Merge remote-tracking branch 'origin' into rex/update-teams-docs

.changelog/3742.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+certificate_authorities: fixes for methods to interact with Certificate Authorities Hostname Associations API
+```

.changelog/3756.txt

@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.32.0 to 0.33.0
+```

CHANGELOG.md

@@ -1,4 +1,25 @@
-## 0.112.0 (Unreleased)
+## 0.113.0 (Unreleased)
+
+## 0.112.0 (December 18th, 2024)
+
+ENHANCEMENTS:
+
+* access_application: support Access service token + multi-valued authentication for SCIM provisioning ([#3708](https://github.com/cloudflare/cloudflare-go/issues/3708))
+* certificate_authorities: add new methods to interact with Certificate Authorities Hostname Associations API ([#3740](https://github.com/cloudflare/cloudflare-go/issues/3740))
+* content_scanning: Add new support for CRUD operations ([#3700](https://github.com/cloudflare/cloudflare-go/issues/3700))
+* teams: sync latest doc changes ([#3743](https://github.com/cloudflare/cloudflare-go/issues/3743))
+* teams_location: add support for `dns_destination_ipv6_block_id` to the location payload ([#3738](https://github.com/cloudflare/cloudflare-go/issues/3738))
+* teams_locations: Add dns_destination_ips_id and ipv4_destination_backup ([#3699](https://github.com/cloudflare/cloudflare-go/issues/3699))
+
+BUG FIXES:
+
+* certificate_authorities: fixes for methods to interact with Certificate Authorities Hostname Associations API ([#3742](https://github.com/cloudflare/cloudflare-go/issues/3742))
+
+DEPENDENCIES:
+
+* deps: bumps github.com/goccy/go-json from 0.10.3 to 0.10.4 ([#3726](https://github.com/cloudflare/cloudflare-go/issues/3726))
+* deps: bumps golang.org/x/crypto from 0.21.0 to 0.31.0 ([#3725](https://github.com/cloudflare/cloudflare-go/issues/3725))
+* deps: bumps golang.org/x/net from 0.31.0 to 0.32.0 ([#3704](https://github.com/cloudflare/cloudflare-go/issues/3704))
 
 ## 0.111.0 (December 4th, 2024)
 

certificate_authorities.go

@@ -17,9 +17,18 @@ type UpdateCertificateAuthoritiesHostnameAssociationsParams struct {
 	MTLSCertificateID string                `json:"mtls_certificate_id,omitempty"`
 }
 
+type HostnameAssociationsUpdateRequest struct {
+	Hostnames         []HostnameAssociation `json:"hostnames,omitempty"`
+	MTLSCertificateID string                `json:"mtls_certificate_id,omitempty"`
+}
+
 type HostnameAssociationsResponse struct {
 	Response
-	Result []HostnameAssociation `json:"result"`
+	Result HostnameAssociations `json:"result"`
+}
+
+type HostnameAssociations struct {
+	Hostnames []HostnameAssociation `json:"hostnames"`
 }
 
 type HostnameAssociation = string
@@ -28,12 +37,11 @@ type HostnameAssociation = string
 //
 // API Reference: https://developers.cloudflare.com/api/resources/certificate_authorities/subresources/hostname_associations/methods/get/
 func (api *API) ListCertificateAuthoritiesHostnameAssociations(ctx context.Context, rc *ResourceContainer, params ListCertificateAuthoritiesHostnameAssociationsParams) ([]HostnameAssociation, error) {
+	if rc.Level != ZoneRouteLevel {
+		return []HostnameAssociation{}, ErrRequiredZoneLevelResourceContainer
+	}
 
-	uri := fmt.Sprintf(
-		"/%s/%s/certificate_authorities/hostname_associations",
-		rc.Level,
-		rc.Identifier,
-	)
+	uri := buildURI(fmt.Sprintf("/zones/%s/certificate_authorities/hostname_associations", rc.Identifier), params)
 
 	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
 	if err != nil {
@@ -46,18 +54,18 @@ func (api *API) ListCertificateAuthoritiesHostnameAssociations(ctx context.Conte
 		return []HostnameAssociation{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
 	}
 
-	return hostnameAssociationsResponse.Result, nil
+	return hostnameAssociationsResponse.Result.Hostnames, nil
 }
 
 // Replace Hostname Associations
 //
 // API Reference: https://developers.cloudflare.com/api/resources/certificate_authorities/subresources/hostname_associations/methods/update/
 func (api *API) UpdateCertificateAuthoritiesHostnameAssociations(ctx context.Context, rc *ResourceContainer, params UpdateCertificateAuthoritiesHostnameAssociationsParams) ([]HostnameAssociation, error) {
-	uri := fmt.Sprintf(
-		"/%s/%s/certificate_authorities/hostname_associations",
-		rc.Level,
-		rc.Identifier,
-	)
+	if rc.Level != ZoneRouteLevel {
+		return []HostnameAssociation{}, ErrRequiredZoneLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/zones/%s/certificate_authorities/hostname_associations", rc.Identifier)
 
 	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
 	if err != nil {
@@ -70,5 +78,5 @@ func (api *API) UpdateCertificateAuthoritiesHostnameAssociations(ctx context.Con
 		return []HostnameAssociation{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
 	}
 
-	return hostnameAssociationsResponse.Result, nil
+	return hostnameAssociationsResponse.Result.Hostnames, nil
 }

certificate_authorities_test.go

@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"testing"
 
+	"github.com/goccy/go-json"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -15,15 +16,18 @@ func TestListCertificateAuthoritiesHostnameAssociations(t *testing.T) {
 
 	handler := func(w http.ResponseWriter, r *http.Request) {
 		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Equal(t, "72ef4d06-4752-4493-a60a-7421470fd585", r.URL.Query().Get("mtls_certificate_id"))
 		w.Header().Set("content-type", "application/json")
 		fmt.Fprintf(w, `{
 			"success": true,
 			"errors": [],
 			"messages": [],
-			"result": [
-				"admin.example.com",
-				"foobar.example.com"
-			]
+			"result": {
+				"hostnames": [
+					"admin.example.com",
+					"foobar.example.com"
+				]
+			}
 		}`)
 	}
 
@@ -51,19 +55,32 @@ func TestUpdateCertificateAuthoritiesHostnameAssociations(t *testing.T) {
 
 	handler := func(w http.ResponseWriter, r *http.Request) {
 		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		wantReqHostnames := []HostnameAssociation{
+			"admin.example.com",
+			"foobar.example.com",
+		}
+		var req HostnameAssociationsUpdateRequest
+		assert.NoError(t, json.NewDecoder(r.Body).Decode(&req))
+		assert.Equal(t, "72ef4d06-4752-4493-a60a-7421470fd585", req.MTLSCertificateID)
+		assert.Equal(t, wantReqHostnames, req.Hostnames)
+
 		w.Header().Set("content-type", "application/json")
 		fmt.Fprintf(w, `{
 			"success": true,
 			"errors": [],
 			"messages": [],
-			"result": [
-				"admin.example.com",
-				"foobar.example.com"
-			]
+			"result": {
+				"hostnames": [
+					"admin.example.com",
+					"foobar.example.com"
+				]
+			}
 		}`)
 	}
 
 	hostnameAssociations := UpdateCertificateAuthoritiesHostnameAssociationsParams{
+		MTLSCertificateID: "72ef4d06-4752-4493-a60a-7421470fd585",
 		Hostnames: []HostnameAssociation{
 			"admin.example.com",
 			"foobar.example.com",

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/stretchr/testify v1.10.0
 	github.com/urfave/cli/v2 v2.27.5
-	golang.org/x/net v0.32.0
+	golang.org/x/net v0.33.0
 	golang.org/x/time v0.8.0
 )
 

go.sum

@@ -39,8 +39,8 @@ github.com/urfave/cli/v2 v2.27.5 h1:WoHEJLdsXr6dDWoJgMq/CboDmyY/8HMMH1fTECbih+w=
 github.com/urfave/cli/v2 v2.27.5/go.mod h1:3Sevf16NykTbInEnD0yKkjDAeZDS0A6bzhBH5hrMvTQ=
 github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4=
 github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
-golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
-golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=

teams_accounts.go

@@ -50,10 +50,10 @@ type TeamsAccountSettings struct {
 	ExtendedEmailMatching *TeamsExtendedEmailMatching `json:"extended_email_matching,omitempty"`
 	CustomCertificate     *TeamsCustomCertificate     `json:"custom_certificate,omitempty"`
 	Certificate           *TeamsCertificateSetting    `json:"certificate,omitempty"`
-	Sandbox               *SandboxAccountSetting      `json:"sandbox,omitempty"`
+	Sandbox               *TeamsSandboxAccountSetting `json:"sandbox,omitempty"`
 }
 
-type SandboxAccountSetting struct {
+type TeamsSandboxAccountSetting struct {
 	Enabled        *bool  `db:"enabled" json:"enabled" validate:"required"`
 	FallbackAction string `db:"fallback_action" json:"fallback_action" validate:"omitempty,oneof=allow block"`
 }

teams_locations.go

@@ -26,51 +26,50 @@ type TeamsLocationNetwork struct {
 }
 
 type TeamsLocation struct {
-	ID                        string                 `json:"id"`
-	Name                      string                 `json:"name"`
-	Networks                  []TeamsLocationNetwork `json:"networks"`
-	Ip                        string                 `json:"ip,omitempty"`
-	Subdomain                 string                 `json:"doh_subdomain"`
-	AnonymizedLogsEnabled     bool                   `json:"anonymized_logs_enabled"`
-	IPv4Destination           string                 `json:"ipv4_destination,omitempty"`
-	IPv4DestinationBackup     string                 `json:"ipv4_destination_backup,omitempty"`
-	DNSDestinationIPsID       *string                `json:"dns_destination_ips_id,omitempty"`
-	DNSDestinationIPv6BlockID *string                `json:"dns_destination_ipv6_block_id,omitempty"`
-	ClientDefault             bool                   `json:"client_default"`
-	ECSSupport                *bool                  `json:"ecs_support,omitempty"`
-	Endpoints                 *LocationEndpoints     `json:"endpoints,omitempty"`
-
-	CreatedAt *time.Time `json:"created_at,omitempty"`
-	UpdatedAt *time.Time `json:"updated_at,omitempty"`
+	ID                        string                  `json:"id"`
+	Name                      string                  `json:"name"`
+	Networks                  []TeamsLocationNetwork  `json:"networks"`
+	Ip                        string                  `json:"ip,omitempty"`
+	Subdomain                 string                  `json:"doh_subdomain"`
+	AnonymizedLogsEnabled     bool                    `json:"anonymized_logs_enabled"`
+	IPv4Destination           string                  `json:"ipv4_destination,omitempty"`
+	IPv4DestinationBackup     string                  `json:"ipv4_destination_backup,omitempty"`
+	DNSDestinationIPsID       *string                 `json:"dns_destination_ips_id,omitempty"`
+	DNSDestinationIPv6BlockID *string                 `json:"dns_destination_ipv6_block_id,omitempty"`
+	ClientDefault             bool                    `json:"client_default"`
+	ECSSupport                *bool                   `json:"ecs_support,omitempty"`
+	Endpoints                 *TeamsLocationEndpoints `json:"endpoints,omitempty"`
+	CreatedAt                 *time.Time              `json:"created_at,omitempty"`
+	UpdatedAt                 *time.Time              `json:"updated_at,omitempty"`
 }
 
-type LocationEndpoints struct {
-	IPv4Endpoint IPv4EndpointFields `json:"ipv4"`
-	IPv6Endpoint IPv6EndpointFields `json:"ipv6"`
-	DotEndpoint  DotEndpointFields  `json:"dot"`
-	DohEndpoint  DohEndpointFields  `json:"doh"`
+type TeamsLocationEndpoints struct {
+	IPv4Endpoint TeamsLocationIPv4EndpointFields `json:"ipv4"`
+	IPv6Endpoint TeamsLocationIPv6EndpointFields `json:"ipv6"`
+	DotEndpoint  TeamsLocationDotEndpointFields  `json:"dot"`
+	DohEndpoint  TeamsLocationDohEndpointFields  `json:"doh"`
 }
 
-type IPv4EndpointFields struct {
+type TeamsLocationIPv4EndpointFields struct {
 	Enabled               bool `json:"enabled"`
 	AuthenticationEnabled bool `json:"authentication_enabled,omitempty"`
 }
 
-type IPv6EndpointFields struct {
-	EndpointFields
+type TeamsLocationIPv6EndpointFields struct {
+	TeamsLocationEndpointFields
 }
 
-type DotEndpointFields struct {
+type TeamsLocationDotEndpointFields struct {
 	RequireToken bool `json:"require_token"`
-	EndpointFields
+	TeamsLocationEndpointFields
 }
 
-type DohEndpointFields struct {
+type TeamsLocationDohEndpointFields struct {
 	RequireToken bool `json:"require_token"`
-	EndpointFields
+	TeamsLocationEndpointFields
 }
 
-type EndpointFields struct {
+type TeamsLocationEndpointFields struct {
 	Enabled                       bool                   `json:"enabled"`
 	AuthenticationEnabledUIHelper bool                   `json:"authentication_enabled,omitempty"`
 	Networks                      []TeamsLocationNetwork `json:"networks,omitempty"`

teams_rules.go

@@ -68,15 +68,15 @@ type TeamsRuleSettings struct {
 	DnsResolverSettings *TeamsDnsResolverSettings `json:"dns_resolvers,omitempty"`
 
 	NotificationSettings *TeamsNotificationSettings `json:"notification_settings"`
-	Quarantine           *Quarantine                `json:"quarantine,omitempty"`
-	ForensicCopySettings *ForensicCopySettings      `json:"forensic_copy,omitempty"`
+	Quarantine           *TeamsQuarantine           `json:"quarantine,omitempty"`
+	ForensicCopySettings *TeamsForensicCopySettings `json:"forensic_copy,omitempty"`
 }
 
-type ForensicCopySettings struct {
+type TeamsForensicCopySettings struct {
 	Enabled bool `json:"enabled"`
 }
 
-type Quarantine struct {
+type TeamsQuarantine struct {
 	FileTypes []FileType `json:"file_types"`
 }
 
@@ -216,43 +216,43 @@ func TeamsRulesUntrustedCertActionValues() []string {
 
 // TeamsRule represents an Teams wirefilter rule.
 type TeamsRule struct {
-	ID            string             `json:"id,omitempty"`
-	CreatedAt     *time.Time         `json:"created_at,omitempty"`
-	UpdatedAt     *time.Time         `json:"updated_at,omitempty"`
-	DeletedAt     *time.Time         `json:"deleted_at,omitempty"`
-	Name          string             `json:"name"`
-	Description   string             `json:"description"`
-	Precedence    uint64             `json:"precedence"`
-	Enabled       bool               `json:"enabled"`
-	Action        TeamsGatewayAction `json:"action"`
-	Filters       []TeamsFilterType  `json:"filters"`
-	Traffic       string             `json:"traffic"`
-	Identity      string             `json:"identity"`
-	DevicePosture string             `json:"device_posture"`
-	Version       uint64             `json:"version"`
-	RuleSettings  TeamsRuleSettings  `json:"rule_settings,omitempty"`
-	Schedule      *RuleSchedule      `json:"schedule,omitempty"`   // only available at DNS rules
-	Expiration    *RuleExpiration    `json:"expiration,omitempty"` // only available at DNS rules
+	ID            string               `json:"id,omitempty"`
+	CreatedAt     *time.Time           `json:"created_at,omitempty"`
+	UpdatedAt     *time.Time           `json:"updated_at,omitempty"`
+	DeletedAt     *time.Time           `json:"deleted_at,omitempty"`
+	Name          string               `json:"name"`
+	Description   string               `json:"description"`
+	Precedence    uint64               `json:"precedence"`
+	Enabled       bool                 `json:"enabled"`
+	Action        TeamsGatewayAction   `json:"action"`
+	Filters       []TeamsFilterType    `json:"filters"`
+	Traffic       string               `json:"traffic"`
+	Identity      string               `json:"identity"`
+	DevicePosture string               `json:"device_posture"`
+	Version       uint64               `json:"version"`
+	RuleSettings  TeamsRuleSettings    `json:"rule_settings,omitempty"`
+	Schedule      *TeamsRuleSchedule   `json:"schedule,omitempty"`   // only available at DNS rules
+	Expiration    *TeamsRuleExpiration `json:"expiration,omitempty"` // only available at DNS rules
 }
 
-type RuleExpiration struct {
+type TeamsRuleExpiration struct {
 	ExpiresAt *time.Time `json:"expires_at"`
 	Duration  *uint64    `json:"duration,omitempty"` // read only
 	Expired   bool       `json:"expired"`            // read only
 }
 
 // format HH:MM,HH:MM,....,HH:MM
-type ScheduleTimes string
-
-type RuleSchedule struct {
-	Monday    ScheduleTimes `json:"mon,omitempty"`
-	Tuesday   ScheduleTimes `json:"tue,omitempty"`
-	Wednesday ScheduleTimes `json:"wed,omitempty"`
-	Thursday  ScheduleTimes `json:"thu,omitempty"`
-	Friday    ScheduleTimes `json:"fri,omitempty"`
-	Saturday  ScheduleTimes `json:"sat,omitempty"`
-	Sunday    ScheduleTimes `json:"sun,omitempty"`
-	TimeZone  string        `json:"time_zone,omitempty"` // default to user TZ based on the user IP location, fall backs to colo TZ
+type TeamsScheduleTimes string
+
+type TeamsRuleSchedule struct {
+	Monday    TeamsScheduleTimes `json:"mon,omitempty"`
+	Tuesday   TeamsScheduleTimes `json:"tue,omitempty"`
+	Wednesday TeamsScheduleTimes `json:"wed,omitempty"`
+	Thursday  TeamsScheduleTimes `json:"thu,omitempty"`
+	Friday    TeamsScheduleTimes `json:"fri,omitempty"`
+	Saturday  TeamsScheduleTimes `json:"sat,omitempty"`
+	Sunday    TeamsScheduleTimes `json:"sun,omitempty"`
+	TimeZone  string             `json:"time_zone,omitempty"` // default to user TZ based on the user IP location, fall backs to colo TZ
 }
 
 // TeamsRuleResponse is the API response, containing a single rule.