make docs

docs/data-sources/record.md

@@ -38,3 +38,5 @@ data "cloudflare_record" "example" {
 - `proxied` (Boolean) Proxied status of the found DNS record.
 - `ttl` (Number) TTL of the found DNS record.
 - `value` (String) Value of the found DNS record.
+
+

docs/resources/access_mutual_tls_certificate.md

@@ -43,7 +43,7 @@ resource "cloudflare_access_mutual_tls_certificate" "my_cert" {
 ### Optional
 
 - `account_id` (String) The account identifier to target for the resource. Conflicts with `zone_id`.
-- `associated_hostnames` (List of String) The hostnames that will be prompted for this certificate.
+- `associated_hostnames` (Set of String) The hostnames that will be prompted for this certificate.
 - `certificate` (String) The Root CA for your certificates.
 - `zone_id` (String) The zone identifier to target for the resource. Conflicts with `account_id`.
 

docs/resources/teams_account.md

@@ -50,6 +50,7 @@ resource "cloudflare_teams_account" "example" {
     udp        = true
     root_ca    = true
     virtual_ip = false
+    disable_for_time = 3600
   }
 
   url_browser_isolation_enabled = true
@@ -90,7 +91,8 @@ resource "cloudflare_teams_account" "example" {
 - `antivirus` (Block List, Max: 1) Configuration block for antivirus traffic scanning. (see [below for nested schema](#nestedblock--antivirus))
 - `block_page` (Block List, Max: 1) Configuration for a custom block page. (see [below for nested schema](#nestedblock--block_page))
 - `body_scanning` (Block List, Max: 1) Configuration for body scanning. (see [below for nested schema](#nestedblock--body_scanning))
-- `custom_certificate` (Block List, Max: 1) Configuration for custom certificates / BYO-PKI. (see [below for nested schema](#nestedblock--custom_certificate))
+- `certificate` (Block List, Max: 1) Configuration for TLS interception certificate. This will be required starting Feb 2025. (see [below for nested schema](#nestedblock--certificate))
+- `custom_certificate` (Block List, Max: 1, Deprecated) Configuration for custom certificates / BYO-PKI. Conflicts with `certificate`. (see [below for nested schema](#nestedblock--custom_certificate))
 - `extended_email_matching` (Block List, Max: 1) Configuration for extended e-mail matching. (see [below for nested schema](#nestedblock--extended_email_matching))
 - `fips` (Block List, Max: 1) Configure compliance with Federal Information Processing Standards. (see [below for nested schema](#nestedblock--fips))
 - `logging` (Block List, Max: 1) (see [below for nested schema](#nestedblock--logging))
@@ -153,6 +155,14 @@ Required:
 - `inspection_mode` (String) Body scanning inspection mode. Available values: `deep`, `shallow`.
 
 
+<a id="nestedblock--certificate"></a>
+### Nested Schema for `certificate`
+
+Required:
+
+- `id` (String) ID of certificate for TLS interception.
+
+
 <a id="nestedblock--custom_certificate"></a>
 ### Nested Schema for `custom_certificate`
 
@@ -244,6 +254,7 @@ Required:
 
 Required:
 
+- `disable_for_time` (Number) Sets the time limit in seconds that a user can use an override code to bypass WARP.
 - `root_ca` (Boolean) Whether root ca is enabled account wide for ZT clients.
 - `tcp` (Boolean) Whether gateway proxy is enabled on gateway devices for TCP traffic.
 - `udp` (Boolean) Whether gateway proxy is enabled on gateway devices for UDP traffic.

docs/resources/waiting_room.md

@@ -32,6 +32,8 @@ resource "cloudflare_waiting_room" "example" {
   }
 
   queueing_status_code  = 200
+
+  enabled_origin_commands = ["revoke"]
 }
 ```
 <!-- schema generated by tfplugindocs -->
@@ -53,6 +55,7 @@ resource "cloudflare_waiting_room" "example" {
 - `default_template_language` (String) The language to use for the default waiting room page. Available values: `de-DE`, `es-ES`, `en-US`, `fr-FR`, `id-ID`, `it-IT`, `ja-JP`, `ko-KR`, `nl-NL`, `pl-PL`, `pt-BR`, `tr-TR`, `zh-CN`, `zh-TW`, `ru-RU`, `fa-IR`. Defaults to `en-US`.
 - `description` (String) A description to add more details about the waiting room.
 - `disable_session_renewal` (Boolean) Disables automatic renewal of session cookies.
+- `enabled_origin_commands` (List of String) The list of enabled origin commands for the waiting room. Available values: `revoke`.
 - `json_response_enabled` (Boolean) If true, requests to the waiting room with the header `Accept: application/json` will receive a JSON response object.
 - `path` (String) The path within the host to enable the waiting room on. Defaults to `/`.
 - `queue_all` (Boolean) If queue_all is true, then all traffic will be sent to the waiting room.

docs/resources/zero_trust_access_mtls_certificate.md

@@ -43,7 +43,7 @@ resource "cloudflare_zero_trust_access_mtls_certificate" "my_cert" {
 ### Optional
 
 - `account_id` (String) The account identifier to target for the resource. Conflicts with `zone_id`.
-- `associated_hostnames` (List of String) The hostnames that will be prompted for this certificate.
+- `associated_hostnames` (Set of String) The hostnames that will be prompted for this certificate.
 - `certificate` (String) The Root CA for your certificates.
 - `zone_id` (String) The zone identifier to target for the resource. Conflicts with `account_id`.
 

docs/resources/zero_trust_gateway_certificate.md

@@ -0,0 +1,39 @@
+---
+page_title: "cloudflare_zero_trust_gateway_certificate Resource - Cloudflare"
+subcategory: ""
+description: |-
+  Provides a Cloudflare Teams Gateway Certificate resource. A Teams Certificate can
+  be specified for Gateway TLS interception and block pages.
+---
+
+# cloudflare_zero_trust_gateway_certificate (Resource)
+
+Provides a Cloudflare Teams Gateway Certificate resource. A Teams Certificate can
+be specified for Gateway TLS interception and block pages.
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `account_id` (String) The account identifier to target for the resource.
+
+### Optional
+
+- `activate` (Boolean) Whether or not to activate a certificate. A certificate must be activated to use in Gateway certificate settings. Defaults to `false`.
+- `custom` (Boolean) The type of certificate (custom or Gateway-managed). Must provide only one of `custom`, `gateway_managed`.
+- `gateway_managed` (Boolean) The type of certificate (custom or Gateway-managed). Must provide only one of `custom`, `gateway_managed`.
+- `id` (String) Certificate UUID. Computed for Gateway-managed certificates. Required when using `custom`. Conflicts with `gateway_managed`.
+- `validity_period_days` (Number) Number of days the generated certificate will be valid, minimum 1 day and maximum 30 years. Defaults to 5 years. Defaults to `1826`. Required when using `gateway_managed`. Conflicts with `custom`. **Modifying this attribute will force creation of a new resource.**
+
+### Read-Only
+
+- `binding_status` (String) The deployment status of the certificate on the edge Available values: `IP`, `SERIAL`, `URL`, `DOMAIN`, `EMAIL`.
+- `created_at` (String)
+- `expires_on` (String)
+- `in_use` (Boolean) Whether the certificate is in use by Gateway for TLS interception and the block page.
+- `qs_pack_id` (String)
+- `uploaded_on` (String)
+
+

docs/resources/zero_trust_gateway_settings.md

@@ -90,7 +90,8 @@ resource "cloudflare_zero_trust_gateway_settings" "example" {
 - `antivirus` (Block List, Max: 1) Configuration block for antivirus traffic scanning. (see [below for nested schema](#nestedblock--antivirus))
 - `block_page` (Block List, Max: 1) Configuration for a custom block page. (see [below for nested schema](#nestedblock--block_page))
 - `body_scanning` (Block List, Max: 1) Configuration for body scanning. (see [below for nested schema](#nestedblock--body_scanning))
-- `custom_certificate` (Block List, Max: 1) Configuration for custom certificates / BYO-PKI. (see [below for nested schema](#nestedblock--custom_certificate))
+- `certificate` (Block List, Max: 1) Configuration for TLS interception certificate. This will be required starting Feb 2025. (see [below for nested schema](#nestedblock--certificate))
+- `custom_certificate` (Block List, Max: 1, Deprecated) Configuration for custom certificates / BYO-PKI. Conflicts with `certificate`. (see [below for nested schema](#nestedblock--custom_certificate))
 - `extended_email_matching` (Block List, Max: 1) Configuration for extended e-mail matching. (see [below for nested schema](#nestedblock--extended_email_matching))
 - `fips` (Block List, Max: 1) Configure compliance with Federal Information Processing Standards. (see [below for nested schema](#nestedblock--fips))
 - `logging` (Block List, Max: 1) (see [below for nested schema](#nestedblock--logging))
@@ -153,6 +154,14 @@ Required:
 - `inspection_mode` (String) Body scanning inspection mode. Available values: `deep`, `shallow`.
 
 
+<a id="nestedblock--certificate"></a>
+### Nested Schema for `certificate`
+
+Required:
+
+- `id` (String) ID of certificate for TLS interception.
+
+
 <a id="nestedblock--custom_certificate"></a>
 ### Nested Schema for `custom_certificate`
 
@@ -244,6 +253,7 @@ Required:
 
 Required:
 
+- `disable_for_time` (Number) Sets the time limit in seconds that a user can use an override code to bypass WARP.
 - `root_ca` (Boolean) Whether root ca is enabled account wide for ZT clients.
 - `tcp` (Boolean) Whether gateway proxy is enabled on gateway devices for TCP traffic.
 - `udp` (Boolean) Whether gateway proxy is enabled on gateway devices for UDP traffic.

docs/resources/zone_settings_override.md

@@ -223,7 +223,7 @@ Read-Only:
 - `privacy_pass` (String)
 - `proxy_read_timeout` (String)
 - `pseudo_ipv4` (String)
-- `replace_insecure_js` (String) 
+- `replace_insecure_js` (String)
 - `response_buffering` (String)
 - `rocket_loader` (String)
 - `security_header` (List of Object) (see [below for nested schema](#nestedobjatt--initial_settings--security_header))