoTunnel(t *testing.T) {
 		`)
 	}
 
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/tunnels/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/cfd_tunnel/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
 
 	err := client.DeleteArgoTunnel(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
 	assert.NoError(t, err)
@@ -214,7 +214,7 @@ func TestCleanupArgoTunnelConnections(t *testing.T) {
 		`)
 	}
 
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/tunnels/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/connections", handler)
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/cfd_tunnel/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/connections", handler)
 
 	err := client.CleanupArgoTunnelConnections(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
 	assert.NoError(t, err)

cmd/flarectl/zone.go

@@ -293,7 +293,7 @@ func zoneRecords(c *cli.Context) error {
 			rr.Name = c.String("name")
 		}
 		if c.String("content") != "" {
-			rr.Name = c.String("content")
+			rr.Content = c.String("content")
 		}
 		var err error
 		records, err = api.DNSRecords(context.Background(), zoneID, rr)

custom_hostname.go

@@ -22,8 +22,10 @@ const (
 	ACTIVE CustomHostnameStatus = "active"
 	// MOVED status represents state of CustomHostname is moved.
 	MOVED CustomHostnameStatus = "moved"
-	// DELETED status represents state of CustomHostname is removed.
+	// DELETED status represents state of CustomHostname is deleted.
 	DELETED CustomHostnameStatus = "deleted"
+	// BLOCKED status represents state of CustomHostname is blocked from going active.
+	BLOCKED CustomHostnameStatus = "blocked"
 )
 
 // CustomHostnameSSLSettings represents the SSL settings for a custom hostname.

device_posture_rule.go

@@ -152,6 +152,7 @@ type DevicePostureRule struct {
 	Schedule    string                   `json:"schedule,omitempty"`
 	Match       []DevicePostureRuleMatch `json:"match,omitempty"`
 	Input       DevicePostureRuleInput   `json:"input,omitempty"`
+	Expiration  string                   `json:"expiration,omitempty"`
 }
 
 // DevicePostureRuleMatch represents the conditions that the client must match to run the rule.