feat(api): api update (#3826)

.stats.yml

@@ -1,2 +1,2 @@
 configured_endpoints: 1493
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-3d78f855257b55bbb80884f99c3802cae877968d140eed3557fcb2cdd5f937b3.yml
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-56f3021fb085763371fa342d21f231ef420fbfdddf6599c584bc84e609c421fa.yml

zero_trust/gatewayrule.go

@@ -453,9 +453,9 @@ type RuleSetting struct {
 	// Configure how session check behaves.
 	CheckSession RuleSettingCheckSession `json:"check_session"`
 	// Add your own custom resolvers to route queries that match the resolver policy.
-	// Cannot be used when resolve_dns_through_cloudflare is set. DNS queries will
-	// route to the address closest to their origin. Only valid when a rule's action is
-	// set to 'resolve'.
+	// Cannot be used when 'resolve_dns_through_cloudflare' or 'resolve_dns_internally'
+	// are set. DNS queries will route to the address closest to their origin. Only
+	// valid when a rule's action is set to 'resolve'.
 	DNSResolvers RuleSettingDNSResolvers `json:"dns_resolvers"`
 	// Configure how Gateway Proxy traffic egresses. You can enable this setting for
 	// rules with Egress actions and filters, or omit it to indicate local egress via
@@ -486,9 +486,15 @@ type RuleSetting struct {
 	PayloadLog RuleSettingPayloadLog `json:"payload_log"`
 	// Settings that apply to quarantine rules
 	Quarantine RuleSettingQuarantine `json:"quarantine"`
+	// Configure to forward the query to the internal DNS service, passing the
+	// specified 'view_id' as input. Cannot be set when 'dns_resolvers' are specified
+	// or 'resolve_dns_through_cloudflare' is set. Only valid when a rule's action is
+	// set to 'resolve'.
+	ResolveDNSInternally RuleSettingResolveDNSInternally `json:"resolve_dns_internally"`
 	// Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS
-	// resolver. Cannot be set when dns_resolvers are specified. Only valid when a
-	// rule's action is set to 'resolve'.
+	// resolver. Cannot be set when 'dns_resolvers' are specified or
+	// 'resolve_dns_internally' is set. Only valid when a rule's action is set to
+	// 'resolve'.
 	ResolveDNSThroughCloudflare bool `json:"resolve_dns_through_cloudflare"`
 	// Configure behavior when an upstream cert is invalid or an SSL error occurs.
 	UntrustedCERT RuleSettingUntrustedCERT `json:"untrusted_cert"`
@@ -517,6 +523,7 @@ type ruleSettingJSON struct {
 	OverrideIPs                     apijson.Field
 	PayloadLog                      apijson.Field
 	Quarantine                      apijson.Field
+	ResolveDNSInternally            apijson.Field
 	ResolveDNSThroughCloudflare     apijson.Field
 	UntrustedCERT                   apijson.Field
 	raw                             string
@@ -616,9 +623,9 @@ func (r ruleSettingCheckSessionJSON) RawJSON() string {
 }
 
 // Add your own custom resolvers to route queries that match the resolver policy.
-// Cannot be used when resolve_dns_through_cloudflare is set. DNS queries will
-// route to the address closest to their origin. Only valid when a rule's action is
-// set to 'resolve'.
+// Cannot be used when 'resolve_dns_through_cloudflare' or 'resolve_dns_internally'
+// are set. DNS queries will route to the address closest to their origin. Only
+// valid when a rule's action is set to 'resolve'.
 type RuleSettingDNSResolvers struct {
 	IPV4 []DNSResolverSettingsV4     `json:"ipv4"`
 	IPV6 []DNSResolverSettingsV6     `json:"ipv6"`
@@ -804,6 +811,55 @@ func (r RuleSettingQuarantineFileType) IsKnown() bool {
 	return false
 }
 
+// Configure to forward the query to the internal DNS service, passing the
+// specified 'view_id' as input. Cannot be set when 'dns_resolvers' are specified
+// or 'resolve_dns_through_cloudflare' is set. Only valid when a rule's action is
+// set to 'resolve'.
+type RuleSettingResolveDNSInternally struct {
+	// The fallback behavior to apply when the internal DNS response code is different
+	// from 'NOERROR' or when the response data only contains CNAME records for 'A' or
+	// 'AAAA' queries.
+	Fallback RuleSettingResolveDNSInternallyFallback `json:"fallback"`
+	// The internal DNS view identifier that's passed to the internal DNS service.
+	ViewID string                              `json:"view_id"`
+	JSON   ruleSettingResolveDNSInternallyJSON `json:"-"`
+}
+
+// ruleSettingResolveDNSInternallyJSON contains the JSON metadata for the struct
+// [RuleSettingResolveDNSInternally]
+type ruleSettingResolveDNSInternallyJSON struct {
+	Fallback    apijson.Field
+	ViewID      apijson.Field
+	raw         string
+	ExtraFields map[string]apijson.Field
+}
+
+func (r *RuleSettingResolveDNSInternally) UnmarshalJSON(data []byte) (err error) {
+	return apijson.UnmarshalRoot(data, r)
+}
+
+func (r ruleSettingResolveDNSInternallyJSON) RawJSON() string {
+	return r.raw
+}
+
+// The fallback behavior to apply when the internal DNS response code is different
+// from 'NOERROR' or when the response data only contains CNAME records for 'A' or
+// 'AAAA' queries.
+type RuleSettingResolveDNSInternallyFallback string
+
+const (
+	RuleSettingResolveDNSInternallyFallbackNone      RuleSettingResolveDNSInternallyFallback = "none"
+	RuleSettingResolveDNSInternallyFallbackPublicDNS RuleSettingResolveDNSInternallyFallback = "public_dns"
+)
+
+func (r RuleSettingResolveDNSInternallyFallback) IsKnown() bool {
+	switch r {
+	case RuleSettingResolveDNSInternallyFallbackNone, RuleSettingResolveDNSInternallyFallbackPublicDNS:
+		return true
+	}
+	return false
+}
+
 // Configure behavior when an upstream cert is invalid or an SSL error occurs.
 type RuleSettingUntrustedCERT struct {
 	// The action performed when an untrusted certificate is seen. The default action
@@ -867,9 +923,9 @@ type RuleSettingParam struct {
 	// Configure how session check behaves.
 	CheckSession param.Field[RuleSettingCheckSessionParam] `json:"check_session"`
 	// Add your own custom resolvers to route queries that match the resolver policy.
-	// Cannot be used when resolve_dns_through_cloudflare is set. DNS queries will
-	// route to the address closest to their origin. Only valid when a rule's action is
-	// set to 'resolve'.
+	// Cannot be used when 'resolve_dns_through_cloudflare' or 'resolve_dns_internally'
+	// are set. DNS queries will route to the address closest to their origin. Only
+	// valid when a rule's action is set to 'resolve'.
 	DNSResolvers param.Field[RuleSettingDNSResolversParam] `json:"dns_resolvers"`
 	// Configure how Gateway Proxy traffic egresses. You can enable this setting for
 	// rules with Egress actions and filters, or omit it to indicate local egress via
@@ -900,9 +956,15 @@ type RuleSettingParam struct {
 	PayloadLog param.Field[RuleSettingPayloadLogParam] `json:"payload_log"`
 	// Settings that apply to quarantine rules
 	Quarantine param.Field[RuleSettingQuarantineParam] `json:"quarantine"`
+	// Configure to forward the query to the internal DNS service, passing the
+	// specified 'view_id' as input. Cannot be set when 'dns_resolvers' are specified
+	// or 'resolve_dns_through_cloudflare' is set. Only valid when a rule's action is
+	// set to 'resolve'.
+	ResolveDNSInternally param.Field[RuleSettingResolveDNSInternallyParam] `json:"resolve_dns_internally"`
 	// Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS
-	// resolver. Cannot be set when dns_resolvers are specified. Only valid when a
-	// rule's action is set to 'resolve'.
+	// resolver. Cannot be set when 'dns_resolvers' are specified or
+	// 'resolve_dns_internally' is set. Only valid when a rule's action is set to
+	// 'resolve'.
 	ResolveDNSThroughCloudflare param.Field[bool] `json:"resolve_dns_through_cloudflare"`
 	// Configure behavior when an upstream cert is invalid or an SSL error occurs.
 	UntrustedCERT param.Field[RuleSettingUntrustedCERTParam] `json:"untrusted_cert"`
@@ -953,9 +1015,9 @@ func (r RuleSettingCheckSessionParam) MarshalJSON() (data []byte, err error) {
 }
 
 // Add your own custom resolvers to route queries that match the resolver policy.
-// Cannot be used when resolve_dns_through_cloudflare is set. DNS queries will
-// route to the address closest to their origin. Only valid when a rule's action is
-// set to 'resolve'.
+// Cannot be used when 'resolve_dns_through_cloudflare' or 'resolve_dns_internally'
+// are set. DNS queries will route to the address closest to their origin. Only
+// valid when a rule's action is set to 'resolve'.
 type RuleSettingDNSResolversParam struct {
 	IPV4 param.Field[[]DNSResolverSettingsV4Param] `json:"ipv4"`
 	IPV6 param.Field[[]DNSResolverSettingsV6Param] `json:"ipv6"`
@@ -1031,6 +1093,23 @@ func (r RuleSettingQuarantineParam) MarshalJSON() (data []byte, err error) {
 	return apijson.MarshalRoot(r)
 }
 
+// Configure to forward the query to the internal DNS service, passing the
+// specified 'view_id' as input. Cannot be set when 'dns_resolvers' are specified
+// or 'resolve_dns_through_cloudflare' is set. Only valid when a rule's action is
+// set to 'resolve'.
+type RuleSettingResolveDNSInternallyParam struct {
+	// The fallback behavior to apply when the internal DNS response code is different
+	// from 'NOERROR' or when the response data only contains CNAME records for 'A' or
+	// 'AAAA' queries.
+	Fallback param.Field[RuleSettingResolveDNSInternallyFallback] `json:"fallback"`
+	// The internal DNS view identifier that's passed to the internal DNS service.
+	ViewID param.Field[string] `json:"view_id"`
+}
+
+func (r RuleSettingResolveDNSInternallyParam) MarshalJSON() (data []byte, err error) {
+	return apijson.MarshalRoot(r)
+}
+
 // Configure behavior when an upstream cert is invalid or an SSL error occurs.
 type RuleSettingUntrustedCERTParam struct {
 	// The action performed when an untrusted certificate is seen. The default action

zero_trust/gatewayrule_test.go

@@ -105,6 +105,10 @@ func TestGatewayRuleNewWithOptionalParams(t *testing.T) {
 			Quarantine: cloudflare.F(zero_trust.RuleSettingQuarantineParam{
 				FileTypes: cloudflare.F([]zero_trust.RuleSettingQuarantineFileType{zero_trust.RuleSettingQuarantineFileTypeExe}),
 			}),
+			ResolveDNSInternally: cloudflare.F(zero_trust.RuleSettingResolveDNSInternallyParam{
+				Fallback: cloudflare.F(zero_trust.RuleSettingResolveDNSInternallyFallbackNone),
+				ViewID:   cloudflare.F("view_id"),
+			}),
 			ResolveDNSThroughCloudflare: cloudflare.F(true),
 			UntrustedCERT: cloudflare.F(zero_trust.RuleSettingUntrustedCERTParam{
 				Action: cloudflare.F(zero_trust.RuleSettingUntrustedCERTActionPassThrough),
@@ -224,6 +228,10 @@ func TestGatewayRuleUpdateWithOptionalParams(t *testing.T) {
 				Quarantine: cloudflare.F(zero_trust.RuleSettingQuarantineParam{
 					FileTypes: cloudflare.F([]zero_trust.RuleSettingQuarantineFileType{zero_trust.RuleSettingQuarantineFileTypeExe}),
 				}),
+				ResolveDNSInternally: cloudflare.F(zero_trust.RuleSettingResolveDNSInternallyParam{
+					Fallback: cloudflare.F(zero_trust.RuleSettingResolveDNSInternallyFallbackNone),
+					ViewID:   cloudflare.F("view_id"),
+				}),
 				ResolveDNSThroughCloudflare: cloudflare.F(true),
 				UntrustedCERT: cloudflare.F(zero_trust.RuleSettingUntrustedCERTParam{
 					Action: cloudflare.F(zero_trust.RuleSettingUntrustedCERTActionPassThrough),