diff --git a/go.mod b/go.mod index d59aed4b..c2788860 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/ThalesIgnite/crypto11 v1.2.5 github.com/cloudflare/backoff v0.0.0-20161212185259-647f3cdfc87a github.com/cloudflare/cfssl v1.6.5 - github.com/cloudflare/cloudflare-go v0.94.0 + github.com/cloudflare/cloudflare-go v0.100.0 github.com/cloudflare/go-metrics v0.0.0-20151117154305-6a9aea36fb41 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc github.com/google/uuid v1.6.0 @@ -25,7 +25,7 @@ require ( github.com/spf13/viper v1.19.0 github.com/stretchr/testify v1.9.0 github.com/uber/jaeger-client-go v2.30.0+incompatible - golang.org/x/crypto v0.24.0 + golang.org/x/crypto v0.25.0 golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 golang.org/x/sync v0.7.0 google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 @@ -57,7 +57,7 @@ require ( github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/goccy/go-json v0.10.2 // indirect + github.com/goccy/go-json v0.10.3 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect @@ -95,9 +95,9 @@ require ( go.uber.org/multierr v1.11.0 // indirect golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.26.0 // indirect + golang.org/x/net v0.27.0 // indirect golang.org/x/oauth2 v0.21.0 // indirect - golang.org/x/sys v0.21.0 // indirect + golang.org/x/sys v0.22.0 // indirect golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect diff --git a/go.sum b/go.sum index 67951b71..c7109037 100644 --- a/go.sum +++ b/go.sum @@ -54,8 +54,8 @@ github.com/cloudflare/backoff v0.0.0-20161212185259-647f3cdfc87a h1:8d1CEOF1xlde github.com/cloudflare/backoff v0.0.0-20161212185259-647f3cdfc87a/go.mod h1:rzgs2ZOiguV6/NpiDgADjRLPNyZlApIWxKpkT+X8SdY= github.com/cloudflare/cfssl v1.6.5 h1:46zpNkm6dlNkMZH/wMW22ejih6gIaJbzL2du6vD7ZeI= github.com/cloudflare/cfssl v1.6.5/go.mod h1:Bk1si7sq8h2+yVEDrFJiz3d7Aw+pfjjJSZVaD+Taky4= -github.com/cloudflare/cloudflare-go v0.94.0 h1:WADmVhCdnn1A9sm5NU08by49Vbh4Lj/JBgTWTr7q7Qc= -github.com/cloudflare/cloudflare-go v0.94.0/go.mod h1:N1u1cLZ4lG6NeezGOWi7P6aq1DK2iVYg9ze7GZbUmZE= +github.com/cloudflare/cloudflare-go v0.100.0 h1:4iCUI2ZoIhRMyd7Z1TDsHhH1OhkgHC83eYbPlSgTRjo= +github.com/cloudflare/cloudflare-go v0.100.0/go.mod h1:VQ1t9Mvgdu4VFLx6uwQgFC10XxcCRIUuvkYGc9daMRU= github.com/cloudflare/go-metrics v0.0.0-20151117154305-6a9aea36fb41 h1:/8sZyuGTAU2+fYv0Sz9lBcipqX0b7i4eUl8pSStk/4g= github.com/cloudflare/go-metrics v0.0.0-20151117154305-6a9aea36fb41/go.mod h1:eaZPlJWD+G9wseg1BuRXlHnjntPMrywMsyxf+LTOdP4= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= @@ -82,8 +82,8 @@ github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= -github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= +github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA= +github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= @@ -231,8 +231,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g= golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k= @@ -256,8 +256,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= @@ -277,8 +277,8 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= diff --git a/vendor/github.com/cloudflare/cloudflare-go/CHANGELOG.md b/vendor/github.com/cloudflare/cloudflare-go/CHANGELOG.md index 33dfc8b0..d7b8fa65 100644 --- a/vendor/github.com/cloudflare/cloudflare-go/CHANGELOG.md +++ b/vendor/github.com/cloudflare/cloudflare-go/CHANGELOG.md @@ -1,4 +1,91 @@ -## 0.95.0 (Unreleased) +## 0.101.0 (Unreleased) + +## 0.100.0 (July 18th, 2024) + +BREAKING CHANGES: + +* teams_accounts: rename `TeamsCertificate` in `TeamsAccountConfiguration` to `TeamsCertificateSetting` ([#2754](https://github.com/cloudflare/cloudflare-go/issues/2754)) + +ENHANCEMENTS: + +* Add CloudConnectorAPI Client ([#2698](https://github.com/cloudflare/cloudflare-go/issues/2698)) +* gateway_categories: add ListGatewayCategories which returns all gateway categories. ([#2722](https://github.com/cloudflare/cloudflare-go/issues/2722)) +* teams_certificates: add `TeamsCertificate` resource to manage gateway certificates ([#2754](https://github.com/cloudflare/cloudflare-go/issues/2754)) + +DEPENDENCIES: + +* deps: bumps dependabot/fetch-metadata from 2.1.0 to 2.2.0 ([#2727](https://github.com/cloudflare/cloudflare-go/issues/2727)) +* deps: bumps golang.org/x/net from 0.26.0 to 0.27.0 ([#2726](https://github.com/cloudflare/cloudflare-go/issues/2726)) + +## 0.99.0 (July 3rd, 2024) + +ENHANCEMENTS: + +* teams: added per account certificate setting to teams gateway configuration ([#2713](https://github.com/cloudflare/cloudflare-go/issues/2713)) +* teams_list: Added description to ZT list item ([#2621](https://github.com/cloudflare/cloudflare-go/issues/2621)) +* teams_rules: Added ZT rule settings `ignore_cname_category_matches` ([#2621](https://github.com/cloudflare/cloudflare-go/issues/2621)) + +DEPENDENCIES: + +* deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.1 to 0.7.7 ([#2699](https://github.com/cloudflare/cloudflare-go/issues/2699)) + +## 0.98.0 (June 19th, 2024) + +ENHANCEMENTS: + +* access_application: Add support for SaaS OIDC Access Token Lifetime ([#2455](https://github.com/cloudflare/cloudflare-go/issues/2455)) + +DEPENDENCIES: + +* deps: bumps golang.org/x/net from 0.25.0 to 0.26.0 ([#2364](https://github.com/cloudflare/cloudflare-go/issues/2364)) +* deps: bumps goreleaser/goreleaser-action from 5.1.0 to 6.0.0 ([#2365](https://github.com/cloudflare/cloudflare-go/issues/2365)) + +## 0.97.0 (June 5th, 2024) + +ENHANCEMENTS: + +* access_application: Add support for Hybrid/Implicit flows and options ([#2131](https://github.com/cloudflare/cloudflare-go/issues/2131)) +* teams_account: Add Zero Trust connectivity settings ([#2165](https://github.com/cloudflare/cloudflare-go/issues/2165)) +* teams_accounts: Add `use_zt_virtual_ip` attribute ([#2126](https://github.com/cloudflare/cloudflare-go/issues/2126)) + +DEPENDENCIES: + +* deps: bumps `github.com/goccy/go-json` from 0.10.2 to 0.10.3 ([#2107](https://github.com/cloudflare/cloudflare-go/issues/2107)) +* deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.6 to 0.7.7 ([#2249](https://github.com/cloudflare/cloudflare-go/issues/2249)) + +## 0.96.0 (May 22nd, 2024) + +ENHANCEMENTS: + +* access_application: Add Refresh Token, Custom Claims, and PKCE Without Client Secret support for OIDC SaaS configurations ([#1981](https://github.com/cloudflare/cloudflare-go/issues/1981)) +* ruleset: add support for action parameters `fonts` and `disable_rum` ([#1832](https://github.com/cloudflare/cloudflare-go/issues/1832)) + +DEPENDENCIES: + +* deps: bumps bflad/action-milestone-comment from 1 to 2 ([#1991](https://github.com/cloudflare/cloudflare-go/issues/1991)) +* deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.6 ([#1993](https://github.com/cloudflare/cloudflare-go/issues/1993)) +* deps: bumps goreleaser/goreleaser-action from 5.0.0 to 5.1.0 ([#1992](https://github.com/cloudflare/cloudflare-go/issues/1992)) + +## 0.95.0 (May 8th, 2024) + +ENHANCEMENTS: + +* access_application: add support for `policies` array ([#1956](https://github.com/cloudflare/cloudflare-go/issues/1956)) +* access_application: add support for `scim_config` ([#1921](https://github.com/cloudflare/cloudflare-go/issues/1921)) +* access_policy: add support for reusable policies ([#1956](https://github.com/cloudflare/cloudflare-go/issues/1956)) +* dlp: add support for zt risk behavior configuration ([#1887](https://github.com/cloudflare/cloudflare-go/issues/1887)) + +BUG FIXES: + +* access_application: fix scim configuration authentication json marshalling ([#1959](https://github.com/cloudflare/cloudflare-go/issues/1959)) + +DEPENDENCIES: + +* deps: bumps dependabot/fetch-metadata from 2.0.0 to 2.1.0 ([#1839](https://github.com/cloudflare/cloudflare-go/issues/1839)) +* deps: bumps github.com/urfave/cli/v2 from 2.27.1 to 2.27.2 ([#1861](https://github.com/cloudflare/cloudflare-go/issues/1861)) +* deps: bumps golang.org/x/net from 0.24.0 to 0.25.0 ([#1974](https://github.com/cloudflare/cloudflare-go/issues/1974)) +* deps: bumps golangci/golangci-lint-action from 4 to 5 ([#1845](https://github.com/cloudflare/cloudflare-go/issues/1845)) +* deps: bumps golangci/golangci-lint-action from 5 to 6 ([#1975](https://github.com/cloudflare/cloudflare-go/issues/1975)) ## 0.94.0 (April 24th, 2024) diff --git a/vendor/github.com/cloudflare/cloudflare-go/access_application.go b/vendor/github.com/cloudflare/cloudflare-go/access_application.go index fa426643..bdeaf79c 100644 --- a/vendor/github.com/cloudflare/cloudflare-go/access_application.go +++ b/vendor/github.com/cloudflare/cloudflare-go/access_application.go @@ -2,6 +2,7 @@ package cloudflare import ( "context" + "errors" "fmt" "net/http" "time" @@ -56,6 +57,8 @@ type AccessApplication struct { OptionsPreflightBypass *bool `json:"options_preflight_bypass,omitempty"` CustomPages []string `json:"custom_pages,omitempty"` Tags []string `json:"tags,omitempty"` + SCIMConfig *AccessApplicationSCIMConfig `json:"scim_config,omitempty"` + Policies []AccessPolicy `json:"policies,omitempty"` AccessAppLauncherCustomization } @@ -76,6 +79,96 @@ type AccessApplicationCorsHeaders struct { MaxAge int `json:"max_age,omitempty"` } +// AccessApplicationSCIMConfig represents the configuration for provisioning to an Access Application via SCIM. +type AccessApplicationSCIMConfig struct { + Enabled *bool `json:"enabled,omitempty"` + RemoteURI string `json:"remote_uri,omitempty"` + Authentication *AccessApplicationScimAuthenticationJson `json:"authentication,omitempty"` + IdPUID string `json:"idp_uid,omitempty"` + DeactivateOnDelete *bool `json:"deactivate_on_delete,omitempty"` + Mappings []*AccessApplicationScimMapping `json:"mappings,omitempty"` +} + +type AccessApplicationScimAuthenticationScheme string + +const ( + AccessApplicationScimAuthenticationSchemeHttpBasic AccessApplicationScimAuthenticationScheme = "httpbasic" + AccessApplicationScimAuthenticationSchemeOauthBearerToken AccessApplicationScimAuthenticationScheme = "oauthbearertoken" + AccessApplicationScimAuthenticationSchemeOauth2 AccessApplicationScimAuthenticationScheme = "oauth2" +) + +type AccessApplicationScimAuthenticationJson struct { + Value AccessApplicationScimAuthentication +} + +func (a *AccessApplicationScimAuthenticationJson) UnmarshalJSON(buf []byte) error { + var scheme baseScimAuthentication + if err := json.Unmarshal(buf, &scheme); err != nil { + return err + } + + switch scheme.Scheme { + case AccessApplicationScimAuthenticationSchemeHttpBasic: + a.Value = new(AccessApplicationScimAuthenticationHttpBasic) + case AccessApplicationScimAuthenticationSchemeOauthBearerToken: + a.Value = new(AccessApplicationScimAuthenticationOauthBearerToken) + case AccessApplicationScimAuthenticationSchemeOauth2: + a.Value = new(AccessApplicationScimAuthenticationOauth2) + default: + return errors.New("invalid authentication scheme") + } + + return json.Unmarshal(buf, a.Value) +} + +func (a *AccessApplicationScimAuthenticationJson) MarshalJSON() ([]byte, error) { + return json.Marshal(a.Value) +} + +type AccessApplicationScimAuthentication interface { + isScimAuthentication() +} + +type baseScimAuthentication struct { + Scheme AccessApplicationScimAuthenticationScheme `json:"scheme"` +} + +func (baseScimAuthentication) isScimAuthentication() {} + +type AccessApplicationScimAuthenticationHttpBasic struct { + baseScimAuthentication + User string `json:"user"` + Password string `json:"password"` +} + +type AccessApplicationScimAuthenticationOauthBearerToken struct { + baseScimAuthentication + Token string `json:"token"` +} + +type AccessApplicationScimAuthenticationOauth2 struct { + baseScimAuthentication + ClientID string `json:"client_id"` + ClientSecret string `json:"client_secret"` + AuthorizationURL string `json:"authorization_url"` + TokenURL string `json:"token_url"` + Scopes []string `json:"scopes,omitempty"` +} + +type AccessApplicationScimMapping struct { + Schema string `json:"schema"` + Enabled *bool `json:"enabled,omitempty"` + Filter string `json:"filter,omitempty"` + TransformJsonata string `json:"transform_jsonata,omitempty"` + Operations *AccessApplicationScimMappingOperations `json:"operations,omitempty"` +} + +type AccessApplicationScimMappingOperations struct { + Create *bool `json:"create,omitempty"` + Update *bool `json:"update,omitempty"` + Delete *bool `json:"delete,omitempty"` +} + // AccessApplicationListResponse represents the response from the list // access applications endpoint. type AccessApplicationListResponse struct { @@ -106,6 +199,22 @@ type SAMLAttributeConfig struct { Source SourceConfig `json:"source"` } +type OIDCClaimConfig struct { + Name string `json:"name,omitempty"` + Source SourceConfig `json:"source"` + Required *bool `json:"required,omitempty"` + Scope string `json:"scope,omitempty"` +} + +type RefreshTokenOptions struct { + Lifetime string `json:"lifetime,omitempty"` +} + +type AccessApplicationHybridAndImplicitOptions struct { + ReturnIDTokenFromAuthorizationEndpoint *bool `json:"return_id_token_from_authorization_endpoint,omitempty"` + ReturnAccessTokenFromAuthorizationEndpoint *bool `json:"return_access_token_from_authorization_endpoint,omitempty"` +} + type SaasApplication struct { // Items common to both SAML and OIDC AppID string `json:"app_id,omitempty"` @@ -126,13 +235,18 @@ type SaasApplication struct { SamlAttributeTransformJsonata string `json:"saml_attribute_transform_jsonata"` // OIDC saas app - ClientID string `json:"client_id,omitempty"` - ClientSecret string `json:"client_secret,omitempty"` - RedirectURIs []string `json:"redirect_uris,omitempty"` - GrantTypes []string `json:"grant_types,omitempty"` - Scopes []string `json:"scopes,omitempty"` - AppLauncherURL string `json:"app_launcher_url,omitempty"` - GroupFilterRegex string `json:"group_filter_regex,omitempty"` + ClientID string `json:"client_id,omitempty"` + ClientSecret string `json:"client_secret,omitempty"` + RedirectURIs []string `json:"redirect_uris,omitempty"` + GrantTypes []string `json:"grant_types,omitempty"` + Scopes []string `json:"scopes,omitempty"` + AppLauncherURL string `json:"app_launcher_url,omitempty"` + GroupFilterRegex string `json:"group_filter_regex,omitempty"` + CustomClaims []OIDCClaimConfig `json:"custom_claims,omitempty"` + AllowPKCEWithoutClientSecret *bool `json:"allow_pkce_without_client_secret,omitempty"` + RefreshTokenOptions *RefreshTokenOptions `json:"refresh_token_options,omitempty"` + HybridAndImplicitOptions *AccessApplicationHybridAndImplicitOptions `json:"hybrid_and_implicit_options,omitempty"` + AccessTokenLifetime string `json:"access_token_lifetime,omitempty"` } type AccessAppLauncherCustomization struct { @@ -155,6 +269,7 @@ type AccessLandingPageDesign struct { ButtonColor string `json:"button_color"` ButtonTextColor string `json:"button_text_color"` } + type ListAccessApplicationsParams struct { ResultInfo } @@ -187,6 +302,9 @@ type CreateAccessApplicationParams struct { AllowAuthenticateViaWarp *bool `json:"allow_authenticate_via_warp,omitempty"` CustomPages []string `json:"custom_pages,omitempty"` Tags []string `json:"tags,omitempty"` + SCIMConfig *AccessApplicationSCIMConfig `json:"scim_config,omitempty"` + // List of policy ids to link to this application in ascending order of precedence. + Policies []string `json:"policies,omitempty"` AccessAppLauncherCustomization } @@ -219,6 +337,11 @@ type UpdateAccessApplicationParams struct { OptionsPreflightBypass *bool `json:"options_preflight_bypass,omitempty"` CustomPages []string `json:"custom_pages,omitempty"` Tags []string `json:"tags,omitempty"` + SCIMConfig *AccessApplicationSCIMConfig `json:"scim_config,omitempty"` + // List of policy ids to link to this application in ascending order of precedence. + // Can reference reusable policies and policies specific to this application. + // If this field is not provided, the existing policies will not be modified. + Policies *[]string `json:"policies,omitempty"` AccessAppLauncherCustomization } diff --git a/vendor/github.com/cloudflare/cloudflare-go/access_policy.go b/vendor/github.com/cloudflare/cloudflare-go/access_policy.go index 0e1ae41c..a70ceede 100644 --- a/vendor/github.com/cloudflare/cloudflare-go/access_policy.go +++ b/vendor/github.com/cloudflare/cloudflare-go/access_policy.go @@ -2,7 +2,6 @@ package cloudflare import ( "context" - "errors" "fmt" "net/http" "time" @@ -10,10 +9,6 @@ import ( "github.com/goccy/go-json" ) -var ( - ErrMissingApplicationID = errors.New("missing required application ID") -) - type AccessApprovalGroup struct { EmailListUuid string `json:"email_list_uuid,omitempty"` EmailAddresses []string `json:"email_addresses,omitempty"` @@ -23,11 +18,16 @@ type AccessApprovalGroup struct { // AccessPolicy defines a policy for allowing or disallowing access to // one or more Access applications. type AccessPolicy struct { - ID string `json:"id,omitempty"` + ID string `json:"id,omitempty"` + // Precedence is the order in which the policy is executed in an Access application. + // As a general rule, lower numbers take precedence over higher numbers. + // This field can only be zero when a reusable policy is requested outside the context + // of an Access application. Precedence int `json:"precedence"` Decision string `json:"decision"` CreatedAt *time.Time `json:"created_at"` UpdatedAt *time.Time `json:"updated_at"` + Reusable *bool `json:"reusable,omitempty"` Name string `json:"name"` IsolationRequired *bool `json:"isolation_required,omitempty"` @@ -68,18 +68,28 @@ type AccessPolicyDetailResponse struct { } type ListAccessPoliciesParams struct { + // ApplicationID is the application ID to list attached access policies for. + // If omitted, only reusable policies for the account are returned. ApplicationID string `json:"-"` ResultInfo } type GetAccessPolicyParams struct { + PolicyID string `json:"-"` + // ApplicationID is the application ID for which to scope the policy for. + // Optional, but if included, the policy returned will include its execution precedence within the application. ApplicationID string `json:"-"` - PolicyID string `json:"-"` } type CreateAccessPolicyParams struct { + // ApplicationID is the application ID for which to create the policy for. + // Pass an empty value to create a reusable policy. ApplicationID string `json:"-"` + // Precedence is the order in which the policy is executed in an Access application. + // As a general rule, lower numbers take precedence over higher numbers. + // This field is ignored when creating a reusable policy. + // Read more here https://developers.cloudflare.com/cloudflare-one/policies/access/#order-of-execution Precedence int `json:"precedence"` Decision string `json:"decision"` Name string `json:"name"` @@ -105,9 +115,14 @@ type CreateAccessPolicyParams struct { } type UpdateAccessPolicyParams struct { + // ApplicationID is the application ID that owns the existing policy. + // Pass an empty value if the existing policy is reusable. ApplicationID string `json:"-"` PolicyID string `json:"-"` + // Precedence is the order in which the policy is executed in an Access application. + // As a general rule, lower numbers take precedence over higher numbers. + // This field is ignored when updating a reusable policy. Precedence int `json:"precedence"` Decision string `json:"decision"` Name string `json:"name"` @@ -133,26 +148,33 @@ type UpdateAccessPolicyParams struct { } type DeleteAccessPolicyParams struct { + // ApplicationID is the application ID the policy belongs to. + // If the existing policy is reusable, this field must be omitted. Otherwise, it is required. ApplicationID string `json:"-"` PolicyID string `json:"-"` } -// ListAccessPolicies returns all access policies for an access application. +// ListAccessPolicies returns all access policies that match the parameters. // // Account API reference: https://developers.cloudflare.com/api/operations/access-policies-list-access-policies // Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-list-access-policies func (api *API) ListAccessPolicies(ctx context.Context, rc *ResourceContainer, params ListAccessPoliciesParams) ([]AccessPolicy, *ResultInfo, error) { - if params.ApplicationID == "" { - return []AccessPolicy{}, &ResultInfo{}, ErrMissingApplicationID + var baseURL string + if params.ApplicationID != "" { + baseURL = fmt.Sprintf( + "/%s/%s/access/apps/%s/policies", + rc.Level, + rc.Identifier, + params.ApplicationID, + ) + } else { + baseURL = fmt.Sprintf( + "/%s/%s/access/policies", + rc.Level, + rc.Identifier, + ) } - baseURL := fmt.Sprintf( - "/%s/%s/access/apps/%s/policies", - rc.Level, - rc.Identifier, - params.ApplicationID, - ) - autoPaginate := true if params.PerPage >= 1 || params.Page >= 1 { autoPaginate = false @@ -194,13 +216,23 @@ func (api *API) ListAccessPolicies(ctx context.Context, rc *ResourceContainer, p // Account API reference: https://developers.cloudflare.com/api/operations/access-policies-get-an-access-policy // Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-get-an-access-policy func (api *API) GetAccessPolicy(ctx context.Context, rc *ResourceContainer, params GetAccessPolicyParams) (AccessPolicy, error) { - uri := fmt.Sprintf( - "/%s/%s/access/apps/%s/policies/%s", - rc.Level, - rc.Identifier, - params.ApplicationID, - params.PolicyID, - ) + var uri string + if params.ApplicationID != "" { + uri = fmt.Sprintf( + "/%s/%s/access/apps/%s/policies/%s", + rc.Level, + rc.Identifier, + params.ApplicationID, + params.PolicyID, + ) + } else { + uri = fmt.Sprintf( + "/%s/%s/access/policies/%s", + rc.Level, + rc.Identifier, + params.PolicyID, + ) + } res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil) if err != nil { @@ -221,12 +253,21 @@ func (api *API) GetAccessPolicy(ctx context.Context, rc *ResourceContainer, para // Account API reference: https://developers.cloudflare.com/api/operations/access-policies-create-an-access-policy // Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-create-an-access-policy func (api *API) CreateAccessPolicy(ctx context.Context, rc *ResourceContainer, params CreateAccessPolicyParams) (AccessPolicy, error) { - uri := fmt.Sprintf( - "/%s/%s/access/apps/%s/policies", - rc.Level, - rc.Identifier, - params.ApplicationID, - ) + var uri string + if params.ApplicationID != "" { + uri = fmt.Sprintf( + "/%s/%s/access/apps/%s/policies", + rc.Level, + rc.Identifier, + params.ApplicationID, + ) + } else { + uri = fmt.Sprintf( + "/%s/%s/access/policies", + rc.Level, + rc.Identifier, + ) + } res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params) if err != nil { @@ -251,13 +292,23 @@ func (api *API) UpdateAccessPolicy(ctx context.Context, rc *ResourceContainer, p return AccessPolicy{}, fmt.Errorf("access policy ID cannot be empty") } - uri := fmt.Sprintf( - "/%s/%s/access/apps/%s/policies/%s", - rc.Level, - rc.Identifier, - params.ApplicationID, - params.PolicyID, - ) + var uri string + if params.ApplicationID != "" { + uri = fmt.Sprintf( + "/%s/%s/access/apps/%s/policies/%s", + rc.Level, + rc.Identifier, + params.ApplicationID, + params.PolicyID, + ) + } else { + uri = fmt.Sprintf( + "/%s/%s/access/policies/%s", + rc.Level, + rc.Identifier, + params.PolicyID, + ) + } res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params) if err != nil { @@ -278,13 +329,23 @@ func (api *API) UpdateAccessPolicy(ctx context.Context, rc *ResourceContainer, p // Account API reference: https://developers.cloudflare.com/api/operations/access-policies-delete-an-access-policy // Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-delete-an-access-policy func (api *API) DeleteAccessPolicy(ctx context.Context, rc *ResourceContainer, params DeleteAccessPolicyParams) error { - uri := fmt.Sprintf( - "/%s/%s/access/apps/%s/policies/%s", - rc.Level, - rc.Identifier, - params.ApplicationID, - params.PolicyID, - ) + var uri string + if params.ApplicationID != "" { + uri = fmt.Sprintf( + "/%s/%s/access/apps/%s/policies/%s", + rc.Level, + rc.Identifier, + params.ApplicationID, + params.PolicyID, + ) + } else { + uri = fmt.Sprintf( + "/%s/%s/access/policies/%s", + rc.Level, + rc.Identifier, + params.PolicyID, + ) + } _, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil) if err != nil { diff --git a/vendor/github.com/cloudflare/cloudflare-go/cloud_connector.go b/vendor/github.com/cloudflare/cloudflare-go/cloud_connector.go new file mode 100644 index 00000000..8c6e3b96 --- /dev/null +++ b/vendor/github.com/cloudflare/cloudflare-go/cloud_connector.go @@ -0,0 +1,71 @@ +package cloudflare + +import ( + "context" + "fmt" + "net/http" + + "github.com/goccy/go-json" +) + +type CloudConnectorRulesResponse struct { + Response + Result []CloudConnectorRule `json:"result"` +} + +type CloudConnectorRuleParameters struct { + Host string `json:"host"` +} + +type CloudConnectorRule struct { + ID string `json:"id"` + Enabled *bool `json:"enabled,omitempty"` + Expression string `json:"expression"` + Provider string `json:"provider"` + Parameters CloudConnectorRuleParameters `json:"parameters"` + Description string `json:"description"` +} + +func (api *API) ListZoneCloudConnectorRules(ctx context.Context, rc *ResourceContainer) ([]CloudConnectorRule, error) { + if rc.Identifier == "" { + return nil, ErrMissingZoneID + } + + uri := buildURI(fmt.Sprintf("/zones/%s/cloud_connector/rules", rc.Identifier), nil) + res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil) + if err != nil { + return nil, err + } + + result := CloudConnectorRulesResponse{} + if err := json.Unmarshal(res, &result); err != nil { + return nil, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return result.Result, nil +} + +func (api *API) UpdateZoneCloudConnectorRules(ctx context.Context, rc *ResourceContainer, params []CloudConnectorRule) ([]CloudConnectorRule, error) { + if rc.Identifier == "" { + return nil, ErrMissingZoneID + } + + uri := fmt.Sprintf("/zones/%s/cloud_connector/rules", rc.Identifier) + + payload, err := json.Marshal(params) + if err != nil { + return nil, err + } + + res, err := api.makeRequestContext(ctx, http.MethodPut, uri, payload) + if err != nil { + return nil, err + } + + result := CloudConnectorRulesResponse{} + if err := json.Unmarshal(res, &result); err != nil { + return nil, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return result.Result, nil +} diff --git a/vendor/github.com/cloudflare/cloudflare-go/gateway_categories.go b/vendor/github.com/cloudflare/cloudflare-go/gateway_categories.go new file mode 100644 index 00000000..da23a74e --- /dev/null +++ b/vendor/github.com/cloudflare/cloudflare-go/gateway_categories.go @@ -0,0 +1,54 @@ +package cloudflare + +import ( + "context" + "fmt" + "net/http" + + "github.com/goccy/go-json" +) + +// GatewayCategory represents a single gateway category. +type GatewayCategory struct { + Beta *bool `json:"beta,omitempty"` + Class string `json:"class"` + Description string `json:"description"` + ID int `json:"id"` + Name string `json:"name"` + Subcategories []GatewayCategory `json:"subcategories"` +} + +// GatewayCategoriesResponse represents the response from the list +// gateway categories endpoint. +type GatewayCategoriesResponse struct { + Success bool `json:"success"` + Result []GatewayCategory `json:"result"` + Errors []string `json:"errors"` + Messages []string `json:"messages"` + ResultInfo ResultInfo `json:"result_info"` +} + +// ListGatewayCategoriesParams represents the parameters for listing gateway categories. +type ListGatewayCategoriesParams struct { + ResultInfo +} + +// ListGatewayCategories returns all gateway categories within an account. +// +// API reference: https://developers.cloudflare.com/api/operations/zero-trust-gateway-categories-list-categories +func (api *API) ListGatewayCategories(ctx context.Context, rc *ResourceContainer, params ListGatewayCategoriesParams) ([]GatewayCategory, ResultInfo, error) { + uri := fmt.Sprintf("/accounts/%s/gateway/categories", rc.Identifier) + + res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil) + if err != nil { + return []GatewayCategory{}, ResultInfo{}, err + } + + var gResponse GatewayCategoriesResponse + err = json.Unmarshal(res, &gResponse) + if err != nil { + return []GatewayCategory{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return gResponse.Result, gResponse.ResultInfo, nil +} diff --git a/vendor/github.com/cloudflare/cloudflare-go/hyperdrive.go b/vendor/github.com/cloudflare/cloudflare-go/hyperdrive.go index c1ddbc9a..bd1912ef 100644 --- a/vendor/github.com/cloudflare/cloudflare-go/hyperdrive.go +++ b/vendor/github.com/cloudflare/cloudflare-go/hyperdrive.go @@ -26,13 +26,21 @@ type HyperdriveConfig struct { Caching HyperdriveConfigCaching `json:"caching,omitempty"` } +type HyperdriveOriginType string + type HyperdriveConfigOrigin struct { - Database string `json:"database,omitempty"` - Password string `json:"password"` - Host string `json:"host,omitempty"` - Port int `json:"port,omitempty"` - Scheme string `json:"scheme,omitempty"` - User string `json:"user,omitempty"` + Database string `json:"database,omitempty"` + Host string `json:"host,omitempty"` + Port int `json:"port,omitempty"` + Scheme string `json:"scheme,omitempty"` + User string `json:"user,omitempty"` + AccessClientID string `json:"access_client_id,omitempty"` +} + +type HyperdriveConfigOriginWithSecrets struct { + HyperdriveConfigOrigin + Password string `json:"password"` + AccessClientSecret string `json:"access_client_secret,omitempty"` } type HyperdriveConfigCaching struct { @@ -47,9 +55,9 @@ type HyperdriveConfigListResponse struct { } type CreateHyperdriveConfigParams struct { - Name string `json:"name"` - Origin HyperdriveConfigOrigin `json:"origin"` - Caching HyperdriveConfigCaching `json:"caching,omitempty"` + Name string `json:"name"` + Origin HyperdriveConfigOriginWithSecrets `json:"origin"` + Caching HyperdriveConfigCaching `json:"caching,omitempty"` } type HyperdriveConfigResponse struct { @@ -58,10 +66,10 @@ type HyperdriveConfigResponse struct { } type UpdateHyperdriveConfigParams struct { - HyperdriveID string `json:"-"` - Name string `json:"name"` - Origin HyperdriveConfigOrigin `json:"origin"` - Caching HyperdriveConfigCaching `json:"caching,omitempty"` + HyperdriveID string `json:"-"` + Name string `json:"name"` + Origin HyperdriveConfigOriginWithSecrets `json:"origin"` + Caching HyperdriveConfigCaching `json:"caching,omitempty"` } type ListHyperdriveConfigParams struct{} diff --git a/vendor/github.com/cloudflare/cloudflare-go/rulesets.go b/vendor/github.com/cloudflare/cloudflare-go/rulesets.go index c8a47625..8b1ad430 100644 --- a/vendor/github.com/cloudflare/cloudflare-go/rulesets.go +++ b/vendor/github.com/cloudflare/cloudflare-go/rulesets.go @@ -246,7 +246,9 @@ type RulesetRuleActionParameters struct { DisableApps *bool `json:"disable_apps,omitempty"` DisableZaraz *bool `json:"disable_zaraz,omitempty"` DisableRailgun *bool `json:"disable_railgun,omitempty"` + DisableRUM *bool `json:"disable_rum,omitempty"` EmailObfuscation *bool `json:"email_obfuscation,omitempty"` + Fonts *bool `json:"fonts,omitempty"` Mirage *bool `json:"mirage,omitempty"` OpportunisticEncryption *bool `json:"opportunistic_encryption,omitempty"` Polish *Polish `json:"polish,omitempty"` diff --git a/vendor/github.com/cloudflare/cloudflare-go/teams_accounts.go b/vendor/github.com/cloudflare/cloudflare-go/teams_accounts.go index a027dbee..dbded095 100644 --- a/vendor/github.com/cloudflare/cloudflare-go/teams_accounts.go +++ b/vendor/github.com/cloudflare/cloudflare-go/teams_accounts.go @@ -47,6 +47,7 @@ type TeamsAccountSettings struct { BodyScanning *TeamsBodyScanning `json:"body_scanning,omitempty"` ExtendedEmailMatching *TeamsExtendedEmailMatching `json:"extended_email_matching,omitempty"` CustomCertificate *TeamsCustomCertificate `json:"custom_certificate,omitempty"` + Certificate *TeamsCertificateSetting `json:"certificate,omitempty"` } type BrowserIsolation struct { @@ -112,6 +113,10 @@ type TeamsCustomCertificate struct { UpdatedAt *time.Time `json:"updated_at,omitempty"` } +type TeamsCertificateSetting struct { + ID string `json:"id"` +} + type TeamsRuleType = string const ( @@ -131,9 +136,10 @@ type TeamsLoggingSettings struct { } type TeamsDeviceSettings struct { - GatewayProxyEnabled bool `json:"gateway_proxy_enabled"` - GatewayProxyUDPEnabled bool `json:"gateway_udp_proxy_enabled"` - RootCertificateInstallationEnabled bool `json:"root_certificate_installation_enabled"` + GatewayProxyEnabled bool `json:"gateway_proxy_enabled"` + GatewayProxyUDPEnabled bool `json:"gateway_udp_proxy_enabled"` + RootCertificateInstallationEnabled bool `json:"root_certificate_installation_enabled"` + UseZTVirtualIP *bool `json:"use_zt_virtual_ip"` } type TeamsDeviceSettingsResponse struct { @@ -146,6 +152,16 @@ type TeamsLoggingSettingsResponse struct { Result TeamsLoggingSettings `json:"result"` } +type TeamsConnectivitySettings struct { + ICMPProxyEnabled *bool `json:"icmp_proxy_enabled"` + OfframpWARPEnabled *bool `json:"offramp_warp_enabled"` +} + +type TeamsAccountConnectivitySettingsResponse struct { + Response + Result TeamsConnectivitySettings `json:"result"` +} + // TeamsAccount returns teams account information with internal and external ID. // // API reference: TBA. @@ -226,6 +242,26 @@ func (api *API) TeamsAccountLoggingConfiguration(ctx context.Context, accountID return teamsConfigResponse.Result, nil } +// TeamsAccountConnectivityConfiguration returns zero trust account connectivity settings. +// +// API reference: https://developers.cloudflare.com/api/operations/zero-trust-accounts-get-connectivity-settings +func (api *API) TeamsAccountConnectivityConfiguration(ctx context.Context, accountID string) (TeamsConnectivitySettings, error) { + uri := fmt.Sprintf("/accounts/%s/zerotrust/connectivity_settings", accountID) + + res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil) + if err != nil { + return TeamsConnectivitySettings{}, err + } + + var teamsConnectivityResponse TeamsAccountConnectivitySettingsResponse + err = json.Unmarshal(res, &teamsConnectivityResponse) + if err != nil { + return TeamsConnectivitySettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return teamsConnectivityResponse.Result, nil +} + // TeamsAccountUpdateConfiguration updates a teams account configuration. // // API reference: TBA. @@ -285,3 +321,23 @@ func (api *API) TeamsAccountDeviceUpdateConfiguration(ctx context.Context, accou return teamsDeviceResponse.Result, nil } + +// TeamsAccountConnectivityUpdateConfiguration updates zero trust account connectivity settings. +// +// API reference: https://developers.cloudflare.com/api/operations/zero-trust-accounts-patch-connectivity-settings +func (api *API) TeamsAccountConnectivityUpdateConfiguration(ctx context.Context, accountID string, settings TeamsConnectivitySettings) (TeamsConnectivitySettings, error) { + uri := fmt.Sprintf("/accounts/%s/zerotrust/connectivity_settings", accountID) + + res, err := api.makeRequestContext(ctx, http.MethodPut, uri, settings) + if err != nil { + return TeamsConnectivitySettings{}, err + } + + var teamsConnectivityResponse TeamsAccountConnectivitySettingsResponse + err = json.Unmarshal(res, &teamsConnectivityResponse) + if err != nil { + return TeamsConnectivitySettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return teamsConnectivityResponse.Result, nil +} diff --git a/vendor/github.com/cloudflare/cloudflare-go/teams_certificates.go b/vendor/github.com/cloudflare/cloudflare-go/teams_certificates.go new file mode 100644 index 00000000..74267866 --- /dev/null +++ b/vendor/github.com/cloudflare/cloudflare-go/teams_certificates.go @@ -0,0 +1,158 @@ +package cloudflare + +import ( + "context" + "fmt" + "net/http" + "time" + + "github.com/goccy/go-json" +) + +type TeamsCertificate struct { + Enabled *bool `json:"enabled"` + ID string `json:"id"` + BindingStatus string `json:"binding_status"` + QsPackId string `json:"qs_pack_id"` + Type string `json:"type"` + UpdatedAt *time.Time `json:"updated_at"` + UploadedOn *time.Time `json:"uploaded_on"` + CreatedAt *time.Time `json:"created_at"` + ExpiresOn *time.Time `json:"expires_on"` +} + +type TeamsCertificateCreateRequest struct { + ValidityPeriodDays int `json:"validity_period_days,omitempty"` +} + +const DEFAULT_VALIDITY_PERIOD_DAYS = 1826 + +// TeamsCertificateResponse is the API response, containing a single certificate. +type TeamsCertificateResponse struct { + Response + Result TeamsCertificate `json:"result"` +} + +// TeamsCertificatesResponse is the API response, containing an array of certificates. +type TeamsCertificatesResponse struct { + Response + Result []TeamsCertificate `json:"result"` +} + +// TeamsCertificates returns all certificates in an account +// +// API reference: https://developers.cloudflare.com/api/operations/zero-trust-certificates-list-zero-trust-certificates +func (api *API) TeamsCertificates(ctx context.Context, accountID string) ([]TeamsCertificate, error) { + uri := fmt.Sprintf("/accounts/%s/gateway/certificates", accountID) + + res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil) + if err != nil { + return []TeamsCertificate{}, err + } + + var teamsCertificatesResponse TeamsCertificatesResponse + err = json.Unmarshal(res, &teamsCertificatesResponse) + if err != nil { + return []TeamsCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return teamsCertificatesResponse.Result, nil +} + +// TeamsCertificate returns teams account certificate. +// +// API reference: https://developers.cloudflare.com/api/operations/zero-trust-certificates-zero-trust-certificate-details +func (api *API) TeamsCertificate(ctx context.Context, accountID string, certificateId string) (TeamsCertificate, error) { + uri := fmt.Sprintf("/accounts/%s/gateway/certificates/%s", accountID, certificateId) + + res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil) + if err != nil { + return TeamsCertificate{}, err + } + + var teamsCertificateResponse TeamsCertificateResponse + err = json.Unmarshal(res, &teamsCertificateResponse) + if err != nil { + return TeamsCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return teamsCertificateResponse.Result, nil +} + +// TeamsGenerateCertificate generates a new gateway managed certificate +// +// API reference: https://developers.cloudflare.com/api/operations/zero-trust-certificates-create-zero-trust-certificate +func (api *API) TeamsGenerateCertificate(ctx context.Context, accountID string, certificateRequest TeamsCertificateCreateRequest) (TeamsCertificate, error) { + uri := fmt.Sprintf("/accounts/%s/gateway/certificates", accountID) + + if certificateRequest.ValidityPeriodDays == 0 { + certificateRequest.ValidityPeriodDays = DEFAULT_VALIDITY_PERIOD_DAYS + } + + res, err := api.makeRequestContext(ctx, http.MethodPost, uri, certificateRequest) + if err != nil { + return TeamsCertificate{}, err + } + + var teamsCertResponse TeamsCertificateResponse + err = json.Unmarshal(res, &teamsCertResponse) + if err != nil { + return TeamsCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return teamsCertResponse.Result, nil +} + +// TeamsActivateCertificate activates a certificate +// +// API reference: https://developers.cloudflare.com/api/operations/zero-trust-certificates-activate-zero-trust-certificate +func (api *API) TeamsActivateCertificate(ctx context.Context, accountID string, certificateId string) (TeamsCertificate, error) { + uri := fmt.Sprintf("/accounts/%s/gateway/certificates/%s/activate", accountID, certificateId) + + res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil) + if err != nil { + return TeamsCertificate{}, err + } + + var teamsCertResponse TeamsCertificateResponse + err = json.Unmarshal(res, &teamsCertResponse) + if err != nil { + return TeamsCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return teamsCertResponse.Result, nil +} + +// TeamsDectivateCertificate deactivates a certificate +// +// API reference: https://developers.cloudflare.com/api/operations/zero-trust-certificates-deactivate-zero-trust-certificate +func (api *API) TeamsDeactivateCertificate(ctx context.Context, accountID string, certificateId string) (TeamsCertificate, error) { + uri := fmt.Sprintf("/accounts/%s/gateway/certificates/%s/deactivate", accountID, certificateId) + + res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil) + if err != nil { + return TeamsCertificate{}, err + } + + var teamsCertResponse TeamsCertificateResponse + err = json.Unmarshal(res, &teamsCertResponse) + if err != nil { + return TeamsCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return teamsCertResponse.Result, nil +} + +// TeamsDeleteCertificate deletes a certificate. +// +// API reference: https://developers.cloudflare.com/api/operations/zero-trust-certificates-delete-zero-trust-certificate +func (api *API) TeamsDeleteCertificate(ctx context.Context, accountID string, certificateId string) error { + uri := fmt.Sprintf("/accounts/%s/gateway/certificates/%s", accountID, certificateId) + + _, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil) + if err != nil { + return err + } + + return nil +} diff --git a/vendor/github.com/cloudflare/cloudflare-go/teams_list.go b/vendor/github.com/cloudflare/cloudflare-go/teams_list.go index 066d7aff..61f160c8 100644 --- a/vendor/github.com/cloudflare/cloudflare-go/teams_list.go +++ b/vendor/github.com/cloudflare/cloudflare-go/teams_list.go @@ -26,8 +26,9 @@ type TeamsList struct { // TeamsListItem represents a single list item. type TeamsListItem struct { - Value string `json:"value"` - CreatedAt *time.Time `json:"created_at,omitempty"` + Value string `json:"value"` + Description string `json:"description,omitempty"` + CreatedAt *time.Time `json:"created_at,omitempty"` } // PatchTeamsList represents a patch request for appending/removing list items. diff --git a/vendor/github.com/cloudflare/cloudflare-go/teams_rules.go b/vendor/github.com/cloudflare/cloudflare-go/teams_rules.go index b03c0121..38bfbcec 100644 --- a/vendor/github.com/cloudflare/cloudflare-go/teams_rules.go +++ b/vendor/github.com/cloudflare/cloudflare-go/teams_rules.go @@ -49,6 +49,9 @@ type TeamsRuleSettings struct { // Turns on ip category based filter on dns if the rule contains dns category checks IPCategories bool `json:"ip_categories"` + // Turns on for explicitly ignoring cname domain category matches + IgnoreCNAMECategoryMatches *bool `json:"ignore_cname_category_matches"` + // Allow parent MSP accounts to enable bypass their children's rules. Do not set them for non MSP accounts. AllowChildBypass *bool `json:"allow_child_bypass,omitempty"` diff --git a/vendor/github.com/cloudflare/cloudflare-go/zt_risk_behaviors.go b/vendor/github.com/cloudflare/cloudflare-go/zt_risk_behaviors.go new file mode 100644 index 00000000..370e3c3e --- /dev/null +++ b/vendor/github.com/cloudflare/cloudflare-go/zt_risk_behaviors.go @@ -0,0 +1,126 @@ +package cloudflare + +import ( + "context" + "fmt" + "net/http" + "strings" + + "github.com/goccy/go-json" +) + +// Behavior represents a single zt risk behavior config. +type Behavior struct { + Name string `json:"name,omitempty"` + Description string `json:"description,omitempty"` + RiskLevel RiskLevel `json:"risk_level"` + Enabled *bool `json:"enabled"` +} + +// Wrapper used to have full-fidelity repro of json structure. +type Behaviors struct { + Behaviors map[string]Behavior `json:"behaviors"` +} + +// BehaviorResponse represents the response from the zt risk scoring endpoint +// and contains risk behaviors for an account. +type BehaviorResponse struct { + Success bool `json:"success"` + Result Behaviors `json:"result"` + Errors []string `json:"errors"` + Messages []string `json:"messages"` +} + +// Behaviors returns all zero trust risk scoring behaviors for the provided account +// +// API reference: https://developers.cloudflare.com/api/operations/dlp-zt-risk-score-get-behaviors +func (api *API) Behaviors(ctx context.Context, accountID string) (Behaviors, error) { + uri := fmt.Sprintf("/accounts/%s/zt_risk_scoring/behaviors", accountID) + + res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil) + if err != nil { + return Behaviors{}, err + } + + var r BehaviorResponse + err = json.Unmarshal(res, &r) + if err != nil { + return Behaviors{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + return r.Result, nil +} + +// UpdateBehaviors returns all zero trust risk scoring behaviors for the provided account +// NOTE: description/name updates are no-ops, risk_level [low medium high] and enabled [true/false] results in modifications +// +// API reference: https://developers.cloudflare.com/api/operations/dlp-zt-risk-score-put-behaviors +func (api *API) UpdateBehaviors(ctx context.Context, accountID string, behaviors Behaviors) (Behaviors, error) { + uri := fmt.Sprintf("/accounts/%s/zt_risk_scoring/behaviors", accountID) + + res, err := api.makeRequestContext(ctx, http.MethodPut, uri, behaviors) + if err != nil { + return Behaviors{}, err + } + + var r BehaviorResponse + err = json.Unmarshal(res, &r) + if err != nil { + return Behaviors{}, fmt.Errorf("%s: %w", errUnmarshalError, err) + } + + return r.Result, nil +} + +type RiskLevel int + +const ( + _ RiskLevel = iota + Low + Medium + High +) + +func (p RiskLevel) MarshalJSON() ([]byte, error) { + return json.Marshal(p.String()) +} + +func (p RiskLevel) String() string { + return [...]string{"low", "medium", "high"}[p-1] +} + +func (p *RiskLevel) UnmarshalJSON(data []byte) error { + var ( + s string + err error + ) + err = json.Unmarshal(data, &s) + if err != nil { + return err + } + v, err := RiskLevelFromString(s) + if err != nil { + return err + } + *p = *v + return nil +} + +func RiskLevelFromString(s string) (*RiskLevel, error) { + s = strings.ToLower(s) + var v RiskLevel + switch s { + case "low": + v = Low + case "medium": + v = Medium + case "high": + v = High + default: + return nil, fmt.Errorf("unknown variant for risk level: %s", s) + } + return &v, nil +} + +func (p RiskLevel) IntoRef() *RiskLevel { + return &p +} diff --git a/vendor/github.com/goccy/go-json/.golangci.yml b/vendor/github.com/goccy/go-json/.golangci.yml index 57ae5a52..977accaa 100644 --- a/vendor/github.com/goccy/go-json/.golangci.yml +++ b/vendor/github.com/goccy/go-json/.golangci.yml @@ -56,6 +56,9 @@ linters: - cyclop - containedctx - revive + - nosnakecase + - exhaustruct + - depguard issues: exclude-rules: diff --git a/vendor/github.com/goccy/go-json/Makefile b/vendor/github.com/goccy/go-json/Makefile index 5bbfc4c9..c030577d 100644 --- a/vendor/github.com/goccy/go-json/Makefile +++ b/vendor/github.com/goccy/go-json/Makefile @@ -30,7 +30,7 @@ golangci-lint: | $(BIN_DIR) GOLANGCI_LINT_TMP_DIR=$$(mktemp -d); \ cd $$GOLANGCI_LINT_TMP_DIR; \ go mod init tmp; \ - GOBIN=$(BIN_DIR) go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.48.0; \ + GOBIN=$(BIN_DIR) go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.2; \ rm -rf $$GOLANGCI_LINT_TMP_DIR; \ } diff --git a/vendor/github.com/goccy/go-json/encode.go b/vendor/github.com/goccy/go-json/encode.go index 4bd899f3..c5173825 100644 --- a/vendor/github.com/goccy/go-json/encode.go +++ b/vendor/github.com/goccy/go-json/encode.go @@ -52,7 +52,7 @@ func (e *Encoder) EncodeContext(ctx context.Context, v interface{}, optFuncs ... rctx.Option.Flag |= encoder.ContextOption rctx.Option.Context = ctx - err := e.encodeWithOption(rctx, v, optFuncs...) + err := e.encodeWithOption(rctx, v, optFuncs...) //nolint: contextcheck encoder.ReleaseRuntimeContext(rctx) return err @@ -120,7 +120,7 @@ func marshalContext(ctx context.Context, v interface{}, optFuncs ...EncodeOption optFunc(rctx.Option) } - buf, err := encode(rctx, v) + buf, err := encode(rctx, v) //nolint: contextcheck if err != nil { encoder.ReleaseRuntimeContext(rctx) return nil, err diff --git a/vendor/github.com/goccy/go-json/internal/decoder/ptr.go b/vendor/github.com/goccy/go-json/internal/decoder/ptr.go index de12e105..ae229946 100644 --- a/vendor/github.com/goccy/go-json/internal/decoder/ptr.go +++ b/vendor/github.com/goccy/go-json/internal/decoder/ptr.go @@ -85,6 +85,7 @@ func (d *ptrDecoder) Decode(ctx *RuntimeContext, cursor, depth int64, p unsafe.P } c, err := d.dec.Decode(ctx, cursor, depth, newptr) if err != nil { + *(*unsafe.Pointer)(p) = nil return 0, err } cursor = c diff --git a/vendor/github.com/goccy/go-json/internal/decoder/unmarshal_text.go b/vendor/github.com/goccy/go-json/internal/decoder/unmarshal_text.go index 6d37993f..d711d0f8 100644 --- a/vendor/github.com/goccy/go-json/internal/decoder/unmarshal_text.go +++ b/vendor/github.com/goccy/go-json/internal/decoder/unmarshal_text.go @@ -147,7 +147,7 @@ func (d *unmarshalTextDecoder) DecodePath(ctx *RuntimeContext, cursor, depth int return nil, 0, fmt.Errorf("json: unmarshal text decoder does not support decode path") } -func unquoteBytes(s []byte) (t []byte, ok bool) { +func unquoteBytes(s []byte) (t []byte, ok bool) { //nolint: nonamedreturns length := len(s) if length < 2 || s[0] != '"' || s[length-1] != '"' { return diff --git a/vendor/github.com/goccy/go-json/internal/encoder/compact.go b/vendor/github.com/goccy/go-json/internal/encoder/compact.go index 0eb9545d..e287a6c0 100644 --- a/vendor/github.com/goccy/go-json/internal/encoder/compact.go +++ b/vendor/github.com/goccy/go-json/internal/encoder/compact.go @@ -213,8 +213,8 @@ func compactString(dst, src []byte, cursor int64, escape bool) ([]byte, int64, e dst = append(dst, src[start:cursor]...) dst = append(dst, `\u202`...) dst = append(dst, hex[src[cursor+2]&0xF]) - cursor += 2 start = cursor + 3 + cursor += 2 } } switch c { diff --git a/vendor/github.com/goccy/go-json/internal/encoder/compiler.go b/vendor/github.com/goccy/go-json/internal/encoder/compiler.go index 3ae39ba8..37b7aa38 100644 --- a/vendor/github.com/goccy/go-json/internal/encoder/compiler.go +++ b/vendor/github.com/goccy/go-json/internal/encoder/compiler.go @@ -480,7 +480,7 @@ func (c *Compiler) mapCode(typ *runtime.Type) (*MapCode, error) { func (c *Compiler) listElemCode(typ *runtime.Type) (Code, error) { switch { - case c.isPtrMarshalJSONType(typ): + case c.implementsMarshalJSONType(typ) || c.implementsMarshalJSONType(runtime.PtrTo(typ)): return c.marshalJSONCode(typ) case !typ.Implements(marshalTextType) && runtime.PtrTo(typ).Implements(marshalTextType): return c.marshalTextCode(typ) diff --git a/vendor/github.com/goccy/go-json/internal/encoder/int.go b/vendor/github.com/goccy/go-json/internal/encoder/int.go index 85f07960..8b5febea 100644 --- a/vendor/github.com/goccy/go-json/internal/encoder/int.go +++ b/vendor/github.com/goccy/go-json/internal/encoder/int.go @@ -1,3 +1,27 @@ +// This files's processing codes are inspired by https://github.com/segmentio/encoding. +// The license notation is as follows. +// +// # MIT License +// +// Copyright (c) 2019 Segment.io, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. package encoder import ( diff --git a/vendor/github.com/goccy/go-json/internal/encoder/string.go b/vendor/github.com/goccy/go-json/internal/encoder/string.go index e4152b27..4abb8416 100644 --- a/vendor/github.com/goccy/go-json/internal/encoder/string.go +++ b/vendor/github.com/goccy/go-json/internal/encoder/string.go @@ -1,3 +1,27 @@ +// This files's string processing codes are inspired by https://github.com/segmentio/encoding. +// The license notation is as follows. +// +// # MIT License +// +// Copyright (c) 2019 Segment.io, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in all +// copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +// SOFTWARE. package encoder import ( diff --git a/vendor/github.com/goccy/go-json/internal/runtime/rtype.go b/vendor/github.com/goccy/go-json/internal/runtime/rtype.go index 4db10deb..37cfe35a 100644 --- a/vendor/github.com/goccy/go-json/internal/runtime/rtype.go +++ b/vendor/github.com/goccy/go-json/internal/runtime/rtype.go @@ -252,7 +252,6 @@ func IfaceIndir(*Type) bool //go:noescape func RType2Type(t *Type) reflect.Type -//go:nolint structcheck type emptyInterface struct { _ *Type ptr unsafe.Pointer diff --git a/vendor/github.com/goccy/go-json/json.go b/vendor/github.com/goccy/go-json/json.go index 413cb20b..fb18065a 100644 --- a/vendor/github.com/goccy/go-json/json.go +++ b/vendor/github.com/goccy/go-json/json.go @@ -89,31 +89,31 @@ type UnmarshalerContext interface { // // Examples of struct field tags and their meanings: // -// // Field appears in JSON as key "myName". -// Field int `json:"myName"` +// // Field appears in JSON as key "myName". +// Field int `json:"myName"` // -// // Field appears in JSON as key "myName" and -// // the field is omitted from the object if its value is empty, -// // as defined above. -// Field int `json:"myName,omitempty"` +// // Field appears in JSON as key "myName" and +// // the field is omitted from the object if its value is empty, +// // as defined above. +// Field int `json:"myName,omitempty"` // -// // Field appears in JSON as key "Field" (the default), but -// // the field is skipped if empty. -// // Note the leading comma. -// Field int `json:",omitempty"` +// // Field appears in JSON as key "Field" (the default), but +// // the field is skipped if empty. +// // Note the leading comma. +// Field int `json:",omitempty"` // -// // Field is ignored by this package. -// Field int `json:"-"` +// // Field is ignored by this package. +// Field int `json:"-"` // -// // Field appears in JSON as key "-". -// Field int `json:"-,"` +// // Field appears in JSON as key "-". +// Field int `json:"-,"` // // The "string" option signals that a field is stored as JSON inside a // JSON-encoded string. It applies only to fields of string, floating point, // integer, or boolean types. This extra level of encoding is sometimes used // when communicating with JavaScript programs: // -// Int64String int64 `json:",string"` +// Int64String int64 `json:",string"` // // The key name will be used if it's a non-empty string consisting of // only Unicode letters, digits, and ASCII punctuation except quotation @@ -166,7 +166,6 @@ type UnmarshalerContext interface { // JSON cannot represent cyclic data structures and Marshal does not // handle them. Passing cyclic structures to Marshal will result in // an infinite recursion. -// func Marshal(v interface{}) ([]byte, error) { return MarshalWithOption(v) } @@ -264,14 +263,13 @@ func MarshalIndentWithOption(v interface{}, prefix, indent string, optFuncs ...E // // The JSON null value unmarshals into an interface, map, pointer, or slice // by setting that Go value to nil. Because null is often used in JSON to mean -// ``not present,'' unmarshaling a JSON null into any other Go type has no effect +// “not present,” unmarshaling a JSON null into any other Go type has no effect // on the value and produces no error. // // When unmarshaling quoted strings, invalid UTF-8 or // invalid UTF-16 surrogate pairs are not treated as an error. // Instead, they are replaced by the Unicode replacement // character U+FFFD. -// func Unmarshal(data []byte, v interface{}) error { return unmarshal(data, v) } @@ -299,7 +297,6 @@ func UnmarshalNoEscape(data []byte, v interface{}, optFuncs ...DecodeOptionFunc) // Number, for JSON numbers // string, for JSON string literals // nil, for JSON null -// type Token = json.Token // A Number represents a JSON number literal. diff --git a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go index 93da7322..8cf5d811 100644 --- a/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go +++ b/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go @@ -5,7 +5,7 @@ // Package chacha20poly1305 implements the ChaCha20-Poly1305 AEAD and its // extended nonce variant XChaCha20-Poly1305, as specified in RFC 8439 and // draft-irtf-cfrg-xchacha-01. -package chacha20poly1305 // import "golang.org/x/crypto/chacha20poly1305" +package chacha20poly1305 import ( "crypto/cipher" diff --git a/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go b/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go index cda8e3ed..90ef6a24 100644 --- a/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go +++ b/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go @@ -4,7 +4,7 @@ // Package asn1 contains supporting types for parsing and building ASN.1 // messages with the cryptobyte package. -package asn1 // import "golang.org/x/crypto/cryptobyte/asn1" +package asn1 // Tag represents an ASN.1 identifier octet, consisting of a tag number // (indicating a type) and class (such as context-specific or constructed). diff --git a/vendor/golang.org/x/crypto/cryptobyte/string.go b/vendor/golang.org/x/crypto/cryptobyte/string.go index 10692a8a..4b0f8097 100644 --- a/vendor/golang.org/x/crypto/cryptobyte/string.go +++ b/vendor/golang.org/x/crypto/cryptobyte/string.go @@ -15,7 +15,7 @@ // // See the documentation and examples for the Builder and String types to get // started. -package cryptobyte // import "golang.org/x/crypto/cryptobyte" +package cryptobyte // String represents a string of bytes. It provides methods for parsing // fixed-length and length-prefixed values from it. diff --git a/vendor/golang.org/x/crypto/ed25519/ed25519.go b/vendor/golang.org/x/crypto/ed25519/ed25519.go index a7828345..59b3a95a 100644 --- a/vendor/golang.org/x/crypto/ed25519/ed25519.go +++ b/vendor/golang.org/x/crypto/ed25519/ed25519.go @@ -11,9 +11,7 @@ // operations with the same key more efficient. This package refers to the RFC // 8032 private key as the “seed”. // -// Beginning with Go 1.13, the functionality of this package was moved to the -// standard library as crypto/ed25519. This package only acts as a compatibility -// wrapper. +// This package is a wrapper around the standard library crypto/ed25519 package. package ed25519 import ( diff --git a/vendor/golang.org/x/crypto/hkdf/hkdf.go b/vendor/golang.org/x/crypto/hkdf/hkdf.go index f4ded5fe..3bee6629 100644 --- a/vendor/golang.org/x/crypto/hkdf/hkdf.go +++ b/vendor/golang.org/x/crypto/hkdf/hkdf.go @@ -8,7 +8,7 @@ // HKDF is a cryptographic key derivation function (KDF) with the goal of // expanding limited input keying material into one or more cryptographically // strong secret keys. -package hkdf // import "golang.org/x/crypto/hkdf" +package hkdf import ( "crypto/hmac" diff --git a/vendor/golang.org/x/crypto/ocsp/ocsp.go b/vendor/golang.org/x/crypto/ocsp/ocsp.go index bf225953..e6c645e7 100644 --- a/vendor/golang.org/x/crypto/ocsp/ocsp.go +++ b/vendor/golang.org/x/crypto/ocsp/ocsp.go @@ -5,7 +5,7 @@ // Package ocsp parses OCSP responses as specified in RFC 2560. OCSP responses // are signed messages attesting to the validity of a certificate for a small // period of time. This is used to manage revocation for X.509 certificates. -package ocsp // import "golang.org/x/crypto/ocsp" +package ocsp import ( "crypto" diff --git a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go index 904b57e0..28cd99c7 100644 --- a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go +++ b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go @@ -16,7 +16,7 @@ Hash Functions SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 for HMAC. To choose, you can pass the `New` functions from the different SHA packages to pbkdf2.Key. */ -package pbkdf2 // import "golang.org/x/crypto/pbkdf2" +package pbkdf2 import ( "crypto/hmac" diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go index 98a49c6b..61f511f9 100644 --- a/vendor/golang.org/x/net/http2/transport.go +++ b/vendor/golang.org/x/net/http2/transport.go @@ -827,10 +827,6 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro cc.henc.SetMaxDynamicTableSizeLimit(t.maxEncoderHeaderTableSize()) cc.peerMaxHeaderTableSize = initialHeaderTableSize - if t.AllowHTTP { - cc.nextStreamID = 3 - } - if cs, ok := c.(connectionStater); ok { state := cs.ConnectionState() cc.tlsState = &state diff --git a/vendor/golang.org/x/sys/unix/mremap.go b/vendor/golang.org/x/sys/unix/mremap.go index fd45fe52..3a5e776f 100644 --- a/vendor/golang.org/x/sys/unix/mremap.go +++ b/vendor/golang.org/x/sys/unix/mremap.go @@ -50,3 +50,8 @@ func (m *mremapMmapper) Mremap(oldData []byte, newLength int, flags int) (data [ func Mremap(oldData []byte, newLength int, flags int) (data []byte, err error) { return mapper.Mremap(oldData, newLength, flags) } + +func MremapPtr(oldAddr unsafe.Pointer, oldSize uintptr, newAddr unsafe.Pointer, newSize uintptr, flags int) (ret unsafe.Pointer, err error) { + xaddr, err := mapper.mremap(uintptr(oldAddr), oldSize, newSize, flags, uintptr(newAddr)) + return unsafe.Pointer(xaddr), err +} diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go index 59542a89..4cc7b005 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go @@ -542,6 +542,18 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) { } } +//sys pthread_chdir_np(path string) (err error) + +func PthreadChdir(path string) (err error) { + return pthread_chdir_np(path) +} + +//sys pthread_fchdir_np(fd int) (err error) + +func PthreadFchdir(fd int) (err error) { + return pthread_fchdir_np(fd) +} + //sys sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) //sys shmat(id int, addr uintptr, flag int) (ret uintptr, err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go index 77081de8..4e92e5aa 100644 --- a/vendor/golang.org/x/sys/unix/syscall_unix.go +++ b/vendor/golang.org/x/sys/unix/syscall_unix.go @@ -154,6 +154,15 @@ func Munmap(b []byte) (err error) { return mapper.Munmap(b) } +func MmapPtr(fd int, offset int64, addr unsafe.Pointer, length uintptr, prot int, flags int) (ret unsafe.Pointer, err error) { + xaddr, err := mapper.mmap(uintptr(addr), length, prot, flags, fd, offset) + return unsafe.Pointer(xaddr), err +} + +func MunmapPtr(addr unsafe.Pointer, length uintptr) (err error) { + return mapper.munmap(uintptr(addr), length) +} + func Read(fd int, p []byte) (n int, err error) { n, err = read(fd, p) if raceenabled { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go index ccb02f24..07642c30 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go @@ -760,6 +760,39 @@ var libc_sysctl_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func pthread_chdir_np(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_pthread_chdir_np_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pthread_chdir_np_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pthread_chdir_np pthread_chdir_np "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pthread_fchdir_np(fd int) (err error) { + _, _, e1 := syscall_syscall(libc_pthread_fchdir_np_trampoline_addr, uintptr(fd), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pthread_fchdir_np_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pthread_fchdir_np pthread_fchdir_np "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) { _, _, e1 := syscall_syscall6(libc_sendfile_trampoline_addr, uintptr(infd), uintptr(outfd), uintptr(offset), uintptr(unsafe.Pointer(len)), uintptr(hdtr), uintptr(flags)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s index 8b8bb284..923e08cb 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s @@ -228,6 +228,16 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) +TEXT libc_pthread_chdir_np_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pthread_chdir_np(SB) +GLOBL ·libc_pthread_chdir_np_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pthread_chdir_np_trampoline_addr(SB)/8, $libc_pthread_chdir_np_trampoline<>(SB) + +TEXT libc_pthread_fchdir_np_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pthread_fchdir_np(SB) +GLOBL ·libc_pthread_fchdir_np_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pthread_fchdir_np_trampoline_addr(SB)/8, $libc_pthread_fchdir_np_trampoline<>(SB) + TEXT libc_sendfile_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendfile(SB) GLOBL ·libc_sendfile_trampoline_addr(SB), RODATA, $8 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go index 1b40b997..7d73dda6 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go @@ -760,6 +760,39 @@ var libc_sysctl_trampoline_addr uintptr // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func pthread_chdir_np(path string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := syscall_syscall(libc_pthread_chdir_np_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pthread_chdir_np_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pthread_chdir_np pthread_chdir_np "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pthread_fchdir_np(fd int) (err error) { + _, _, e1 := syscall_syscall(libc_pthread_fchdir_np_trampoline_addr, uintptr(fd), 0, 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pthread_fchdir_np_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pthread_fchdir_np pthread_fchdir_np "/usr/lib/libSystem.B.dylib" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) { _, _, e1 := syscall_syscall6(libc_sendfile_trampoline_addr, uintptr(infd), uintptr(outfd), uintptr(offset), uintptr(unsafe.Pointer(len)), uintptr(hdtr), uintptr(flags)) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s index 08362c1a..05770011 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s +++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s @@ -228,6 +228,16 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0 GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8 DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB) +TEXT libc_pthread_chdir_np_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pthread_chdir_np(SB) +GLOBL ·libc_pthread_chdir_np_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pthread_chdir_np_trampoline_addr(SB)/8, $libc_pthread_chdir_np_trampoline<>(SB) + +TEXT libc_pthread_fchdir_np_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pthread_fchdir_np(SB) +GLOBL ·libc_pthread_fchdir_np_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pthread_fchdir_np_trampoline_addr(SB)/8, $libc_pthread_fchdir_np_trampoline<>(SB) + TEXT libc_sendfile_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_sendfile(SB) GLOBL ·libc_sendfile_trampoline_addr(SB), RODATA, $8 diff --git a/vendor/golang.org/x/sys/windows/security_windows.go b/vendor/golang.org/x/sys/windows/security_windows.go index 6f7d2ac7..97651b5b 100644 --- a/vendor/golang.org/x/sys/windows/security_windows.go +++ b/vendor/golang.org/x/sys/windows/security_windows.go @@ -894,7 +894,7 @@ type ACL struct { aclRevision byte sbz1 byte aclSize uint16 - aceCount uint16 + AceCount uint16 sbz2 uint16 } @@ -1087,6 +1087,27 @@ type EXPLICIT_ACCESS struct { Trustee TRUSTEE } +// https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header +type ACE_HEADER struct { + AceType uint8 + AceFlags uint8 + AceSize uint16 +} + +// https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-access_allowed_ace +type ACCESS_ALLOWED_ACE struct { + Header ACE_HEADER + Mask ACCESS_MASK + SidStart uint32 +} + +const ( + // Constants for AceType + // https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header + ACCESS_ALLOWED_ACE_TYPE = 0 + ACCESS_DENIED_ACE_TYPE = 1 +) + // This type is the union inside of TRUSTEE and must be created using one of the TrusteeValueFrom* functions. type TrusteeValue uintptr @@ -1158,6 +1179,7 @@ type OBJECTS_AND_NAME struct { //sys makeSelfRelativeSD(absoluteSD *SECURITY_DESCRIPTOR, selfRelativeSD *SECURITY_DESCRIPTOR, selfRelativeSDSize *uint32) (err error) = advapi32.MakeSelfRelativeSD //sys setEntriesInAcl(countExplicitEntries uint32, explicitEntries *EXPLICIT_ACCESS, oldACL *ACL, newACL **ACL) (ret error) = advapi32.SetEntriesInAclW +//sys GetAce(acl *ACL, aceIndex uint32, pAce **ACCESS_ALLOWED_ACE) (ret error) = advapi32.GetAce // Control returns the security descriptor control bits. func (sd *SECURITY_DESCRIPTOR) Control() (control SECURITY_DESCRIPTOR_CONTROL, revision uint32, err error) { diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 9f73df75..eba76101 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -91,6 +91,7 @@ var ( procEnumServicesStatusExW = modadvapi32.NewProc("EnumServicesStatusExW") procEqualSid = modadvapi32.NewProc("EqualSid") procFreeSid = modadvapi32.NewProc("FreeSid") + procGetAce = modadvapi32.NewProc("GetAce") procGetLengthSid = modadvapi32.NewProc("GetLengthSid") procGetNamedSecurityInfoW = modadvapi32.NewProc("GetNamedSecurityInfoW") procGetSecurityDescriptorControl = modadvapi32.NewProc("GetSecurityDescriptorControl") @@ -1224,6 +1225,14 @@ func setEntriesInAcl(countExplicitEntries uint32, explicitEntries *EXPLICIT_ACCE return } +func GetAce(acl *ACL, aceIndex uint32, pAce **ACCESS_ALLOWED_ACE) (ret error) { + r0, _, _ := syscall.Syscall(procGetAce.Addr(), 3, uintptr(unsafe.Pointer(acl)), uintptr(aceIndex), uintptr(unsafe.Pointer(pAce))) + if r0 == 0 { + ret = GetLastError() + } + return +} + func SetKernelObjectSecurity(handle Handle, securityInformation SECURITY_INFORMATION, securityDescriptor *SECURITY_DESCRIPTOR) (err error) { r1, _, e1 := syscall.Syscall(procSetKernelObjectSecurity.Addr(), 3, uintptr(handle), uintptr(securityInformation), uintptr(unsafe.Pointer(securityDescriptor))) if r1 == 0 { diff --git a/vendor/modules.txt b/vendor/modules.txt index cf162a4b..06deab3f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -94,7 +94,7 @@ github.com/cloudflare/cfssl/errors github.com/cloudflare/cfssl/helpers github.com/cloudflare/cfssl/helpers/derhelpers github.com/cloudflare/cfssl/log -# github.com/cloudflare/cloudflare-go v0.94.0 +# github.com/cloudflare/cloudflare-go v0.100.0 ## explicit; go 1.19 github.com/cloudflare/cloudflare-go # github.com/cloudflare/go-metrics v0.0.0-20151117154305-6a9aea36fb41 @@ -121,8 +121,8 @@ github.com/go-logr/logr/funcr # github.com/go-logr/stdr v1.2.2 ## explicit; go 1.16 github.com/go-logr/stdr -# github.com/goccy/go-json v0.10.2 -## explicit; go 1.12 +# github.com/goccy/go-json v0.10.3 +## explicit; go 1.19 github.com/goccy/go-json github.com/goccy/go-json/internal/decoder github.com/goccy/go-json/internal/encoder @@ -382,8 +382,8 @@ go.uber.org/atomic # go.uber.org/multierr v1.11.0 ## explicit; go 1.19 go.uber.org/multierr -# golang.org/x/crypto v0.24.0 -## explicit; go 1.18 +# golang.org/x/crypto v0.25.0 +## explicit; go 1.20 golang.org/x/crypto/chacha20 golang.org/x/crypto/chacha20poly1305 golang.org/x/crypto/cryptobyte @@ -410,7 +410,7 @@ golang.org/x/lint/golint # golang.org/x/mod v0.17.0 ## explicit; go 1.18 golang.org/x/mod/semver -# golang.org/x/net v0.26.0 +# golang.org/x/net v0.27.0 ## explicit; go 1.18 golang.org/x/net/bpf golang.org/x/net/http/httpguts @@ -439,7 +439,7 @@ golang.org/x/oauth2/jwt ## explicit; go 1.18 golang.org/x/sync/errgroup golang.org/x/sync/semaphore -# golang.org/x/sys v0.21.0 +# golang.org/x/sys v0.22.0 ## explicit; go 1.18 golang.org/x/sys/cpu golang.org/x/sys/unix