chore(api): update composite API spec

Author: stainless-app[bot]

.stats.yml

@@ -1,4 +1,4 @@
 configured_endpoints: 2126
 openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-2762d64c98ba5dada95c90ee399129785ac56914eba638ecc0620b5db06ecb38.yml
-openapi_spec_hash: cc66dc78b702a9ed159ad78aefede524
+openapi_spec_hash: ebe782c4592c06e7e22eb0a725cc326e
 config_hash: a4389a4b44ba94e63c724848f563a9ec

src/cloudflare/resources/zero_trust/organizations/organizations.py

@@ -77,6 +77,7 @@ def create(
         login_design: LoginDesignParam | Omit = omit,
         mfa_config: organization_create_params.MfaConfig | Omit = omit,
         mfa_required_for_all_apps: bool | Omit = omit,
+        mfa_ssh_piv_key_requirements: organization_create_params.MfaSSHPivKeyRequirements | Omit = omit,
         session_duration: str | Omit = omit,
         ui_read_only_toggle_reason: str | Omit = omit,
         user_seat_expiration_inactive_time: str | Omit = omit,
@@ -126,6 +127,8 @@ def create(
               organization must have MFA enabled with at least one authentication method and a
               session duration configured.
 
+          mfa_ssh_piv_key_requirements: Configures SSH PIV key requirements for MFA using hardware security keys.
+
           session_duration: The amount of time that tokens issued for applications will be valid. Must be in
               the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m,
               h.
@@ -175,6 +178,7 @@ def create(
                     "login_design": login_design,
                     "mfa_config": mfa_config,
                     "mfa_required_for_all_apps": mfa_required_for_all_apps,
+                    "mfa_ssh_piv_key_requirements": mfa_ssh_piv_key_requirements,
                     "session_duration": session_duration,
                     "ui_read_only_toggle_reason": ui_read_only_toggle_reason,
                     "user_seat_expiration_inactive_time": user_seat_expiration_inactive_time,
@@ -207,6 +211,7 @@ def update(
         login_design: LoginDesignParam | Omit = omit,
         mfa_config: organization_update_params.MfaConfig | Omit = omit,
         mfa_required_for_all_apps: bool | Omit = omit,
+        mfa_ssh_piv_key_requirements: organization_update_params.MfaSSHPivKeyRequirements | Omit = omit,
         name: str | Omit = omit,
         session_duration: str | Omit = omit,
         ui_read_only_toggle_reason: str | Omit = omit,
@@ -255,6 +260,8 @@ def update(
               organization must have MFA enabled with at least one authentication method and a
               session duration configured.
 
+          mfa_ssh_piv_key_requirements: Configures SSH PIV key requirements for MFA using hardware security keys.
+
           name: The name of your Zero Trust organization.
 
           session_duration: The amount of time that tokens issued for applications will be valid. Must be in
@@ -306,6 +313,7 @@ def update(
                     "login_design": login_design,
                     "mfa_config": mfa_config,
                     "mfa_required_for_all_apps": mfa_required_for_all_apps,
+                    "mfa_ssh_piv_key_requirements": mfa_ssh_piv_key_requirements,
                     "name": name,
                     "session_duration": session_duration,
                     "ui_read_only_toggle_reason": ui_read_only_toggle_reason,
@@ -499,6 +507,7 @@ async def create(
         login_design: LoginDesignParam | Omit = omit,
         mfa_config: organization_create_params.MfaConfig | Omit = omit,
         mfa_required_for_all_apps: bool | Omit = omit,
+        mfa_ssh_piv_key_requirements: organization_create_params.MfaSSHPivKeyRequirements | Omit = omit,
         session_duration: str | Omit = omit,
         ui_read_only_toggle_reason: str | Omit = omit,
         user_seat_expiration_inactive_time: str | Omit = omit,
@@ -548,6 +557,8 @@ async def create(
               organization must have MFA enabled with at least one authentication method and a
               session duration configured.
 
+          mfa_ssh_piv_key_requirements: Configures SSH PIV key requirements for MFA using hardware security keys.
+
           session_duration: The amount of time that tokens issued for applications will be valid. Must be in
               the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs), ms, s, m,
               h.
@@ -597,6 +608,7 @@ async def create(
                     "login_design": login_design,
                     "mfa_config": mfa_config,
                     "mfa_required_for_all_apps": mfa_required_for_all_apps,
+                    "mfa_ssh_piv_key_requirements": mfa_ssh_piv_key_requirements,
                     "session_duration": session_duration,
                     "ui_read_only_toggle_reason": ui_read_only_toggle_reason,
                     "user_seat_expiration_inactive_time": user_seat_expiration_inactive_time,
@@ -629,6 +641,7 @@ async def update(
         login_design: LoginDesignParam | Omit = omit,
         mfa_config: organization_update_params.MfaConfig | Omit = omit,
         mfa_required_for_all_apps: bool | Omit = omit,
+        mfa_ssh_piv_key_requirements: organization_update_params.MfaSSHPivKeyRequirements | Omit = omit,
         name: str | Omit = omit,
         session_duration: str | Omit = omit,
         ui_read_only_toggle_reason: str | Omit = omit,
@@ -677,6 +690,8 @@ async def update(
               organization must have MFA enabled with at least one authentication method and a
               session duration configured.
 
+          mfa_ssh_piv_key_requirements: Configures SSH PIV key requirements for MFA using hardware security keys.
+
           name: The name of your Zero Trust organization.
 
           session_duration: The amount of time that tokens issued for applications will be valid. Must be in
@@ -728,6 +743,7 @@ async def update(
                     "login_design": login_design,
                     "mfa_config": mfa_config,
                     "mfa_required_for_all_apps": mfa_required_for_all_apps,
+                    "mfa_ssh_piv_key_requirements": mfa_ssh_piv_key_requirements,
                     "name": name,
                     "session_duration": session_duration,
                     "ui_read_only_toggle_reason": ui_read_only_toggle_reason,

src/cloudflare/types/zero_trust/access/application_create_params.py

@@ -137,6 +137,7 @@
     "InfrastructureApplicationPolicy",
     "InfrastructureApplicationPolicyConnectionRules",
     "InfrastructureApplicationPolicyConnectionRulesSSH",
+    "InfrastructureApplicationPolicyMfaConfig",
     "BrowserRDPApplication",
     "BrowserRDPApplicationTargetCriterion",
     "BrowserRDPApplicationDestination",
@@ -3033,6 +3034,31 @@ class InfrastructureApplicationPolicyConnectionRules(TypedDict, total=False):
     """
 
 
+class InfrastructureApplicationPolicyMfaConfig(TypedDict, total=False):
+    """
+    Configures multi-factor authentication (MFA) settings for infrastructure applications.
+    """
+
+    allowed_authenticators: List[Literal["ssh_piv_key"]]
+    """Lists the MFA methods that users can authenticate with.
+
+    For infrastructure applications, only `ssh_piv_key` is supported.
+    """
+
+    mfa_disabled: bool
+    """Indicates whether to disable MFA for this resource.
+
+    This option is available at the application and policy level.
+    """
+
+    session_duration: str
+    """Defines the duration of an MFA session.
+
+    Must be in minutes (m) or hours (h). Minimum: 0m. Maximum: 720h (30 days).
+    Examples: `5m` or `24h`.
+    """
+
+
 class InfrastructureApplicationPolicy(TypedDict, total=False):
     decision: Required[Decision]
     """The action Access will take if a user matches this policy.
@@ -3061,6 +3087,12 @@ class InfrastructureApplicationPolicy(TypedDict, total=False):
     To match the policy, a user cannot meet any of the Exclude rules.
     """
 
+    mfa_config: InfrastructureApplicationPolicyMfaConfig
+    """
+    Configures multi-factor authentication (MFA) settings for infrastructure
+    applications.
+    """
+
     require: Iterable[AccessRuleParam]
     """Rules evaluated with an AND logical operator.
 

src/cloudflare/types/zero_trust/access/application_create_response.py

@@ -118,6 +118,7 @@
     "InfrastructureApplicationPolicy",
     "InfrastructureApplicationPolicyConnectionRules",
     "InfrastructureApplicationPolicyConnectionRulesSSH",
+    "InfrastructureApplicationPolicyMfaConfig",
     "BrowserRDPApplication",
     "BrowserRDPApplicationTargetCriterion",
     "BrowserRDPApplicationDestination",
@@ -3062,6 +3063,31 @@ class InfrastructureApplicationPolicyConnectionRules(BaseModel):
     """
 
 
+class InfrastructureApplicationPolicyMfaConfig(BaseModel):
+    """
+    Configures multi-factor authentication (MFA) settings for infrastructure applications.
+    """
+
+    allowed_authenticators: Optional[List[Literal["ssh_piv_key"]]] = None
+    """Lists the MFA methods that users can authenticate with.
+
+    For infrastructure applications, only `ssh_piv_key` is supported.
+    """
+
+    mfa_disabled: Optional[bool] = None
+    """Indicates whether to disable MFA for this resource.
+
+    This option is available at the application and policy level.
+    """
+
+    session_duration: Optional[str] = None
+    """Defines the duration of an MFA session.
+
+    Must be in minutes (m) or hours (h). Minimum: 0m. Maximum: 720h (30 days).
+    Examples: `5m` or `24h`.
+    """
+
+
 class InfrastructureApplicationPolicy(BaseModel):
     id: Optional[str] = None
     """The UUID of the policy"""
@@ -3092,6 +3118,12 @@ class InfrastructureApplicationPolicy(BaseModel):
     A user needs to meet only one of the Include rules.
     """
 
+    mfa_config: Optional[InfrastructureApplicationPolicyMfaConfig] = None
+    """
+    Configures multi-factor authentication (MFA) settings for infrastructure
+    applications.
+    """
+
     name: Optional[str] = None
     """The name of the Access policy."""
 

src/cloudflare/types/zero_trust/access/application_get_response.py

@@ -118,6 +118,7 @@
     "InfrastructureApplicationPolicy",
     "InfrastructureApplicationPolicyConnectionRules",
     "InfrastructureApplicationPolicyConnectionRulesSSH",
+    "InfrastructureApplicationPolicyMfaConfig",
     "BrowserRDPApplication",
     "BrowserRDPApplicationTargetCriterion",
     "BrowserRDPApplicationDestination",
@@ -3062,6 +3063,31 @@ class InfrastructureApplicationPolicyConnectionRules(BaseModel):
     """
 
 
+class InfrastructureApplicationPolicyMfaConfig(BaseModel):
+    """
+    Configures multi-factor authentication (MFA) settings for infrastructure applications.
+    """
+
+    allowed_authenticators: Optional[List[Literal["ssh_piv_key"]]] = None
+    """Lists the MFA methods that users can authenticate with.
+
+    For infrastructure applications, only `ssh_piv_key` is supported.
+    """
+
+    mfa_disabled: Optional[bool] = None
+    """Indicates whether to disable MFA for this resource.
+
+    This option is available at the application and policy level.
+    """
+
+    session_duration: Optional[str] = None
+    """Defines the duration of an MFA session.
+
+    Must be in minutes (m) or hours (h). Minimum: 0m. Maximum: 720h (30 days).
+    Examples: `5m` or `24h`.
+    """
+
+
 class InfrastructureApplicationPolicy(BaseModel):
     id: Optional[str] = None
     """The UUID of the policy"""
@@ -3092,6 +3118,12 @@ class InfrastructureApplicationPolicy(BaseModel):
     A user needs to meet only one of the Include rules.
     """
 
+    mfa_config: Optional[InfrastructureApplicationPolicyMfaConfig] = None
+    """
+    Configures multi-factor authentication (MFA) settings for infrastructure
+    applications.
+    """
+
     name: Optional[str] = None
     """The name of the Access policy."""
 

src/cloudflare/types/zero_trust/access/application_list_response.py

@@ -118,6 +118,7 @@
     "InfrastructureApplicationPolicy",
     "InfrastructureApplicationPolicyConnectionRules",
     "InfrastructureApplicationPolicyConnectionRulesSSH",
+    "InfrastructureApplicationPolicyMfaConfig",
     "BrowserRDPApplication",
     "BrowserRDPApplicationTargetCriterion",
     "BrowserRDPApplicationDestination",
@@ -3062,6 +3063,31 @@ class InfrastructureApplicationPolicyConnectionRules(BaseModel):
     """
 
 
+class InfrastructureApplicationPolicyMfaConfig(BaseModel):
+    """
+    Configures multi-factor authentication (MFA) settings for infrastructure applications.
+    """
+
+    allowed_authenticators: Optional[List[Literal["ssh_piv_key"]]] = None
+    """Lists the MFA methods that users can authenticate with.
+
+    For infrastructure applications, only `ssh_piv_key` is supported.
+    """
+
+    mfa_disabled: Optional[bool] = None
+    """Indicates whether to disable MFA for this resource.
+
+    This option is available at the application and policy level.
+    """
+
+    session_duration: Optional[str] = None
+    """Defines the duration of an MFA session.
+
+    Must be in minutes (m) or hours (h). Minimum: 0m. Maximum: 720h (30 days).
+    Examples: `5m` or `24h`.
+    """
+
+
 class InfrastructureApplicationPolicy(BaseModel):
     id: Optional[str] = None
     """The UUID of the policy"""
@@ -3092,6 +3118,12 @@ class InfrastructureApplicationPolicy(BaseModel):
     A user needs to meet only one of the Include rules.
     """
 
+    mfa_config: Optional[InfrastructureApplicationPolicyMfaConfig] = None
+    """
+    Configures multi-factor authentication (MFA) settings for infrastructure
+    applications.
+    """
+
     name: Optional[str] = None
     """The name of the Access policy."""
 

src/cloudflare/types/zero_trust/access/application_update_params.py

@@ -137,6 +137,7 @@
     "InfrastructureApplicationPolicy",
     "InfrastructureApplicationPolicyConnectionRules",
     "InfrastructureApplicationPolicyConnectionRulesSSH",
+    "InfrastructureApplicationPolicyMfaConfig",
     "BrowserRDPApplication",
     "BrowserRDPApplicationTargetCriterion",
     "BrowserRDPApplicationDestination",
@@ -3033,6 +3034,31 @@ class InfrastructureApplicationPolicyConnectionRules(TypedDict, total=False):
     """
 
 
+class InfrastructureApplicationPolicyMfaConfig(TypedDict, total=False):
+    """
+    Configures multi-factor authentication (MFA) settings for infrastructure applications.
+    """
+
+    allowed_authenticators: List[Literal["ssh_piv_key"]]
+    """Lists the MFA methods that users can authenticate with.
+
+    For infrastructure applications, only `ssh_piv_key` is supported.
+    """
+
+    mfa_disabled: bool
+    """Indicates whether to disable MFA for this resource.
+
+    This option is available at the application and policy level.
+    """
+
+    session_duration: str
+    """Defines the duration of an MFA session.
+
+    Must be in minutes (m) or hours (h). Minimum: 0m. Maximum: 720h (30 days).
+    Examples: `5m` or `24h`.
+    """
+
+
 class InfrastructureApplicationPolicy(TypedDict, total=False):
     decision: Required[Decision]
     """The action Access will take if a user matches this policy.
@@ -3061,6 +3087,12 @@ class InfrastructureApplicationPolicy(TypedDict, total=False):
     To match the policy, a user cannot meet any of the Exclude rules.
     """
 
+    mfa_config: InfrastructureApplicationPolicyMfaConfig
+    """
+    Configures multi-factor authentication (MFA) settings for infrastructure
+    applications.
+    """
+
     require: Iterable[AccessRuleParam]
     """Rules evaluated with an AND logical operator.